hxxps://drive[.]google[.]com/file/d/1zRIY-jdnWDMRyGoy9demAAo1DJPHyPOQ/view

Analysis

max time kernel
1048s
max time network
964s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
12-08-2024 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1zRIY-jdnWDMRyGoy9demAAo1DJPHyPOQ/view

Score

9^/10

discovery evasion persistence privilege_escalation ransomware

Malware Config

Signatures

Renames multiple (53) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3384	netsh.exe
2192	netsh.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 49 IoCs

pid	Process
2652	BlueStacksInstaller.exe
3628	7zr.exe
4868	HD-ForceGPU.exe
3576	HD-GLCheck.exe
4944	HD-GLCheck.exe
2988	HD-GLCheck.exe
1780	HD-CheckCpu.exe
4520	HD-GLCheck.exe
4136	HD-GLCheck.exe
4172	HD-GLCheck.exe
3376	HD-GLCheck.exe
2248	7zr.exe
2096	HD-GLCheck.exe
2524	HD-GLCheck.exe
828	HD-GLCheck.exe
3628	7zr.exe
2152	7zr.exe
2164	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
1460	HD-Player.exe
384	BstkSVC.exe
4524	HD-Agent.exe
2796	HD-LogCollector.exe
316	HD-Quit.exe
3724	Bluestacks.exe
5036	HD-Player.exe
1732	HD-Agent.exe
1316	HD-LogCollector.exe
1280	Bluestacks.exe
3364	HD-Player.exe
4948	HD-Adb.exe
5088	HD-LogCollector.exe
4584	HD-Adb.exe
3516	HD-Adb.exe
3696	HD-Adb.exe
2904	HD-Adb.exe
4912	HD-Adb.exe
1072	HD-Adb.exe
1044	HD-Adb.exe
4916	HD-Adb.exe
4280	HD-Adb.exe
520	HD-Adb.exe
600	HD-Quit.exe
2684	7zr.exe
2728	Bluestacks.exe
1464	HD-Player.exe
3364	HD-Agent.exe
4408	HD-LogCollector.exe
4436	Bluestacks.exe

Loads dropped DLL 64 IoCs

pid	Process
3576	HD-GLCheck.exe
4944	HD-GLCheck.exe
4944	HD-GLCheck.exe
4944	HD-GLCheck.exe
4944	HD-GLCheck.exe
4944	HD-GLCheck.exe
2988	HD-GLCheck.exe
2988	HD-GLCheck.exe
2988	HD-GLCheck.exe
2988	HD-GLCheck.exe
2652	BlueStacksInstaller.exe
4520	HD-GLCheck.exe
4136	HD-GLCheck.exe
4136	HD-GLCheck.exe
4136	HD-GLCheck.exe
4136	HD-GLCheck.exe
4172	HD-GLCheck.exe
4172	HD-GLCheck.exe
4172	HD-GLCheck.exe
4172	HD-GLCheck.exe
4172	HD-GLCheck.exe
3376	HD-GLCheck.exe
3376	HD-GLCheck.exe
3376	HD-GLCheck.exe
3376	HD-GLCheck.exe
3376	HD-GLCheck.exe
3376	HD-GLCheck.exe
3376	HD-GLCheck.exe
2096	HD-GLCheck.exe
2096	HD-GLCheck.exe
2096	HD-GLCheck.exe
2096	HD-GLCheck.exe
2524	HD-GLCheck.exe
2524	HD-GLCheck.exe
2524	HD-GLCheck.exe
2524	HD-GLCheck.exe
828	HD-GLCheck.exe
2164	HD-ComRegistrar.exe
2164	HD-ComRegistrar.exe
2164	HD-ComRegistrar.exe
2164	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
384	BstkSVC.exe
384	BstkSVC.exe
384	BstkSVC.exe
384	BstkSVC.exe
384	BstkSVC.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
3	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BlueStacks_msi2\BstkDD2.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\D3DCompiler_43.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-ServiceInstaller.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\libGLES_V2_translator.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\VMMRC.rc	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\Assets\installer_bg_blurred.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\BstkDD.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\BlueStacksUninstaller.exe	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\BstkC.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\BstkSVC.exe	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-Player.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\tag.txt	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\7zr.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\7zr.exe	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\BlueStacks.ico	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\HD-Opengl-Native.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-Plus-Service-Native.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\HD-Plus-Service-Native.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\HD-VmManager.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\libGLES_CM_translator.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\MsiKBVibration64.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\SystemInfo.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\EULA.rtf	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\SystemInfo.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\BstkSharedFolders.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\libOpenglRender.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\ProductLogo.ico	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\Vanara.PInvoke.DwmApi.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\Xilium.CefGlue.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\Bluestacks.exe.CodeAnalysisLog.xml	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\libEGL.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\WhiteFullScreen.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\debug.log	Bluestacks.exe
File created	C:\Program Files\BlueStacks_msi2\HD-Gps-Native.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\Driver_Engine_x64.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\BstkVMM.lib	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\BstkDDRC.rc	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-MultiInstanceManager.exe.lastcodeanalysissucceeded	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\HD-QuitMultiInstall.exe.config	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\libeay32.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\HD-Imap-Native.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-MultiInstanceManager.exe.CodeAnalysisLog.xml	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-Sensor-Native.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\SlimDX.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\tag.txt	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\Assets\close_red.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\Assets\installer_flash_background.jpg	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\HD-GuestCommandRunner.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\D3DCompiler_43.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\NOTICE.html	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\Vanara.Core.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\BstkVMMgr.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\HD-Common.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-ComRegistrar.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-GuestCommandRunner.exe	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-LogCollector.exe	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\Newtonsoft.Json.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\HD-Agent.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-ApkHandler.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\HD-Gps-Native.dll	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\HD-MultiInstanceManager.exe.config	7zr.exe
File created	C:\Program Files\BlueStacks_msi2\msvcp100.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\msvcp100.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_msi2\XButton.png	7zr.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 64 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-Adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-Adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-Adb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-Adb.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
5008	netstat.exe
2976	ipconfig.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
5028	SystemInfo.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679493800438246"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AE49E46-B0CE-4485-BA1E-38EBDA4E00D2}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC7FDC52-3CD8-4545-B7F4-32090895EAC0}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50A81FD1-8358-46B0-92C8-70972BE6F12B}\ = "IStorageDeviceChangedEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71577F67-32E1-4C4B-B53C-EFBD085AC270}\NumMethods\ = "13"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5E86B4B5-4A97-4DBA-A823-90ABD9E2BB5A}\ProxyStubClsid32	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ae43ff81-6da8-4b64-9faf-671a8e863b36}\InprocServer32\ = "C:\\Program Files\\BlueStacks_msi2\\BstkC.dll"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacks.Xapk\Shell\open	BlueStacksInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacks.Apk\Shell\open\command\ = "C:\\Program Files\\BlueStacks_msi2\\HD-ApkHandler.exe \"%1\""	BlueStacksInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D612589-243F-46B4-B521-94CC40875958}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{78C03FF4-49C8-4F60-A9E2-D8D8B167B60B}\ = "IClipboardModeChangedEvent"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC7FDC52-3CD8-4545-B7F4-32090895EAC0}\ = "IGuestFileIOEvent"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B548BD34-3B62-4DA8-BB4E-D300D2FEF885}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{486D3677-9618-4A75-B3C0-66BA495269E1}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1CF03AD4-D1CB-48EA-8E71-287F187FD696}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ae43ff81-6da8-4b64-9faf-671a8e863b36}\TypeLib\ = "{fb3a7f96-3973-4431-ba6d-e9b76291b424}"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{50A81FD1-8358-46B0-92C8-70972BE6F12B}\NumMethods\ = "15"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D5EBF2D-B5BF-48EA-B1C2-C0E6D973BB32}\ = "IDnDBase"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FBDF095E-4681-41E2-A97F-25551BCDCFB1}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4E73140-7F65-44A5-B182-94E0D221F7FE}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4205CC3E-1196-4464-8EE0-733234308E8F}\ = "IGuestProcessRegisteredEvent"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D956034E-E642-4060-8B19-B6A7F85B4514}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{231F4269-8D96-4A8C-A47E-F02C85C690DE}\ProxyStubClsid32\ = "{44DAA1C7-DA5A-49D7-B1BD-19BDF1D8955C}"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45B3919B-7254-4DC2-8F44-34C873619EEF}\ProxyStubClsid32\ = "{44DAA1C7-DA5A-49D7-B1BD-19BDF1D8955C}"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A127F1EA-7732-401E-A07C-1F59009E8093}\NumMethods	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{577FCC44-00EC-4ED2-A61D-D65848AA0486}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{86FCBF84-32F3-4ED3-A277-3C1D74534F60}\ = "IDirectory"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A29B51D-934A-4548-A44F-195F85317532}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76129AAF-AF15-43E0-820E-EC70E3E8FB3A}\ProxyStubClsid32\ = "{44DAA1C7-DA5A-49D7-B1BD-19BDF1D8955C}"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{42D28FC4-556E-4D89-B995-33244DA3C958}\ProxyStubClsid32	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC9E618E-681B-461B-92B6-2E6D421CAB99}\ = "ISharedFolder"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E485255F-46E2-49B2-9769-4110FAC357E1}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7CCAE71-CE75-4FED-A9BA-387B5EC11400}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{50A81FD1-8358-46B0-92C8-70972BE6F12B}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A8DA19F8-7563-4C79-9800-D0895ACDCB3D}\ProxyStubClsid32\ = "{44DAA1C7-DA5A-49D7-B1BD-19BDF1D8955C}"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FBA0C6D9-5D91-47D1-AE3D-5DE210BAC704}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{486D3677-9618-4A75-B3C0-66BA495269E1}\ = "IStateChangedEvent"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21D23969-0750-4367-9B20-1E5DA2FD9AAD}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{11744AAC-966B-467F-B10A-CE922FD1910B}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A80FBE1-B887-455B-ABED-ECC89D50258C}\NumMethods\ = "12"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksGP_msi2\DefaultIcon\ = "C:\\ProgramData\\BlueStacks_msi2\\Client\\ProductLogo.ico"	BlueStacksInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacks.Xapk\Shell\ = "open"	BlueStacksInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{45B3919B-7254-4DC2-8F44-34C873619EEF}\ = "IGuestOSType"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{197703B8-115A-487E-9EB0-872645CDF5A6}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{985BF91E-525F-4668-BA8A-99E2295878F0}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7C341B-21D3-49ED-B508-759641C79357}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1D9EBB3B-53DD-4FFF-AE65-29C9093ACC31}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{577FCC44-00EC-4ED2-A61D-D65848AA0486}\NumMethods\ = "8"	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC7FDC52-3CD8-4545-B7F4-32090895EAC0}\ProxyStubClsid32\ = "{44DAA1C7-DA5A-49D7-B1BD-19BDF1D8955C}"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{457A383D-82E7-437A-9613-8E9E88E67D0C}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21D23969-0750-4367-9B20-1E5DA2FD9AAD}\ = "ICanShowWindowEvent"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D612589-243F-46B4-B521-94CC40875958}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1CF03AD4-D1CB-48EA-8E71-287F187FD696}\NumMethods\ = "13"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{84A20EE8-CA23-4276-BEB5-D3D95221724C}\NumMethods	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\CLSID	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{538EE6E1-AD38-460C-9F32-CC3ACAC64D94}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BB4B450-1912-4EC2-8929-A2411BC80BBD}\ = "INATNetworkAlterEvent"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49C8D216-62B0-4887-8AEF-5DA0D0987730}\ProxyStubClsid32	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4BEED638-A117-493C-BBAC-E12DE6484AFB}\NumMethods	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A9CCAE6-5842-4300-BC70-6F39E669852D}\NumMethods	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8A25B3EF-147A-450A-ADB2-4BE26A406875}\ProxyStubClsid32\ = "{44DAA1C7-DA5A-49D7-B1BD-19BDF1D8955C}"	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC9E618E-681B-461B-92B6-2E6D421CAB99}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E5972E2-F122-448E-AB09-2928E2BB55F0}	HD-ComRegistrar.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7C341B-21D3-49ED-B508-759641C79357}	HD-ComRegistrar.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{486D3677-9618-4A75-B3C0-66BA495269E1}\NumMethods\ = "13"	HD-ComRegistrar.exe

Runs net.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
4524	HD-Agent.exe
1732	HD-Agent.exe
3364	HD-Agent.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
3572	chrome.exe
3572	chrome.exe
2652	BlueStacksInstaller.exe
2164	HD-ComRegistrar.exe
2164	HD-ComRegistrar.exe
2164	HD-ComRegistrar.exe
2164	HD-ComRegistrar.exe
2164	HD-ComRegistrar.exe
2164	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
4816	HD-ComRegistrar.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
4524	HD-Agent.exe
2796	HD-LogCollector.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
316	HD-Quit.exe
3724	Bluestacks.exe
3724	Bluestacks.exe
3724	Bluestacks.exe
3724	Bluestacks.exe
3724	Bluestacks.exe
3724	Bluestacks.exe
3724	Bluestacks.exe
3724	Bluestacks.exe
5036	HD-Player.exe
5036	HD-Player.exe
5036	HD-Player.exe
5036	HD-Player.exe
5036	HD-Player.exe
5036	HD-Player.exe
1732	HD-Agent.exe
1316	HD-LogCollector.exe
1280	Bluestacks.exe
1280	Bluestacks.exe
1280	Bluestacks.exe
1280	Bluestacks.exe
1280	Bluestacks.exe

Suspicious behavior: LoadsDriver 16 IoCs

pid	Process
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found
640	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4524	HD-Agent.exe
4524	HD-Agent.exe
4524	HD-Agent.exe
1732	HD-Agent.exe
1732	HD-Agent.exe
1732	HD-Agent.exe
3364	HD-Agent.exe
3364	HD-Agent.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
3628	7zr.exe
3576	HD-GLCheck.exe
4944	HD-GLCheck.exe
2988	HD-GLCheck.exe
2988	HD-GLCheck.exe
4520	HD-GLCheck.exe
4136	HD-GLCheck.exe
4136	HD-GLCheck.exe
4172	HD-GLCheck.exe
3376	HD-GLCheck.exe
2248	7zr.exe
2096	HD-GLCheck.exe
2524	HD-GLCheck.exe
2524	HD-GLCheck.exe
828	HD-GLCheck.exe
3628	7zr.exe
2152	7zr.exe
1460	HD-Player.exe
1460	HD-Player.exe
1460	HD-Player.exe
5036	HD-Player.exe
5036	HD-Player.exe
5036	HD-Player.exe
3724	Bluestacks.exe
1464	HD-Player.exe
1464	HD-Player.exe
1464	HD-Player.exe
2728	Bluestacks.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 4272	4484	chrome.exe	70
PID 4484 wrote to memory of 4272	4484	chrome.exe	70
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 212	4484	chrome.exe	72
PID 4484 wrote to memory of 4924	4484	chrome.exe	73
PID 4484 wrote to memory of 4924	4484	chrome.exe	73
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74
PID 4484 wrote to memory of 1128	4484	chrome.exe	74

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1zRIY-jdnWDMRyGoy9demAAo1DJPHyPOQ/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff534c9758,0x7fff534c9768,0x7fff534c9778
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:2
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3600 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3032 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:1
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4552 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4484 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=1804,i,18364761095590566532,13250831110770705170,131072 /prefetch:8
  2⤵
  PID:4580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4512

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap29462:88:7zEvent24985
1⤵
PID:2460

C:\Users\Admin\Downloads\ADYO x SIRIUS\BlueStacksInstaller.exe
"C:\Users\Admin\Downloads\ADYO x SIRIUS\BlueStacksInstaller.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2652
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c dir "C:\Users\Admin\Downloads\ADYO x SIRIUS\" /s
  2⤵
  PID:1716
- C:\Users\Admin\Downloads\ADYO x SIRIUS\7zr.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\7zr.exe" x "C:\Users\Admin\Downloads\ADYO x SIRIUS\CommonInstallUtils.zip" -o"C:\Users\Admin\Downloads\ADYO x SIRIUS\" -aoa
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3628
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-ForceGPU.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-ForceGPU.exe" 1
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe" 1 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3576
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe" 1 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4944
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe" 4 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2988
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-CheckCpu.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-CheckCpu.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1780
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe" 1 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4520
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe" 4 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4136
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe" 1 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4172
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe" 4 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3376
- C:\Users\Admin\Downloads\ADYO x SIRIUS\7zr.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\7zr.exe" x "C:\Users\Admin\Downloads\ADYO x SIRIUS\PF.zip" -o"C:\Program Files\BlueStacks_msi2" -aoa
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2248
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\\HD-GLCheck.exe" 2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2096
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\\HD-GLCheck.exe" 3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2524
- C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\\HD-GLCheck.exe" 1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:828
- C:\Users\Admin\Downloads\ADYO x SIRIUS\7zr.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\7zr.exe" x "C:\Users\Admin\Downloads\ADYO x SIRIUS\PD.zip" -o"C:\ProgramData\BlueStacks_msi2" -aoa
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3628
- C:\Users\Admin\Downloads\ADYO x SIRIUS\7zr.exe
  "C:\Users\Admin\Downloads\ADYO x SIRIUS\7zr.exe" x "C:\Users\Admin\Downloads\ADYO x SIRIUS\CefData.zip" -o"C:\ProgramData\BlueStacks_msi2\CefData" -aoa
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2152
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:3384
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_msi2\HD-Player.exe" enable=yes
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2192
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2861/ User=\"Everyone"
  2⤵
  PID:4568
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2862/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4084
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2863/ User=\"Everyone"
  2⤵
  PID:2928
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2864/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:672
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2865/ User=\"Everyone"
  2⤵
  PID:4332
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2866/ User=\"Everyone"
  2⤵
  PID:4100
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2867/ User=\"Everyone"
  2⤵
  PID:2736
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2868/ User=\"Everyone"
  2⤵
  PID:3672
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2869/ User=\"Everyone"
  2⤵
  PID:2100
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2870/ User=\"Everyone"
  2⤵
  PID:2844
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2871/ User=\"Everyone"
  2⤵
  PID:4116
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2872/ User=\"Everyone"
  2⤵
  PID:5088
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2873/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4844
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2874/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2492
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2875/ User=\"Everyone"
  2⤵
  PID:3372
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2876/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2788
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2877/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4564
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2878/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2344
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2879/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3540
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2880/ User=\"Everyone"
  2⤵
  PID:1644
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2881/ User=\"Everyone"
  2⤵
  PID:4552
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2882/ User=\"Everyone"
  2⤵
  PID:2984
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2883/ User=\"Everyone"
  2⤵
  PID:1456
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2884/ User=\"Everyone"
  2⤵
  PID:4524
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2885/ User=\"Everyone"
  2⤵
  PID:4448
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2886/ User=\"Everyone"
  2⤵
  PID:1120
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2887/ User=\"Everyone"
  2⤵
  PID:3296
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2888/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2364
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2889/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4424
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2890/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2264
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2891/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:5012
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2892/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1300
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2893/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3776
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2894/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4488
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2895/ User=\"Everyone"
  2⤵
  PID:2820
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2896/ User=\"Everyone"
  2⤵
  PID:2764
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2897/ User=\"Everyone"
  2⤵
  PID:3004
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2898/ User=\"Everyone"
  2⤵
  PID:5052
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2899/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:196
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2900/ User=\"Everyone"
  2⤵
  PID:3492
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2901/ User=\"Everyone"
  2⤵
  PID:2500
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2902/ User=\"Everyone"
  2⤵
  PID:876
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2903/ User=\"Everyone"
  2⤵
  PID:2148
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2904/ User=\"Everyone"
  2⤵
  PID:960
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2905/ User=\"Everyone"
  2⤵
  PID:5080
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2906/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2396
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2907/ User=\"Everyone"
  2⤵
  PID:4856
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2908/ User=\"Everyone"
  2⤵
  PID:1640
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2909/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2736
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2910/ User=\"Everyone"
  2⤵
  PID:3384
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2911/ User=\"Everyone"
  2⤵
  PID:3376
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2912/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1212
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2913/ User=\"Everyone"
  2⤵
  PID:1992
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2914/ User=\"Everyone"
  2⤵
  PID:4976
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2915/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4560
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2916/ User=\"Everyone"
  2⤵
  PID:2216
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2917/ User=\"Everyone"
  2⤵
  PID:3244
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2918/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:420
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2919/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:512
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2920/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4860
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2921/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3744
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2922/ User=\"Everyone"
  2⤵
  PID:1660
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2923/ User=\"Everyone"
  2⤵
  PID:3020
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2924/ User=\"Everyone"
  2⤵
  PID:1444
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2925/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1764
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2926/ User=\"Everyone"
  2⤵
  PID:4800
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2927/ User=\"Everyone"
  2⤵
  PID:2576
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2928/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2592
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2929/ User=\"Everyone"
  2⤵
  PID:2312
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2930/ User=\"Everyone"
  2⤵
  PID:2660
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2931/ User=\"Everyone"
  2⤵
  PID:2924
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2932/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3448
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2933/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:932
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2934/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4376
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2935/ User=\"Everyone"
  2⤵
  PID:360
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2936/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2484
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2937/ User=\"Everyone"
  2⤵
  PID:3792
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2938/ User=\"Everyone"
  2⤵
  PID:2796
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2939/ User=\"Everyone"
  2⤵
  PID:5088
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2940/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3372
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2941/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4172
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2942/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1116
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2943/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3884
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2944/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2676
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2945/ User=\"Everyone"
  2⤵
  PID:4336
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2946/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4780
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2947/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4928
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2948/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:5084
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2949/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1452
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2950/ User=\"Everyone"
  2⤵
  PID:4232
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2951/ User=\"Everyone"
  2⤵
  PID:356
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2952/ User=\"Everyone"
  2⤵
  PID:4756
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2953/ User=\"Everyone"
  2⤵
  PID:2260
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2954/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4668
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2955/ User=\"Everyone"
  2⤵
  PID:3248
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2956/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4936
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2957/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2564
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2958/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2680
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2959/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:2200
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2960/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:5112
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2961/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:4516
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2962/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3476
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2963/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:872
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2964/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3468
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2965/ User=\"Everyone"
  2⤵
  PID:5100
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2966/ User=\"Everyone"
  2⤵
  PID:4520
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2967/ User=\"Everyone"
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:3672
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2968/ User=\"Everyone"
  2⤵
  PID:516
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2969/ User=\"Everyone"
  2⤵
  PID:2788
- C:\Windows\SYSTEM32\netsh.exe
  "netsh.exe" http add urlacl url=http://*:2970/ User=\"Everyone"
  2⤵
  PID:1820
- C:\Program Files\BlueStacks_msi2\HD-ComRegistrar.exe
  "C:\Program Files\BlueStacks_msi2\HD-ComRegistrar.exe" -unreg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- C:\Program Files\BlueStacks_msi2\HD-ComRegistrar.exe
  "C:\Program Files\BlueStacks_msi2\HD-ComRegistrar.exe" -reg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files\BlueStacks_msi2\HD-Quit.exe
  "C:\Program Files\BlueStacks_msi2\HD-Quit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:316

C:\Program Files\BlueStacks_msi2\HD-Player.exe
"C:\Program Files\BlueStacks_msi2\HD-Player.exe" Android -h -sysPrep
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1460
- C:\Program Files\BlueStacks_msi2\HD-Agent.exe
  "C:\Program Files\BlueStacks_msi2\HD-Agent.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  PID:4524
- C:\Program Files\BlueStacks_msi2\HD-LogCollector.exe
  "C:\Program Files\BlueStacks_msi2\HD-LogCollector.exe" -boot
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2796

C:\Program Files\BlueStacks_msi2\BstkSVC.exe
"C:\Program Files\BlueStacks_msi2\BstkSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:384

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
PID:3628

C:\Program Files\BlueStacks_msi2\Bluestacks.exe
"C:\Program Files\BlueStacks_msi2\Bluestacks.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3724
- C:\Program Files\BlueStacks_msi2\HD-Player.exe
  "C:\Program Files\BlueStacks_msi2\HD-Player.exe" Android -h
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5036
- - C:\Program Files\BlueStacks_msi2\HD-Agent.exe
    "C:\Program Files\BlueStacks_msi2\HD-Agent.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    PID:1732
- - C:\Program Files\BlueStacks_msi2\HD-LogCollector.exe
    "C:\Program Files\BlueStacks_msi2\HD-LogCollector.exe" -boot
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1316
  - - C:\Windows\SYSTEM32\SystemInfo.exe
      "SystemInfo"
      4⤵
      Gathers system information
      PID:5028
  - - C:\Windows\SYSTEM32\reg.exe
      "reg.exe" EXPORT HKLM\System\CurrentControlSet\services\BlueStacksDrv_msi2 "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_egw345qu.lw2\RegBstkDrv.txt"
      4⤵
      PID:968
  - - C:\Windows\SYSTEM32\nslookup.exe
      "nslookup" www.google.com
      4⤵
      PID:4452
  - - C:\Windows\SYSTEM32\netstat.exe
      "netstat" -aon
      4⤵
      Gathers network information
      PID:5008
  - - C:\Windows\SYSTEM32\net.exe
      "net" statistics workstation
      4⤵
      PID:3460
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 statistics workstation
        5⤵
        
        PID:2664
  - - C:\Windows\SYSTEM32\ipconfig.exe
      "ipconfig" /all
      4⤵
      Gathers network information
      PID:2976
  - - C:\Program Files\BlueStacks_msi2\HD-Player.exe
      "C:\Program Files\BlueStacks_msi2\HD-Player.exe" Android -h
      4⤵
      Executes dropped EXE
      PID:3364
    - - C:\Program Files\BlueStacks_msi2\HD-LogCollector.exe
        
        "C:\Program Files\BlueStacks_msi2\HD-LogCollector.exe" -boot
        5⤵
        Executes dropped EXE
        
        PID:5088
  - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
      "C:\Program Files\BlueStacks_msi2\HD-Adb.exe" "connect" "127.0.0.1:5555"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4948
    - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
        
        adb -P 5037 fork-server server --reply-fd 596
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4584
  - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
      "C:\Program Files\BlueStacks_msi2\HD-Adb.exe" "-s" "127.0.0.1:5555" "shell" "bugreport"
      4⤵
      Executes dropped EXE
      PID:3516
  - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
      "C:\Program Files\BlueStacks_msi2\HD-Adb.exe" kill-server
      4⤵
      Executes dropped EXE
      PID:3696
  - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
      "C:\Program Files\BlueStacks_msi2\HD-Adb.exe" start-server
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2904
    - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
        
        adb -P 5037 fork-server server --reply-fd 576
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4912
  - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
      "C:\Program Files\BlueStacks_msi2\HD-Adb.exe" "connect" "127.0.0.1:5555"
      4⤵
      Executes dropped EXE
      PID:1072
  - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
      "C:\Program Files\BlueStacks_msi2\HD-Adb.exe" "-s" "127.0.0.1:5555" "shell" "dumpstate"
      4⤵
      Executes dropped EXE
      PID:1044
  - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
      "C:\Program Files\BlueStacks_msi2\HD-Adb.exe" "-s" "127.0.0.1:5555" "pull" "/data/downloads/.config_user.db" "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_egw345qu.lw2\.config_user.db"
      4⤵
      Executes dropped EXE
      PID:4916
  - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
      "C:\Program Files\BlueStacks_msi2\HD-Adb.exe" "-s" "127.0.0.1:5555" "pull" "/data/downloads/.config.db" "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_egw345qu.lw2\.config.db"
      4⤵
      Executes dropped EXE
      PID:4280
  - - C:\Program Files\BlueStacks_msi2\HD-Adb.exe
      "C:\Program Files\BlueStacks_msi2\HD-Adb.exe" "-s" "127.0.0.1:5555" "pull" "/data/downloads/config.db" "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_egw345qu.lw2\config.db"
      4⤵
      Executes dropped EXE
      PID:520
  - - C:\Windows\SYSTEM32\reg.exe
      "reg.exe" EXPORT HKLM\Software\BlueStacks_msi2 "C:\Users\Admin\AppData\Local\Temp\Bst_Logs_egw345qu.lw2\RegHKLM.txt"
      4⤵
      PID:5100
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c dir "C:\Program Files\BlueStacks_msi2\" /s
      4⤵
      PID:2952
  - - C:\Windows\SYSTEM32\cmd.exe
      "cmd" /c dir "C:\ProgramData\BlueStacks_msi2\Engine\" /s
      4⤵
      PID:2036
  - - C:\Program Files\BlueStacks_msi2\7zr.exe
      "C:\Program Files\BlueStacks_msi2\7zr.exe" a archive.zip -m0=LZMA:a=2 *
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2684
- C:\Program Files\BlueStacks_msi2\Bluestacks.exe
  "C:\Program Files\BlueStacks_msi2\Bluestacks.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --disable-smooth-scrolling --no-sandbox --service-pipe-token=371AFB9621998286B3FC59030ABE9EF3 --lang=en-US --lang=en-US --log-file="C:\Program Files\BlueStacks_msi2\debug.log" --log-severity=verbose --user-agent="Mozilla/5.0(Windows NT 6.2; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36Bluestacks/4.240.15.5318" --enable-system-flash --ppapi-flash-path="C:\ProgramData\BlueStacks_msi2\CefData\pepflashplayer.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --service-request-channel-token=371AFB9621998286B3FC59030ABE9EF3 --renderer-client-id=2 --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1280
- C:\Program Files\BlueStacks_msi2\HD-Quit.exe
  "C:\Program Files\BlueStacks_msi2\HD-Quit.exe" -isFromClient
  2⤵
  - Executes dropped EXE
  PID:600

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2680

C:\Program Files\BlueStacks_msi2\Bluestacks.exe
"C:\Program Files\BlueStacks_msi2\Bluestacks.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728
- C:\Program Files\BlueStacks_msi2\HD-Player.exe
  "C:\Program Files\BlueStacks_msi2\HD-Player.exe" Android -h
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1464
- - C:\Program Files\BlueStacks_msi2\HD-Agent.exe
    "C:\Program Files\BlueStacks_msi2\HD-Agent.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SendNotifyMessage
    PID:3364
- - C:\Program Files\BlueStacks_msi2\HD-LogCollector.exe
    "C:\Program Files\BlueStacks_msi2\HD-LogCollector.exe" -boot
    3⤵
    - Executes dropped EXE
    PID:4408
- C:\Program Files\BlueStacks_msi2\Bluestacks.exe
  "C:\Program Files\BlueStacks_msi2\Bluestacks.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --disable-smooth-scrolling --no-sandbox --service-pipe-token=F8BCAA9501574AB5A1F76D3279F6D55D --lang=en-US --lang=en-US --log-file="C:\Program Files\BlueStacks_msi2\debug.log" --log-severity=verbose --user-agent="Mozilla/5.0(Windows NT 6.2; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36Bluestacks/4.240.15.5318" --enable-system-flash --ppapi-flash-path="C:\ProgramData\BlueStacks_msi2\CefData\pepflashplayer.dll" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --service-request-channel-token=F8BCAA9501574AB5A1F76D3279F6D55D --renderer-client-id=2 --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\BlueStacks_msi2\HD-CheckCpu.exe

Filesize
133KB

MD5
fe2bd5b8dacbb0e6509ab71640979a12

SHA1
1ca2c7713c0dc75e0fb071d068e7f898a5c90085

SHA256
746aef1025c7cdf9eae0d9e55362d0230a8e877f0d6749ae39c53d730287eb36

SHA512
0cd4300a71af6489fa85ee4701d583cb73f1ffc41a850b4245b0c73a892000a754548c91e84c2cde01808c1913f4bfa0e7b2263da7af297163d11e7409d2a832

Download Submit
C:\Program Files\BlueStacks_msi2\ProductLogo.ico

Filesize
97KB

MD5
ad6775528058d790af48c6c70f9c59d6

SHA1
1c3fe260d513915c33a66263f19f4d18f5aedec6

SHA256
63881bfce868fc6dd0e88609d57ce91f149c54923a0dbda127fe108c781d6c12

SHA512
fc178df724cc223bed08883fe9127635e002c9293d6b9d38ccb7872efd9e0bbba8c209e938015a987864b244f7de6c7b2d18a58ae70d7a05634dba4e392d90cc

Download Submit
C:\ProgramData\BlueStacks_msi2\CefData\Cache\Cache\f_000021

Filesize
17KB

MD5
99f76637cb84535d64e1482ce50c85b7

SHA1
546b13fc2481344507eaa24e817dd4f909b67c42

SHA256
20f090eebaa96b6fb75d52c8ea4dd396769205b65c7bf6565478e0ca8fc17eca

SHA512
21c9668e50e361b72c1bc14a8baf48b577ebad59e2bf4c952dd66d772db85977914192391ca03a81ac769be8057c043e4496c4731b80cd8f037d64e802bc5ed0

Download Submit
C:\ProgramData\BlueStacks_msi2\CefData\Cache\Cache\f_000025

Filesize
24KB

MD5
d3a00975f3a753b89114042d8ef080cf

SHA1
8b4ff7b00e7103c07a035ec19ee6e2c93d6c76f3

SHA256
71060a7c537d33c8bcba29320f47adfb25279ba0b642547b496c5dd4fdd71ee7

SHA512
93a3ad00a845280c93a9a9cd3c3eca0688b94096391e16e2c2424aaf695c536c46be54fe581bcb974990f0ab3dbbf00e5b05aaaad570e3cba0c31e5510700967

Download Submit
C:\ProgramData\BlueStacks_msi2\CefData\Cache\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\BlueStacks_msi2\CefData\Cache\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\BlueStacks_msi2\CefData\Cache\Service Worker\ScriptCache\index

Filesize
24B

MD5
4f67aba5cb5b04976834ad6da18d2017

SHA1
18dac358fc07e43fd0288ec307eb028aabf1e4c3

SHA256
4476d281b3d119577eb8f19fd90e042e5a456cba30d0bb16d05654acc91aec5b

SHA512
0eb5e23220d5fe3816decb12ace686a1d87d850b3d403d0c89c8fb409f280e4c622b66ea5d2799ab11c792d050c583398e4a1045d28e9ab7196729e1817572e4

Download Submit
C:\ProgramData\BlueStacks_msi2\CefData\locales\bg.pak.info

Filesize
378KB

MD5
86abbe39a0ffe4e221c459d98a409765

SHA1
7ffa8bea41bb8c7b8f958681ec097556320d5482

SHA256
81aca701fd815152b02b60d814f5df72db4a70f43475b8bc97aa1af5851f4652

SHA512
66b6a6f8e7f7d857a353244d372b684886830e902cf81678dfd2b8977f1007af0596e94d27e27c930309cf12b14cf1f1af0f292e7da305c58a44f9dde0e5aab0

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\MIMClose_hover.png

Filesize
331B

MD5
302018108be18a88b26dc7e81db65bfa

SHA1
6ec1681c8c791fce888672ad5d89ca46aeac5b17

SHA256
96a937b8fb796a833c3634f71afdc0f8e25022896bce13f678dae7a2d0b3b20e

SHA512
871696a0258c64c9cd811884cb3a0da02ccf9dec2ddf5eb98471d56b28e9ac9a88da04cff378962657dd1c2941740558afabe13e1ab79065d2785846297ee792

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\State_canvas_active.png

Filesize
4KB

MD5
f2737f2d7642219398a511e00f2823a8

SHA1
890feadb31915381fe8c959011a4fad8842e0bbf

SHA256
d9e4c1b2d4d0fda42ca2eca37351a84ad5dc4e22e405644c5e8865b96db43ad0

SHA512
6710261ad2b704de2fe9fcd0a2a569639b180dbd90a7838c40d5d9f1b94adf114f98ccadcc80841a16dcd3b3412bef7e353111c5a1ca20df38c8a03ed87c52ef

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\bgpcheckbox_hover.png

Filesize
180B

MD5
da9896a257d829d1700ea85ac668fb76

SHA1
0b58fafbd9071f6134570ed4b873482be7b35dc8

SHA256
4909702aa591024e6031d69b4579b3c07bcdaf8581a9aac80e7c94b8f1f8740e

SHA512
b3388ef123aa89871524ac33546e9aa271ebb6cae14e0129ad37801a473c84750acbe0469ec5c774ec9eb2b332bb4f139901404a88492918dcbd0c0ff21b7294

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\check_box_checked.png

Filesize
489B

MD5
2756bb78e807512b0fade5f2f5f7bb93

SHA1
1ff7ed6d72bddf5dc51fc62853ecb7577f3bb811

SHA256
a2d415f647a726c77e03e71b1fc4d6fb7967940a7439033c5f692910c117bd99

SHA512
ce3d1696ea1cf77277b711fe8f5f663b997457e5a04b25621a91bec87bf9fc03b7ba19cc51f74546628fdd4165f6292e88af5e449de16d41a9c1597bfd1f7883

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\close_hover.png

Filesize
342B

MD5
84c766fb8bad3e583ab4ebc397089de6

SHA1
2a4c4377a648fb8f371f15627f6894ca34f5f668

SHA256
a7f6064ebd4c8bcd3771881df5f443e17bf0cd8a0b08a9ca8e5d64f4be2831c0

SHA512
1d1d042760cb435ae17f6614ec876dbc946a36c553f8072501283f634ae12ee582b4cefacbe51b26e9f41fb4a37d8e942e381b8a073537fae47782e256525419

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\collapse_hover.png

Filesize
362B

MD5
68c072e8aabe82847a71e16e67f385c7

SHA1
807cbda180a12fe8bca35121f0de5caa0f3478c5

SHA256
b03e51a5c7efd136df2abb5d3951cbd6b23d94fffc49c6b874d26d92b33bda3f

SHA512
c28b324636524b2759b60224cd47f8048cc0d34b5b0419154e13c328121209d2ff249b2f5f9a5c3a8259a90f814758a2e6923ad3a5382af91b2c993b2f46e71d

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\delete_icon.png

Filesize
275B

MD5
0d0ab833c29ce3149387dcc6414662dc

SHA1
a7a5b497f001d319cdd33f1a911fd2ce9d377179

SHA256
3316e65b24ece0d5dd3fd6a4e30dd0401a9f869578b5eccc9887f13ff36ef46f

SHA512
3d683a8142ab87601d065725622887afd847d971dd48cc3777b1a0eebfb322b403c651ab2acfa638a4ddc92a79369fedba3e43095cfd8056d98cf0014d5bfd8d

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\download_hover.png

Filesize
306B

MD5
53c413698f18bdc65f6af11491a1fb8f

SHA1
8414a8c9b5ba49fad94e90fc1e152886ddf443a6

SHA256
ad76cbcf798106bf6fbb16a680d0bf5b179ae43baf178fd175d4cd4388ca0507

SHA512
2cb1a6719a86314cb40704d339f9b9345450b6328a0fda37a37a2b366e6e5236b0b3e43f66fdae96d71860583261385363ea9b047f433b5bea9903d607a3d223

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\duplicate_hover.png

Filesize
210B

MD5
e4bf203404d56f41c4c9a2cbdc9dd572

SHA1
a994fd011383accc2d4b1b807fd4edbc40749ce7

SHA256
47294bc512208f3b5cd3b760d1058ffa05e05b296acf2cdfa6ac0309ef760d4e

SHA512
6b8c6a918008f93395dc225c5757d4436b0dcc2d51a13589c0946b8cb15f5175ffc0525d9f2409181f116a6f00756fab12ef59def2c67b61b60995e8cdcc710a

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\expand_hover.png

Filesize
408B

MD5
9a792a44d59738e73eb43cb8090da07a

SHA1
8e52d33293856d25ef412cd151b646f8dd4c3adb

SHA256
13c1f6191a0dc09ae3d664d6db525ad2b5c2fbe908b9ac6893fd4ec8a6d47ce7

SHA512
85bd62ba7044e438f678cb1a2d81e1d622c27e89a16a1c5bb90a5c51884b524bf1004245d6398178e375ea9d4db946f7de158b1ebcf6811a8d9989121bfb11c7

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\macro_delete_hover.png

Filesize
299B

MD5
98848f4b7258d75abc424fb29261ba84

SHA1
64acac3e6fc4e8629629a327c92c43b85eec5d4a

SHA256
689176cebe0a02c9df4ef2edcaed01507a5f76c7fc575d04edcce5a9d0076375

SHA512
d82d054bf13ebef0569dd13f7afda68ef1c02231c823e24f2af55f8f46d375d9702eb5598a59a4db5f0df03d30a7116a1f1f6768e880858ca6340c543fb43cfd

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\minimize_progress_hover.png

Filesize
157B

MD5
76ea5ac83bdf08c3f0e42c697514341b

SHA1
d7a30f4a2662336c08800d008f2caf29fdc45019

SHA256
f5774ac17109aeb122b906da464652a802a7250edda7284c92376e0aef107853

SHA512
4bdbe8043f089ddedb7afaaf474cf7dda7506dfa82bc724c7a1ffe975697463fb627c1fcd64540fdd112ddab79ce880060b2fffc87657e5bd8c81bdd46c9d294

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\new_hover.png

Filesize
179B

MD5
c89c269c090b2d858345004d478bc134

SHA1
f03b43e106e7e6161fde9f4dc45a000d064056de

SHA256
585370f2951b26259a116ef1ef9db46f54813e2a391d90c57205a73f4e9c7494

SHA512
3c33dad17640024e641900c3cbfb8e18174acfebc0973102fc50f5278d354b8b58ec407c5b4c670c7c15ec54d782346c64c95527f65c17ac746b53591365499f

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\play_title_bar.png

Filesize
344B

MD5
f9b74718c3a6315cf0f6e54f8898e79b

SHA1
b63401ba5cf0489c0101e6f73025b027aa318e73

SHA256
33a5586e5701dc3a32e50dc2b3ab2a0c8175d53b029ae762f33b66f4189650e8

SHA512
1a56a144f050236c72e40218e025f8c1bf3d267d0b3b5be65b3e7c5c1ce51517b07e5279eebe21234a3c9bf0bc54f30b6a701e97fc3b2e61eebaf1be0284e120

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\radio_selected_hover.png

Filesize
806B

MD5
de5e0e02b6267bb8775ef61b64b0c221

SHA1
a9ceb537523f5dfdee5a4936c57e6903b7a9db5d

SHA256
2394e1f0069a80514e1d2c277cf80be2a78e6ce2bca6f27bd2cf3f1741a93af3

SHA512
adf80907883a5eec331b41082b2538524373888b08805fbca9b1ca06aa423d4e46c41296185108121f7424009238c76eb7083e2095224fff32072cf2a7a83010

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\radio_unselected_hover.png

Filesize
497B

MD5
270ab3e3da53a6b6747c912a473e0519

SHA1
03bda0adb4f0b6c092205becfd35828485ea806a

SHA256
960e44d9ce1f5365f86bd21fe20c0a4d953af89851a361183711ca3f6a3cf4c3

SHA512
362082445d96511bfb3a97fcdc070a515deb70ba8292ccad127908805e6b51addcb21d1ea694fbe009e287439f177d5889cdc984fc9c69ec9c6bff594a105726

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\sidebar_controls_hover.png

Filesize
363KB

MD5
1757db243e9fc496689cae64cae8eab1

SHA1
4dc0c8baf7bc8aaa5d88036d2599e0c83e83db03

SHA256
7db95f41ab0a27aa67a699f98ac77eea281644d2ef2578d43db63cc10bd263c1

SHA512
438d37161c49a4c27ec465b47a0854caf5c534e332702b714c0e30d523d9e53b0b5edf6ac780267fa73e1408d5b41a323bb92d064dfeac12c3c255eb9a823cab

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\sidebar_farmmode_inactive_hover.png

Filesize
1KB

MD5
ecabfbfd2bdac1ae8a19fad42eb999e3

SHA1
c07a039463233217ad7a7fd087b062d378f5d836

SHA256
b6d26d81aaf01f6d4ced40d6dda059a521f4e0b2fd033db3d4b6dd361dc826f2

SHA512
3e07c0508eda7747896439ab7ff27f2def3157d3a310e2b1b35b32f7c01bfe08d1f5bf99f9eed635cad0790e72e83564b993b9a729a852a05591ed655c357206

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\sidebar_installapk_hover.png

Filesize
131KB

MD5
02d57cfbad52fba8d68dcf601b49cd9d

SHA1
a337f42f0a03c1095dc32cb19243660bd48fae56

SHA256
2e126a84d2579246b58c1b59035c2a83b4bf95ea707c8803d4fd1487d724b27c

SHA512
189388819779a1e8c259a1a0777434abd9ecba0e4963f301e646dca7b1c8ef650ad5eeb6563ab336226a930e87f323e6083328ff23e26aae21bf34d285985ab2

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\sidebar_settings_hover.png

Filesize
551KB

MD5
e07d8d63d25cb2ed95524a3194ff242b

SHA1
fc4d27cb049015356b197abb696f92bea3a6c88e

SHA256
7950413ac7a811f80f3e3e41027dfeeb7d072d38beb330f8b9004c70ebdf77ce

SHA512
7913c77dfd3c9f94087fa4877c141425662e0ce9ecd5c984ba97605bd0306e225e3a68741f2d20d69095f3059f458e62b4ce5c89e0168fc6a802726512bfb24e

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\sidebar_volume_hover.png

Filesize
43KB

MD5
d786eac18c58ab85528a8f1ffcbc3946

SHA1
4a1988ee2cf44969b509cffb1971f210b9d78567

SHA256
61febc86a6e72dc756306e123b4fd354e5f51fd570ee22493cb27017d23cde95

SHA512
cad0cec2b4ecf070ab9cb76b8113e15b5699758723fbac486596ec2418d0a45e069ec90bd8c8860abb4e0957a1018e1d5c0dcb4733996037c9fc0c4763bf9518

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\stop_icon.png

Filesize
220B

MD5
0c6f54f7c6d5f8beed5ccc243753e033

SHA1
9ba4fe96f1970a2a75a2d72bdb04ea1c247e922d

SHA256
cb4e1e424cc4d8c498e21e84fb0ec6a67050dd8d04f90bf744e447fab53671c1

SHA512
f17d89bba51ae26fe03a18007ba1a62b4558a6a28656dc9a1ea13fef8972b2a8298ff1e806c16136ea6bdeffeb571d86f662824d9c7c314ee2cda2219b1e65a5

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\stop_recording_hover.png

Filesize
207B

MD5
7acaf9ec58fce4ebae439bc2a9c4f2cb

SHA1
187e0210657a5ad2c3b3c4ce3d18be0cd2116beb

SHA256
217e38f1d7be90c6eec43e2ea32d4d4022a09aa6e4f488e2d62c1e9aeeb15ff6

SHA512
451af92c4af44a26da133d33f3f991bcf5d4d765dfd9a3b229ab5180be380aa7a72cc543f5514e567a61df7910606e365a80b7b4cf96fb3ca43e1203c1fd7ca2

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\suggested_icon_border_hover.png

Filesize
2KB

MD5
c0220fe8de167d5ed194508305051aa3

SHA1
e0da276affd90c1c8ada0ab3a77ee7510f41b9a8

SHA256
30672ccefed0369381ef3044e9e509515e95e336a1eddbcd8df41e6df1e75c1c

SHA512
504fcba3172b59217ba72d436c2a9acc280f9f983b3c6025d02fb7d6822e14f7b4f51968450eac8a55c7ae7aba4cca32d328883f3a40278d54b9227b41d4ff40

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\sync_titlebar_icon.png

Filesize
660B

MD5
638c1fc1f529ea4089b1513144c867cc

SHA1
c5c6403c8d1d5c893a02348454cb99f0f8a289dc

SHA256
d99b6a78c54830aec69663dcfe903e02c60c4b50c8ec073bc134adef2cc44ced

SHA512
b024c776f64cca4d8d30d222305679ca7bfc3d2798fc656570798b209a6306b910d8c595d90ac3fe31278754087a41db00dbf719f587a222fee5f5c8e2bd67db

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\toggle_off.png

Filesize
1KB

MD5
08fe1c359d8d9861efb3292a81f96595

SHA1
9dfff86473176c360f7660cadefe0b4964cc9842

SHA256
c4bf2f3582e1356921d64acf96b224fd1d6fef71a441faae45eb19622261b4f6

SHA512
3d7903e14dcf92e1a8914fbcda678cb57c8fa27f69e22211c38256d79896f981c9322ae5c9a39f9235d484eaee463d2f1bcda92cc7c96a7e78257ca55931bcc3

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\toggle_on.png

Filesize
927B

MD5
0b343f638c7f0ce97826c59b1e9882e3

SHA1
ec711b1416c1f1cfba7429d2e660a9fc905b32e4

SHA256
5b877fe59a58ecddc596912644455769d2ad62323fcd05ec417f9f8830a8198e

SHA512
caa8ebc834e75e69864885b0d4bbd923fa065055a3236babc1041b1305bda676c342f25b51ad8208605c93f3d5a60bc53958262b4f887617239485ab4e66a678

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\ProgramData\BlueStacks_msi2\Client\Assets\volume_switch_on_max.png

Filesize
1KB

MD5
2b1e8ec7f0f9bc350c03328425275ab3

SHA1
fff6cb1ee152903a6ca221582046e3db36ae7c9f

SHA256
f506d22ff694a36a1565100c7badddb693ad26f00c1882f1d9044a422a878530

SHA512
e9766271c0ad079f8e37f9281e4f9abd4ea27e61f2bc8b6c4f002873e36281561fcbe7ba97e08a2916ea20174fab7145d8d5cfa7568d0aa4719358bb897bf2fd

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\Gadget\req_trans.json.tmp

Filesize
800KB

MD5
465cf9d5b191d3276a7e185cff083ffe

SHA1
deb94dbea277d4463ed2a12141cecd8443a710c9

SHA256
925106ecb6570276f61182cc95bc1875b1012e5cc5ea4cb211de5968b966f33d

SHA512
bb983e6c828008ea4c1c26d89845aa036ec9093fd57d10ceedd406e6246ec8b11afed18a8c0d14161a0ddb67f5285141b52c054b1075008a1e29081400518a06

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\Gadget\requirements.json.tmp

Filesize
4.1MB

MD5
5f8e8a4f3af2846e7ed9738d519358a8

SHA1
0bba3e1f6d4eb7095416078bf6e810161a1cfa00

SHA256
a6bd8d7a7428408f3f711464e4ddf2086038c65fea9c5c738ff343c54f59ad78

SHA512
87d83419fde3ee26d56a97c0499707ba133a1b9d2ff7ee5aba539c398d4005fc1a7ed78065ea3e6a13195b89961e3746c94656f360c42cd79f91a998feae9fbb

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.activision.callofduty.shooter_mac17.cfg

Filesize
149KB

MD5
8e1cd90f17d34ceffe4b0b4941237bfd

SHA1
71f69bc6e738cd4bc6ec41e87cc3ffd62da07be8

SHA256
6bb105757981bbacfa4531cd6b90c2900179b62c97efb454b542a8e056e9de04

SHA512
266942a4798d5fea8c3d0205526b6cd82ba65c7e7debe86fd10708709b8dbaf375c052a9cc8c684c132992c08bb2b613a91748510fe6cf81b64e25dff885220e

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.diandian.legendofhonoursea.cfg

Filesize
9KB

MD5
0365cd98317714840d151f56faf1045e

SHA1
8b2155ffa97a4c6c04b46837a18bb4b316bbe101

SHA256
56458df258a83b9fd44d516b9d5a89c841c76177eec4f5605b1862cba4265314

SHA512
4ef9db16541550c35fcfae53f591c36e7c601420f70185d1d23aa5e6460391d7df88197ff684b4ca593fb6cfed24cb5a9ad8faef5eb53963b9fb95dc9ce37a98

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.ea.gp.simsmobile.cfg

Filesize
2KB

MD5
390c619d4e0d624360c253556d9b10a9

SHA1
da0d73147fe03f7618785115520318663f25ef93

SHA256
6aad8ed62ca50c98bd95f67dbe20f1797f9a3a6f70e2c3c85d01723cd1a10da4

SHA512
5c84dd8610a901a2c45e026ebc3457368ce279d647123f8cb986090f168306958e2e56f51fa6f1e89678c9b6e07c52a4f2113a101eb578e288d73d099a69e3fc

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.garena.game.ftmsm.cfg

Filesize
7KB

MD5
738b4082304f93b87aeef77a045ef51e

SHA1
9052ad479d787619a95dde32e9821a73572dfe37

SHA256
70943439421a48a99ea59e3dbb0a83979487aa75f0beb121d3e2039b434a66e3

SHA512
8425a1af8b4af899df9c09b0e472f3d56ad5de2f30d97eaad9ffeac346b2d9fccfa532ac0d39db6eaa614db8253827058a40a647cb00bfa3414e04b33cea6fd9

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.garena.game.kgtw.cfg

Filesize
32KB

MD5
91f47bf05da9e03f616e7164988019bb

SHA1
81ccbb739123f4a0984d8968989036efe27e1739

SHA256
7a8bd825781732091842b27685ae6b68f954535ed9732c8c8624b1245edc24e3

SHA512
2a9894d90c5a13bf58d0189c0f0b5470a9ebc6d2108e0fbc5adcf1b79fda557f40f23ff43ea0bf4380a6dcc538018082cf5fd05fc2e62c64eeefdd813dbe81c3

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.gotgl.kr.cfg

Filesize
13KB

MD5
f654f7ffae08df01df13ca5a4414eda1

SHA1
f547a0d7c38c20304dc49f56972d042f86b0cfb4

SHA256
369f05b655da2ec8996a1556952b7b2ae0a5fbea8b8d47918a421dffc38a899e

SHA512
1f2e2d17b4857d0475b3d46c7d8cc57cbd84134eb86b1df07bcdd4e327dfef2d7643b833aadc5d4693fdb68e9373b3b9feac1e4b5b7c7d951a9f2e81239550a2

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.heroesofchaos.ggplay.koramgame.ru.cfg

Filesize
5KB

MD5
9be971cd126fc550b8d7b38364ea534d

SHA1
7acd277f59621cf84ff63097974d9c6a512b010e

SHA256
95083501e00735ee46c9b064637d3580bc72847bc23784bf1132c4a919756ec0

SHA512
411a1fef513a06b7c087496d1cb41b6f1a91760bc01d5527bcbe73676afe74fda370bdc24934893166ce8a38ef8caa88ef955b45492f9abd6c230a9ad7d7cd0c

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.igg.castleclash_fr.cfg

Filesize
2KB

MD5
9346c5858c1e1ce56cd918e9cc2831aa

SHA1
ecaa89358e7f8a8f21ab7bbe2cfeaffff564346b

SHA256
d417b9c7b8f304665c97f89a6a87f7a4624c9a3068ccc64065fdbeb7598d2ab8

SHA512
3e83f64522c5ea2ffde8de5a93fc9b0083bf69c99d39fee6020edf7b0939647566903ceb82fb33a665e25f7d40b1434b100cf876a3248baa82d55e2b8aba8d13

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.igg.castleclash_pt.cfg

Filesize
2KB

MD5
55597330ce6c2225b7cc1294158dc3ce

SHA1
f308a5ada00e3d62e713e1b872663842fa97e6f6

SHA256
a024e38ee01bd842a02a26b515c0f7f0a0495ffeddb8eba5b150a2e9e28f5917

SHA512
f903ad3d6b26536aba872397b554960913bc71432c46fd1814dd4c9f8d1a4602e50f02f096ef00b49fde0487a6cad6370e97f842adfa055f12d626e26723db2d

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.kingsgroup.ss.kr.cfg

Filesize
21KB

MD5
da38cbdbcdafa0901ea875c165463874

SHA1
dfa80acd254ae091974c79ec8bb810496b8b689b

SHA256
0aa489eee06badf6fe9d4534e5b7b64a5143f545a239e6cf2c2f47c23fe01af3

SHA512
38b8306b58bbd139c9e1247ed0a1f4f6214f045a9cb9e90d34aa0f67f20ca4d883689304658c9fbfad39cb9a936d78afb905b5fcc66b4011f54eb21eb7c4d53c

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.kingsgroup.ss.tw_250.cfg

Filesize
20KB

MD5
9d3a0b45861aa60e8405b5f16a96a36c

SHA1
6fe692680defa1bb559da4388474b7f72b13ba82

SHA256
a9b951b628aeb5f38ce5a602e7cb62c3afe63d537b7851167d6bb40bef7e30fa

SHA512
13c78fa0aee97bffb9ea739ea40ac8de1ee43d6393ca4306a0727742e86716d095f4bc417625fd322f0b9a27c09d3d7393a568e5e49d32e4070c271b5f0ea1d1

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.lilithgame.hgame.gp.kr.cfg

Filesize
13KB

MD5
3933efda00c6f527523c1af1ef898bc6

SHA1
f3091bc3304832fcc66ef57aa2378c0449fad87f

SHA256
866116a61f91b3043b4269220d9691bad14172be402370d99851f1c92f25917b

SHA512
b7abb84ddfacd8d5ae78dede2f297ca7f824b59d9a8f1b0127c4398af5c6171a002eeb5b55fe4a2476c7260e54bbab2cb47016a9771d2b380bf1397ca3dcbf7a

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.lilithgames.rok.gp.jp.cfg

Filesize
17KB

MD5
defdd1db24cf07646e2683679da30a73

SHA1
e13525247adea8979ae0b97d74415b1a2a12fdbd

SHA256
4d38875de42daaaf9f42719a2cce7116a448843954a36d665834b26fc07103c8

SHA512
7629236618faa614969f5adc87c30217fb26e8d463b377c75d3c06dd9c4a836df3b22e632d2fdd1a857a5b8273b841b8507535785a15b968828eef261d53f66c

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.lilithgames.rok.gp.jp_260.cfg

Filesize
19KB

MD5
1c77c30be398b6db87ce872b029c520f

SHA1
24bfcf81431d0983a6968d39c9f48d56e2d992b1

SHA256
7dfce60e9dbd3086442b84484b7b2832865a3f4ba82bee6a001a688d0c96573a

SHA512
89545bdf5b6369f2dd83ee1605d5c7d5a4aa25fbd5ddf5face0513764b75a75d3f9883b2cfb549ae20af35ef6867f2c7d38ed1da7f646a20b1c68b7c81316be9

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.lilithgames.rok.gpkr_220.cfg

Filesize
16KB

MD5
57fb5e8f84b056f90dd51d515b1a7a31

SHA1
3d56dc63e0bd0dd791ddf7196414774ec7ee4cfd

SHA256
8a6f69fab3e97c8a83d9723ed2298c383ff34aa2f2367f82c97d7cfac4f242cb

SHA512
ad1bafe66b569aba38e551316a60f043a1087dbd4de06e58471337e958c22c6f1b1ce19318f917162b6b4bd67f41f48f4415bf84741488cb93c71246e29e3f31

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.lilithgames.rok.gpkr_230.cfg

Filesize
17KB

MD5
5673f49b223fcea9ac40f2ed8435dfe5

SHA1
584e8bbc013c26227fb9d72436a55c14d1dcd668

SHA256
46172f6acba1ace855c1b959335827ba043a376db3dacbb75cd90d0755805c73

SHA512
71fc348dc5d0415f90400c0bbe0833cb74d884201ad851cb73e9ebee57082ac678bf6bdd3a2bad6e40512ee8511a1b45712bac4c23bbb6e441ce01456fc8608b

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.lilithgames.rok.gpkr_250.cfg

Filesize
17KB

MD5
e807d0b95e398035ee798ee43a3fdcc4

SHA1
4d2a8164f88627c38644f056f0ddd50bee38f783

SHA256
de3260c15872345e89396732d8398fa5518515a591f010fdd98156e4d70a0ca2

SHA512
a10883899218e709eb42a750f999b0187e77062d256cb43866395a1681159e0091959067efbc52213cf6dc88415bbcd30e8bf2f09a0cdb895d1772b1e53afd12

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.miHoYo.bh3oversea.cfg

Filesize
12KB

MD5
e1a4e8cd5b081f411097068597fe1a6e

SHA1
79fbac2a17b8f4f27ad10a244d828c773c6db374

SHA256
850148e496165813cca1c3ec4f3a692772699211b2f03651ddce451dbc0add6a

SHA512
1af346b63cec10ccd76f6eae3913a82d062247fb6268fe6ba37a3dacfe2fd58e98c48d6066665906f8263821e85cdd76c51e46879effdee25ec05c6fb8291833

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.ncsoft.lineage2mtw.cfg

Filesize
26KB

MD5
7db338c30338a59e665024be54859820

SHA1
d2895fcdb1e212aedbb7314abc174fe248bce8df

SHA256
85c5ee22d6b25600e7bfc7084cd7b40ecf4cf2a89ff06e301007d675db65e3cb

SHA512
e7f17278056cadb39fbe7a22c00007b5743287a923e2f1cb4df9dae421d5f9accf61a3de3e437ef20cc635701338e56f4a3ebdc4aef32ca3330ec492abd343b5

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.netease.tjtw.cfg

Filesize
7KB

MD5
5a6b95ed93d4edfe2230f7ae2a3f5bc6

SHA1
e45c743b42e136fd04035b9f7a3a138971f35258

SHA256
1b4e159aefa24393be8f70c9ddd5e32edf18c3e74d1af918952c74b553d635ed

SHA512
c80f12b4ad735fababdfa070fea43c10bf83fe05cdf08588191bf3657e673fad3cc0c7578aed0516a273f49f6e6f1a6607874cd67004437938b9656720e7eb86

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.nexon.v4krteen.cfg

Filesize
17KB

MD5
97fad2699aab9a2f2c26bce53d6cbbfb

SHA1
4448e1c12df1a4dc905bac09f6b440df8f6e9efb

SHA256
a86f403ff56b8ff3f3593be3504090b18b475b6a33eedb9c8d117c40a0d8710f

SHA512
8a57bc6490bb269ecfb5e89cac6d95086dd5e69fd1eeef0a828c67af26c9a61f6cec17219526612c089f3169be94573b681988b725531ab6a94ab767f91b1b71

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.onepunchman.google.kr.cfg

Filesize
7KB

MD5
7d91e11b9dffa13861817265c0c2930f

SHA1
fe317264cd72ff64baf467c16b6f978594c4d10f

SHA256
a2e2ffab0e8e8bcc84116d9ba3a1ee65cc01f5426c45d0878783b50fda85f593

SHA512
5a76bfea3103f3e0eaea42619f304946695adeb4a775a77678bd456a175050feb817fbc0dc902ef6bc4623a551f85dcb3aa54146b44cd2e4bb20b374316aed7a

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.pwrd.pwmru.cfg

Filesize
16KB

MD5
1920200604b372fd4fd594f94a7ae849

SHA1
0ea4fc70c3ccc88a17ec1415daf9bd7637d5eedd

SHA256
586d48fdce171aa9ca55aa3b261d4bf4bc6b6d66a22d6d3e06dbca363c2d47f6

SHA512
457e925b961d4fb9b124c7aefeaf5e1d5243ae55e548524a9351ab42581351936aa9c45c90c7ac8572b70274a122fa2c72fff40861092815d70cd9d6745afae2

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.riotgames.league.wildrift_250.cfg

Filesize
198KB

MD5
2ee5ebe7df1778a1814d0439858af868

SHA1
f0d1bec8bf4cc11d4bc60e750e5427c61e67fcb9

SHA256
4b3fb7c75b83a0c654301c61c974896d961e92814487c22766b55a4325b7a812

SHA512
53c9249e69a8d47e84efe464c442374decabfad534df715ed551757cd1fcbedef132f7bb30fa04eb04398b2ee2d8974f35a9eaf52c5d64a616b23ef410138417

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.square_enix.android_googleplay.RANBUjp.cfg

Filesize
6KB

MD5
692000a78407f623245bfb4eb1e634d4

SHA1
a453a8ca8c781ea90f3c48c39aaf0a3532e6a064

SHA256
bb7d621e7f0b4ea3813ed22290665cc4c41e567f3262c31af8f06ce62282d7e7

SHA512
c95ee767abfc67cf2ed4110f42022c9a93fc0340dbc8a36d00c14369c5148dcc55a000aa58b44dd1ea65f52fae8b8343fca209248701d9d1dc3f8e97b0b8d4fa

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.tencent.ig_14460_210.cfg

Filesize
226KB

MD5
f81e2636923dc0047eed15ec7df3169b

SHA1
169678848b348d23c0f1fdb48f38afdcf22b13c2

SHA256
54800071843d824c6a7828da79bb15bcd22ee64c568c78452e372e6869348a9d

SHA512
a9ad59ddfb40ae7a46b90521d9bd405ead1570a102dff80e8b9dcbb8bca0d800c3c2ec9ddc1fa1d3b3790597c39a3dc1e86eacced2456213a726dc15512cfc03

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.tencent.ig_14680_210.cfg

Filesize
232KB

MD5
ed85cfa631742843d9ae5fff3e450e36

SHA1
98d11342907434eae8061593da42a0f1707828b7

SHA256
4012c37b04701aaaf69678470729e525c171ef408c2e9e13f7023b6abc1a4171

SHA512
692259ff3d90615aa447abc2ce682a5f45601baff37ed7601c067e0986a2bd581b40a7f90c818ff64d052f830655d56886feb497c206af86034a1468e59c8d89

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.tencent.ig_210.cfg

Filesize
210KB

MD5
84602f3f691e0d94dce6fb9bf358660c

SHA1
2c86b18e59b2fddb7d7d87eb370ac5dedd776721

SHA256
49764b4d3ee8f00fa334450146a5ada50c564750fac3f9bdd0808594355c2495

SHA512
817c77d1f14d5fd82427f99184da5b025b8b3d154dd1b4178cdfba9646866084deeb0ef606973790d288cb975f273dd2db3c6d485e73e04a5e685c20f5eca8ff

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.tencent.tmgp.kr.codm_240.cfg

Filesize
179KB

MD5
9fc1e6272d596e13a5f8c38bb3386756

SHA1
cef8a8d3a49aa68aa8045e43ae6390c7c344e969

SHA256
c08ab9122c421f1dbe54bcb9a2750ebbc3f430e6c3dcd7f79862c2fd8df3cfcf

SHA512
02436e600098efc1439a77bbf752639bb234d858e6af3126ad5a33697dd33057988957bb7f25273e175ad907abc74853563a2e9a3d83b2533a45f6ffc44f992b

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.tencent.tmgp.ssksea.cfg

Filesize
11KB

MD5
6b158d56f8714987a8fcacc66f184d75

SHA1
4f9f0fadd1590978edd81b71748d62dc0745e253

SHA256
a0497961c46426106d8f027c7576029b018c6efc58effbc40866e56952a56be4

SHA512
e0f73a1481d19ab0c104a3408ef766ce66786d77c84eede4eb0d6b512fec3989156d2c5ccba2585a5f9228251e32f2f1e7892e29d8e10cc41da7bd9653357460

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.tinyco.familyguy.cfg

Filesize
2KB

MD5
4d35806934f0d246822e3efdb2cbb49d

SHA1
580b93f0c59fed4c166793d0f9166b26c9e31e12

SHA256
9e07436abb891b22fe6b05bed5f072eb540603111a29fa548df40ee40378fb5c

SHA512
7054d8729cb340de6bb212e573c13f12531fbe9f6e776841af3d7b36b7fb7c342fe953ef815918c9aa9b07bac614b688bd1d9e87a937026e0e56f60d44df8007

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.ulugame.with2TW.google.cfg

Filesize
15KB

MD5
4afb6e43931673c4b26eed7dfa120772

SHA1
5a1975a46f85d6ae3cbb722a2dab92ca33c7d03a

SHA256
1532d32f3bf31c8478c96d037d63469372c91ad418b566e174ca58297ac07bb8

SHA512
985dcfe90997ba8f6655036659280fc86102b3f36b3b2cb8f8eb3d1406737cf8fbad8c9501453d9e497453f540ea1cb9cd9d544a588fc0c0cd9bf9d5c3b20b3e

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.vng.snkallstarTH.cfg

Filesize
13KB

MD5
098616c87ae5ea3e240d7a4cfda1f99e

SHA1
eca8515180917c65906b7c8b3c4915b9cb0fd60f

SHA256
b0f2f07a118d3602bdb91fa5df065afd850429e6b2c4e5443da71d61544dd2ad

SHA512
a5bb13c9ba510f29115d7e9a0fc4f77fd4599fd257b6120ac9785afd896933dc48ac9399a5a1c8f664db24d664dc28c43831832a9dce8b3125a3010b5496bc3f

Download Submit
C:\ProgramData\BlueStacks_msi2\Engine\UserData\InputMapper\com.xlegend.aurakingdom2.jp.cfg

Filesize
10KB

MD5
8bc4f726298c29f4486ea829f5360bd9

SHA1
829ed57dac229c64287a42fc9720ebccb76a8672

SHA256
90600a509b9e128784a35b20f2fec1e40b934e849e8798a4ec528b89016eb6df

SHA512
be471dc31916d1842acdedbc47689786d3e4ea85ce50d3588b22563bb415468bb58d0f6dd2d5c56f5e1d6a5efcaa3f9afacfe496fc76e704a6099292b3054921

Download Submit
C:\ProgramData\BlueStacks_msi2\Locales\ProblemCategories\ReportProblemCategories.Json

Filesize
4KB

MD5
9e1141a44519e9359739464310857bf8

SHA1
abb797ee7b512c77741978330292287d9c0d92e4

SHA256
42d8b6964164aa0e53cd0d5b7c59541bfca32b04f54b3a3cb07d9080eb60bf0f

SHA512
caced755aee6096103a067648ab069d517769bf4e89634cb0c96f00d264af786dc1e236f09652cb161c62c48df5fc30504025d0dddde709a05c87497dbc0daa2

Download Submit
C:\ProgramData\BlueStacks_msi2\Logs\BlueStacksUsers.log

Filesize
518KB

MD5
25b026ccda32c92c19e7161b97b16b78

SHA1
4e93766d96dc86c310fc3cfefec3dd637159a59a

SHA256
b5ccf19d69e11373bfc4e4b54c12c73fcfb3e0817789ac02454a2c57287af47a

SHA512
4cf88022a20682b28f9d2ff5c0ad1806b3abddb8dc1a84ddc84371920e83258bd2a73ef65aca4badb90f375b2e93bdc549995db9dc6357049dccf71cbe6278d8

Download Submit
C:\ProgramData\BlueStacks_msi2\Logs\Installer_4.240.15.5318.log

Filesize
116KB

MD5
603a513324da0083a4b3c9481bd0f4c6

SHA1
9490ff833c4142cc7b4983a8ffefc4dfed49af4c

SHA256
f224734e6d220dd36812d9b70859215c6948bf5012cd15d6daa791554326aaf6

SHA512
e7741eb4989c226ed9976ed55a3ef1c26787f37c4e7097649d29400b009b4671f16239ca607b08143c36c381a71a01f6b32d8a51faf87b98a05649fc1156a64a

Download Submit
C:\ProgramData\BlueStacks_msi2\Logs\Player.log

Filesize
3.5MB

MD5
cf69895a38cdd142938a076fff41c341

SHA1
293fc36f2dc438f6608947ed7fa8affff1117572

SHA256
1e3b29dbef854119868bfe56b1db41a2885a28eb9c71e7f430d4e42cb57d7618

SHA512
267a771478d2ac383e0d083cbf034405b0d7089a8f996fe4db7cfa92f834e638477d1b70fcd0c89773fd8852dccbc82f93d5cea8155f10976d65edd16f4af1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0d7efa71-94b8-4475-84ef-830d0caac4f2.tmp

Filesize
150KB

MD5
26af598f17ee823af4f2108eeb1ac575

SHA1
326450ebc6f46fe0c92ec2e615814dfa188d2811

SHA256
5d11c882cc7a4511e816920540ca972bb8ee94f0fb667eb00f88a4fa37d7aed2

SHA512
02b8bd3b9681bc77b0d2cbb2c7392232270e26cfb151ecc3bfb4a1aad0f7060009ff97f420e3a4b49ca6687a556007dd62554c23bbf12cc02662069e3be1cdc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\72072640-58af-4aa9-9f7e-dd9c5bfc485e.tmp

Filesize
6KB

MD5
86640e8a4ade3131107db31e528cb0a5

SHA1
61335dfc1558aabe39dd88f468bd6bad2afbb9a9

SHA256
9c9eeaa7ab0f192e2dc89f8c1c88a0111080f84cdca167201c5af96c1b313fbc

SHA512
2fcc6b6a654721ef475302d5d15f21ea56d14950642efa1bc4d767e7ed462c05eeae97a18640db5a313fa564af2458c27498dca3cf7dbebea5ed16540dc286c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
dda21ad825a4775ec926f2f8f5975c4a

SHA1
746f31d69ac0fec656f3a2b6b4247e9a7553a8d0

SHA256
76e938f16beccdc117c492763e066589914bfed9e18ba24349a5b0c75bd09b1e

SHA512
72ec7df64819e752adb909db23a5f97934d1c9076221fd11a4feba7790fd5d6571416de35faa549c5cbba5f87794ca40a0eddcc965891948882c4a29dbc3a7eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b67496b6ec343055add354fb4f7b5879

SHA1
4ad6d1e713df8842438a2aeb88ed29f956e9f5aa

SHA256
af3f197f66918b3b03825b706d68f116ca4d6abe65c2dd4eb902bd2d283ed572

SHA512
d4dc0fded27efa354fe35e5db50d002776469c95acd1c3b609ff1d5f46b57cc154e0cfc33ea59df83943377137e10a9452bb0147e556c496f2d82efd1ea9e359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
487921e4efd9974df18e42aa690c6b95

SHA1
03c83464d74bf71059070d8f7ab287705a3e87ad

SHA256
87e52f16771e83de0e8890983b1c0d24a256ee0ac878fe9f486c937df169a870

SHA512
2e66f3e32ffab2f938e64d37394a0078811b1b63613cd83b4dc4cc7da2f5469b94e898e198c68937414cbc4732ab7fbcaf7cad0730ec230c80c1cce0f8ef7b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f7c76cebbcf59addbca51e3a7513c0b6

SHA1
1be8f0dde8f3411a53a7cce9af73902041517985

SHA256
ba32c1fc9b9bd1a996b5e814f69d5201ae05444a19ac41f041ae8a0b977e2335

SHA512
4321420c082987e09c6da7fbfcc238471b70dba4562e2b47b2b186faae7ac991cae6d3de9f2f6b81d285c70934ca95d22fed387ec1b3596ae58fa8059ec461d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
b2a07e7f137ea6dbad08adfe8f9fc982

SHA1
b7891221396bfd23c86329070009c2d7150ab55e

SHA256
c01dc8fdfd3318a9b8809427e5afceb28ada6f400d64f3817c747ff0bff0e304

SHA512
09981310e1774b3a422a04c16ad46ae61785afbd4dece511866beb8a6c17a92ae080036314ff876bd61c50dbdb0b827533644642aab094a74ab8de73c226948a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d6b0e6debe0925627685b229f66d385b

SHA1
5a06ba54cdbf94429b00e525441f75b494f8a8a8

SHA256
426c6dddd812881f9076029844a3628f2007ff90f94247531430772a914f7687

SHA512
62c2a2d19d458188aef91a7193747d1f21fc1e567bf81a903ee2341b028179cdac6641e7215558a1c13a478db931ccd71a1f6eaf0baf7f6e8aa46301c969c603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4fc5bea1d4464ba6fda443c6450a01db

SHA1
3d976acb53f1b2bcf84cf2108171800de1ef9f2e

SHA256
119579d1d6029b321d885ed988fe69d335caf001dbdf99fdfc242d522ca48926

SHA512
f27c78309ff42ecce1e0fdaf6bc4193b43da6810316a50857af2444b476d1e742323cb5b0295a3c1b70ac713d4c964f2e322865da9490ae0a647cc0c45711ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a4c8ca28c32949fd50b1a7d0d964ec3

SHA1
53b50be6fa2d44c36c1a989972032582b7b7d8ed

SHA256
61362b74702f796a4d8b958b3e60e3400f7fd05ebc9eaff2f8419733fccab30d

SHA512
238666d4e6c71c8e68de13c2447b795dbe3ab664eb1b13b0c7e0cda19b658b49085ed7ccc3d400a0f468bde85984f8a4a74947963199858c4ca83b2003aabb09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3bc4b79eabccea00706f3e8ee1c49f5c

SHA1
66fc3c337dafbfa8041ec5961d8ab706eb3f3744

SHA256
c05c119d1f57a8ea8a198ad148ab5009d9131a59da93daf1c544e9d467ff3542

SHA512
601c66257c4564229fc57db326a0e8c6c5eceb4de0c5d72f78263516202589e8dee2429974b3e6d3a04290eaca21913421c59c7b9b8a1ee31b101b097621f410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f1f630bce71b20daca65c13423babe8b

SHA1
8e522924ae406b2410c9f2faa297768bcc0aeaea

SHA256
daf4493cfe1a3a6df3f7cd12fbbd79b4fc5fe9351a6aca1aac52c224d7d6a2e6

SHA512
edb4948934a6316686a94e86f4e52e7a8d95a280e3f80d60767864d942273c2aa10d2c31d8c1afe48be3f1217601403e52ca5c13c209c8a163233698a281be4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
cb89beb18d45700c09bf7f8fcb970316

SHA1
f607f1e371c9b06434a59871af166950bb9953ba

SHA256
8a8e0f791e2857939e386debcea47c2587b562c3207f012c7322c8dc885ba459

SHA512
4d2ce91628bb0e4cfc6ddf92fb9ec5e4fba2ba46013b3c38e88c39b5176b194cc2f81de4bcd5bded484f06b8e54a473960c2e049bd5ae5d6c30367e9dfa3a6ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
cf3f284b45c4a4d99cc94f424ab4af2a

SHA1
4fcf20521108c46ffc3946b99ece75ee2b3a0276

SHA256
1f6f31667cab055932d3974630a7b08cf27b75a59e35f272fbefde5a1ce5f295

SHA512
d099b6693533dc09ecfa183c3f8577b6526eabbdb40b85d6792a471032c7d2f910e9a26aebb29782487800476119706d4bee7cd3a863d1e05a83163033801cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
635575fe887fef7c30ea984036387ce4

SHA1
6997791c249ba2b4bcbd5c014b2e3f30885ffe9c

SHA256
c82060b4ff477c139d8993c13c7ea1139bb1f611303d67091650e89b5ccf06ad

SHA512
7d82ca53c354806295f0b3f51ee351f2e376ab55ce3f4b17b5140f32fc7a0223309b3c04c04e0ebb9307ef8faa55a4f456ec50dcd0928cfa20a5f47c7f7f7040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
41540e768e2628a5fc9a8f1365be4b1f

SHA1
0ae7f17414f3a788ad065c36013650d02e903e6a

SHA256
ff458d52655f4f70c6426f8395e84ad477a8dc6c93a4ff0cda821fd8f200eece

SHA512
2ec79e8cc89454f186218376ad0f2970da00ba6e3ef4803b0ad8496221bbb0d9fae8d6bcc93e548b58438a56a7008bddc32d805cc87d5f650085484b1871cb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
a2b62125320eb9b3d1d9a2ba69a2329a

SHA1
58fc3247b60dbe7c85e7e0078072baa2153f0e11

SHA256
08a7596eeaea17c10600b758121072361196022903ee416af4e1452414eef292

SHA512
2d441bad43b9872e516e1428e2900d7df52c697142fdb449c6fe1395c17e6bbe494096209400d7a3e6e73b1e4a7be5d7e1cbab3ff75b5883d7dacb5d5316a4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
909faf44019a85c0c904d19bbde23a95

SHA1
deeccf159d549d4ee55ec6bfddea05aaf959ed05

SHA256
10648f0b3cd882aa0f6ecf059527e9cb29015c95aa816279bc0de3af9e59748c

SHA512
3353e6617f27fd4a2e1e90ebdbc25fe34078ffe5fcc333643930ac4c619bb1982998fffe80b28afb960a34e90278700f3ca06bb1862e2e4ff5a93eb5daac52e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f0f40565ad49bd2814afaec2a9965cf2

SHA1
e097818008340d9f5541231d057b6d4c3c7e1831

SHA256
a852db4de65d3982bc8612d70235747264e693077c933e6e9676ea29c3a1ea22

SHA512
fa702fd4b5d1637f666626205462aa6fa6098736df7cc8328baff50a42eb7a8b107cb4f3bd06d5aead030a25d871bc210436879b0053de0d36fdecb1b48fa46b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG552C.tmp

Filesize
26KB

MD5
49be9b516b0b33485c2af42a8dbce80f

SHA1
36fd4fd5db1813d751e6a708955d486e83384776

SHA256
b70feb55e3d1089f492a7200311f226496f7d98e7dc222ac875f2e4b126ee5c5

SHA512
a89c114387f8857c036d4ae5c5c2447e5d96b81d519978b7f34aff09fb43d4173c070ca800e1285ee4e1f50bcbd4c57786cf4539f55716714228876b06396125

Download Submit
C:\Users\Admin\AppData\Local\Temp\REGE80A.tmp

Filesize
2KB

MD5
78907f603fa5a3fb542c885de712ec46

SHA1
8548df35568c541ccca47072d6fb8ea4f1887fe5

SHA256
5940f96b85d5bf4c79912e4ea8ace78b20f56e9df649300986fc9f771bf243e0

SHA512
0e18a030c4a491473fc444ba696a84691b16258469310c84803324f95a78021464cc1911e19408361270688cde93f652e83c0015f726f5b5b537456ed8bc7bdd

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\7zr.exe

Filesize
722KB

MD5
43141e85e7c36e31b52b22ab94d5e574

SHA1
cfd7079a9b268d84b856dc668edbb9ab9ef35312

SHA256
ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d

SHA512
9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Assets\backicon.png

Filesize
778B

MD5
bb32b6c0cb2fd3b9329f0813e1b4239d

SHA1
241b75e5e21aa3e7a6aae5066de65d65db49651f

SHA256
77533707194f691af85e6c990d852b949c09018378c8f9d87763b54b1c118f67

SHA512
e3aa89c3ba19f4d0a26fc6f3fd725c5201f3609b7e3f91bd8fa1fe95aa8cfdac5d684893ccac3e81b290ad241c048264d12bb1c6aa4b9646e604879b54bb9d33

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Assets\checked_gray.png

Filesize
659B

MD5
f5273eda49f641257ccb5fc5235cee80

SHA1
ac2f52d7a0b34facc5cebf4745fb72e15c0e5c8d

SHA256
fc88b72393b58799ad747a988b76c1b9d8ce3dbaedfd0463e74d6a33be0878b6

SHA512
95457d926dbb7dbcd7c5b30fe6ec45634ab7c0f3dbd5820c8956d21d33a0f5feddc36e0d52d40abbb8b0ba07c005e4594dd56dab1cb278ee3104ec14d8ca921f

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Assets\close_red.png

Filesize
1KB

MD5
3759fdf92c29556e5740a6282507e1f9

SHA1
23960cb0edd610083edd8f817c03add5e883453d

SHA256
8cd75e91be69cf7cc6e6979c14b394a11fe683be7b62d5163da1073bb568b7d9

SHA512
d0773ead77552514a2cd7fd7e55abe730579b4fab24981eb976ac43a821fc5a06ae02626e48dff83a58acb37db23d5527444faf5d4b7cb2fc78df33b065b80d3

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Assets\custom.png

Filesize
580B

MD5
07c7f00c7498d32e8045c1a0eda0727d

SHA1
bebf52df35cf5a95dd6ff5da778b83c5eafeb052

SHA256
8eaab641d186f93f50d2d2bbae6ac5b3c937ca30665bf916321a35c83253eca3

SHA512
142752b1ab40a23f654293a15e075321020322fc0f19efdab93e69716cc0ff5dc2148a83f7db149b7dcd8c30b7f542c0f89ac52bd50470e756b07b00ec78f5b9

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Assets\error_icon.png

Filesize
1KB

MD5
dab2c4538a83422b5deae0e0de9b7a30

SHA1
78c2ab2271aa4020df1e0289bc3c1ba9a43fd424

SHA256
666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89

SHA512
24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Assets\installer_flash_background.jpg

Filesize
3.9MB

MD5
65f6507f79f67ccd7cb23170f6c06a56

SHA1
0d73952cda8bdd1accf37bdc1115a8944dc12b29

SHA256
c4a457f62a5423e2def92868d4da13aef4cae9394de8057bff0f95c1f1904ecd

SHA512
3c3b34782d27484a47c0ee0eb6dd952879ab593a0dc83d6cdaecc22a4195f493278be8e6ea06f175f6cbdf2e2d179c7766850771c4a6a6c3cab91f4919d6a9f1

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Assets\installer_logo.png

Filesize
924KB

MD5
9659b80df811d6a5eadd15b2a918d427

SHA1
b8f86b1d3367ec0b5c3b1850678c60a7fea1ed76

SHA256
b4b14b4503cc688d244d57846ac6999147e3dd06619c957784cbec72e8536479

SHA512
bd4ae57c827a294384a43bb87d741364cb1e8137eb36aca1b945a6e0309ea44e361b452a18e9cb459d6e2dd605776e15179fbb1701c041ba4ffd0795ed23343c

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Assets\installer_minimize.png

Filesize
157B

MD5
857bcef475b0d4c1d669bf47a143e85e

SHA1
072746be2f79c9571ec9b7e3b702a8cdef5a2b66

SHA256
8e6e37b79756bfebb943d51d3571926fe4992748c4a673bbb6d78b22e87bc7f6

SHA512
b7e236edefe3f4aceefd912f2b6cfcecee034125ff082d3bac5fdf6db57c89dc2dfb4a96897529aed8834a423529680cc0ba1c94d497eb8d9c4f450ff70cf79c

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Assets\setpath.png

Filesize
355B

MD5
f4c65de79fb292fd6104eb1a160ca09b

SHA1
52173df03e93433d88b50ebcd7d3bdbc32bd4165

SHA256
9ea14db4e8d39be52c9b55a39119d5f95dc331a0559d38de44fd8e72e8677718

SHA512
db4bca2ed5582efe9ca27ec67bff59ed2a66c471dc4e4247818e3b79838b57a00cd69d92b709c3a7e0628d7c9e9508335aff877279d30741de18226f0626dced

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Assets\unchecked_gray.png

Filesize
321B

MD5
8b3031b63549708b7ef422da8dfc42a5

SHA1
46407a76af6ac9887a15bd682533922c4b2d09da

SHA256
8355a9b447991ed53c3e1c768f397b622f9535faadb26913e4f2298cc3621c5c

SHA512
97b2fe161483b90abafc0bff3e4839f357aa3c0765b1d5d54e5210fcd9d543480eb4ff3671f2706def344ccc83548fe8d064b9ba1bb15abae9e718b87b91298d

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\BlueStacksInstaller.exe

Filesize
307KB

MD5
edac82094fc1143bb21010a6da8f28e3

SHA1
c2c7c89dddbd55b861cc0239614adcbc6fbf5e72

SHA256
584e4b54b9f3e85a9a70bdd97c70dcd75fa91466335e9c35b916f9a1f2c606ef

SHA512
28e2aade035d67d6424b4023b0e1c917fb4f82a1311ae851e627b8b8ccd34b419ef25529d4a830f1cd78cbd6400a6684c643a549b011c06c094e7f1771e14d7e

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\BlueStacksInstaller.exe.config

Filesize
392B

MD5
ca0a329097316832e4a6ea5d870c9268

SHA1
4a36b93361d3dc9df9b00313f2c2b394be9e1e72

SHA256
4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2

SHA512
51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\CommonInstallUtils.zip

Filesize
6.9MB

MD5
e0b7014aabc475d54d8b60dab11bd057

SHA1
c95b3cbbc7261ff62317201b80900c56e35f1654

SHA256
2eeb28f46e0823b87ce7f52e3389d89eb10206dc20155da313f1658e38fad5b8

SHA512
b3b2006969adedc9897d9ea18c81867082c902e73c868c4d0569483390b3cfc33dad10224c2ccd14ff3215e55a3fae6c8a78a472586d70ca57176fc8d2cf0358

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-Common.dll

Filesize
1.3MB

MD5
800008c4df68e1a96b045b83d117039c

SHA1
414fd52b6de0af830f00ed8ded6c0ee714d47a72

SHA256
fea90679ba2ba3659e80a8b568a8909e18ceacb207de81112ebc52a59e3fbbaf

SHA512
ca8a51e4f07b16ab36e2bcdfda85e90b8ea4b85543ba03e13934959f5cfe59c5de39398bc47eef79dcde8a835fa4614e3dc52733862d59d439345fee853bcea5

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-ForceGPU.exe

Filesize
152KB

MD5
9adcad57be2aaf64ec94b836a80ee655

SHA1
056c0206cef3fc209d5431bb5a7e8adfaa4b49da

SHA256
4f163c738aedf878804c04fce6b52d7881453a6519486eb6d97f4c2c89e815b7

SHA512
d8515e7b17a80f2c1e22835c06ca7d73b371faa2b9c222a66ef7c3b705a755ff425e6b4e39d563d129acb1694990231d7c9ff9fde2b0d65823dcfba22c54abd3

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-GLCheck.exe

Filesize
563KB

MD5
849473144c707b3116cd4c7f429a1d6c

SHA1
2e31828aec90ac5fed12ba0ae581a363a691e9b2

SHA256
44d999b81fe8d4fd5475032a250a53d08ef9cdebdf0fc2ccbc4c88b5cafbd9df

SHA512
86ca7ab4625ca1530d8df8d28235b5add79b0785ffd6d93f74cb3eb86b572f750919bdb3fd388cfb12dafabecf65a3af71373d148aa15ba73974beccb8b508f9

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\HD-Opengl-Native.dll

Filesize
3.0MB

MD5
ba5cae5bb4ac97de4cc57cefe8fb8707

SHA1
5b14834378098f3b09a18cfb07de47f8de360f11

SHA256
990e13e54f10192c230d0a2ff93687cbc5a9a082b345a10b6ee01b9a47611618

SHA512
da1a070c581a30e19a5ebb33afb72924ae719dacec10fe69303c16c6149ad5263b7e9ba5e25e989efa4dd6f2697ed767d48436df00e044765966e5fad4abdf81

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Locales\i18n.en-US.txt

Filesize
114KB

MD5
530a8d41e89a424c608d4b948ae34bd9

SHA1
0f2c1f22d22862409e21b5b3996926590a0d845f

SHA256
335261e4e04801a6cb94c4da8d5c4311d4962961186dda34c81437013d961031

SHA512
a238820c3aacf1ed4eb70e76d42e0caddc626d189a2b2e9d4d372b3893bacccfabb24d9a83ff8791f69a26af3cdfda5735d06515ed5e835af87d5116f3ab70be

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Newtonsoft.Json.dll

Filesize
493KB

MD5
1c1e280e40eecdd09681ccc0d07fe0a1

SHA1
fd32a4e5ecbfb015273f027b0197fb33dc568d34

SHA256
c05fa233a1ca81aa761ea2a39fc9b49db347ecbc5bb915cc10bc9c10c1072ff9

SHA512
1094b4a3cbf3dadf6d1f042794851d861826c453656a4f8acbf1c75ef67ec80d4ae5bdc445ddfc4b6e2c53aa464b3f53abbdc70fa6fb2c9c775f9baf34572a78

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\Oem.cfg

Filesize
1KB

MD5
575f1be76c23ec0814d3f579901e3b31

SHA1
398ec04d01ae479587018e864c73d7c9769d7231

SHA256
a717670548e4a468f72fcb57d02826df95aebe02436bc7a5e6c1942ccc1f98f1

SHA512
26c1c4bdabf029978342a54cbffc5f16f1ea1c4d5307601e574d16468f26d8248d5246ea87306e64c5dc7915627ce34e8fc3b40b35fca8a0875db97bfd1d8f91

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\ThemeFile

Filesize
79KB

MD5
deedd201aa3668be46060f66bf073d9d

SHA1
db44d2e4470e27c43c3a665a18938fc29d3de127

SHA256
45068c53fe65613102925fa2a544b0f180564d83239a4ef5294e01222ef7959b

SHA512
136da0f872bf13eb1ac9d7c7b04ec15f0fe8bbd8f071183378e85eaf07bb786f35513d2b23041f9b4d3292fa0dd6a5b83cd9d280aa92b07760d411e4d8d38187

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\d3dcompiler_47.dll

Filesize
4.0MB

MD5
898b3b792574a266c0f60a87244deac5

SHA1
af5f4d815d21f2272ce64a7b414086a6e7eb599a

SHA256
6bf1b5cd6cf5316493a2419ea7ecff44de39c71f226cb1b0dbe18e940f3bc988

SHA512
e1ae86e56a1e6f7d0b00d33667e01afea6b1a65013f9247a2a48ed118a31ed01ab1c51881c246378bcd58e6584143d7b81806783cef96c6251a23ca4049cecfb

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\libEGL_translator.dll

Filesize
3.0MB

MD5
e6c4dcb2940e7d7bfa0db6d53b409174

SHA1
e6ad5afa188c7bb9f1eccceea2155bd2854f9ca6

SHA256
4469f84a13145b11b19ca73070bc8005bf34c63566716af72e93af6bd6ae956d

SHA512
43bbe0208280b594fc0f817fd4347d2d2b65053d3740e744fcc9fe9c36641bd4f1716597914b65916d534dd66869143d132afc4f99e5a5b4e992b536ff390577

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\libGLES_V2_translator.dll

Filesize
4.6MB

MD5
896f4c01408aecbea9f11128b9bc6322

SHA1
886c747127108c813bf28b642aac23df1b8903ec

SHA256
dff9a7d8ba4cbe44dce3e0fb1ba749cc5c90457bcb6af690e544f8514dd4d32f

SHA512
7dfb1a192ad2469e977e1b1512e1a744ef1250eb9473925b48b841cf01c556e36cb2b21706fd9d9ba62add18b0b3f4dbdc5955c9b7bf687a2e9aa3237003d452

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\libGLESv2.dll

Filesize
4.0MB

MD5
c9c69793844aeb22784321c3458b33dd

SHA1
8d900d6238c61b129db9288a71464c54295bff77

SHA256
7fe01a2b5c197c4604f37dcaef9cb5136b3a2e05cdec60ba06e3d664c58bf1c8

SHA512
35a3cf14c7c4942073b12e903709410fbb12cb65a160dabd1a14e1641b78c3ed144e5b2d159e2f73a9ef6820f16ba476540bc6689d16cd381f4c0b665d2c5e92

Download Submit
C:\Users\Admin\Downloads\ADYO x SIRIUS\libOpenglRender.dll

Filesize
2.7MB

MD5
65a2148466dda33901a97784583974ac

SHA1
c982e109cbfa70230af0d4b2086c80ddc8881b13

SHA256
bea1ae50997b1f57241db792c8261ca62e2c2a6c4ac2997e05a6106e30ce8482

SHA512
6bca866da6c5f2765824146ff55d9ada92368ed1bdf57831484a47b72d51d1edd2847ace9e5fb1c5c62ed11e6b095ae9bddc6f163e98ad10e69ecc78fd5f5f64

Download Submit
\Users\Admin\Downloads\ADYO x SIRIUS\libEGL.dll

Filesize
402KB

MD5
948eb249b23a9487d15fab236e4a2805

SHA1
ab7db3e961f007b5b242ce01f8183e197c78a571

SHA256
78dbd96e1b2b105030fb50457c1d720d1373558428c980960b4e3b88105ed2af

SHA512
1510001a8c4e3875dff0b16a77028b35d9c3491c7b52046c0094253165266246d7531c538023a99d57999b41f228175423220acaed9fab1c1857b067c1577782

Download Submit
\Users\Admin\Downloads\ADYO x SIRIUS\libGLES_CM_translator.dll

Filesize
3.0MB

MD5
3cf2c9cc81226dabb5deeded052c0472

SHA1
0d5e4494f4343bbbdb467921ceafc7c434872850

SHA256
238cf363d66265110ded12ed0dd3e94109dc8b4bf082833a22db4c55bc1e3042

SHA512
d8606fad32ae44ba97c93eb89a19be84528faf7cc4f5579e642ba59bc3cd57d5d2c024edf6c01f098dea62920671c49808e2014d58166929cf1b3fbf5d51ccfe

Download Submit
memory/316-7684-0x0000000000C60000-0x0000000000C86000-memory.dmp

Filesize
152KB

Download
memory/520-7756-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/1044-7752-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/1072-7751-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/1460-7667-0x0000000000470000-0x00000000004DE000-memory.dmp

Filesize
440KB

Download
memory/1460-7670-0x000000001C870000-0x000000001C8F0000-memory.dmp

Filesize
512KB

Download
memory/1460-7669-0x000000001B470000-0x000000001B4BC000-memory.dmp

Filesize
304KB

Download
memory/1460-7668-0x00000000025F0000-0x000000000260C000-memory.dmp

Filesize
112KB

Download
memory/1464-7802-0x000000001DEB0000-0x000000001E0A7000-memory.dmp

Filesize
2.0MB

Download
memory/2164-7660-0x0000000000790000-0x000000000079A000-memory.dmp

Filesize
40KB

Download
memory/2652-488-0x0000000021CD0000-0x0000000021D08000-memory.dmp

Filesize
224KB

Download
memory/2652-498-0x0000000022120000-0x0000000022142000-memory.dmp

Filesize
136KB

Download
memory/2652-490-0x0000000021FD0000-0x0000000022050000-memory.dmp

Filesize
512KB

Download
memory/2652-496-0x0000000025440000-0x0000000025966000-memory.dmp

Filesize
5.1MB

Download
memory/2652-497-0x0000000021E20000-0x0000000021E28000-memory.dmp

Filesize
32KB

Download
memory/2652-487-0x00000000208F0000-0x00000000208F8000-memory.dmp

Filesize
32KB

Download
memory/2652-471-0x0000000000430000-0x0000000000482000-memory.dmp

Filesize
328KB

Download
memory/2652-473-0x000000001B3A0000-0x000000001B4FA000-memory.dmp

Filesize
1.4MB

Download
memory/2728-7812-0x0000000024030000-0x000000002A0DF000-memory.dmp

Filesize
96.7MB

Download
memory/2728-7813-0x0000000024030000-0x000000002A0DF000-memory.dmp

Filesize
96.7MB

Download
memory/2728-7816-0x0000000024030000-0x000000002A0DF000-memory.dmp

Filesize
96.7MB

Download
memory/2728-7818-0x0000000024030000-0x000000002A0DF000-memory.dmp

Filesize
96.7MB

Download
memory/2728-7819-0x0000000024030000-0x000000002A0DF000-memory.dmp

Filesize
96.7MB

Download
memory/2728-7820-0x0000000024030000-0x000000002A0DF000-memory.dmp

Filesize
96.7MB

Download
memory/2796-7674-0x0000000000D60000-0x0000000000D9E000-memory.dmp

Filesize
248KB

Download
memory/2904-7750-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/3364-7739-0x0000000067D80000-0x0000000067E8A000-memory.dmp

Filesize
1.0MB

Download
memory/3516-7745-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/3696-7747-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/3724-7696-0x000000001ED40000-0x000000001ED56000-memory.dmp

Filesize
88KB

Download
memory/3724-7700-0x0000000023980000-0x0000000023988000-memory.dmp

Filesize
32KB

Download
memory/3724-7743-0x0000000024090000-0x000000002A13F000-memory.dmp

Filesize
96.7MB

Download
memory/3724-7692-0x0000000000F00000-0x0000000001110000-memory.dmp

Filesize
2.1MB

Download
memory/3724-7792-0x0000000024090000-0x000000002A13F000-memory.dmp

Filesize
96.7MB

Download
memory/3724-7716-0x0000000024090000-0x000000002A13F000-memory.dmp

Filesize
96.7MB

Download
memory/3724-7693-0x000000001C2D0000-0x000000001C386000-memory.dmp

Filesize
728KB

Download
memory/3724-7699-0x000000002BAC0000-0x000000002BAD2000-memory.dmp

Filesize
72KB

Download
memory/4280-7755-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/4524-7671-0x0000000000FD0000-0x000000000101A000-memory.dmp

Filesize
296KB

Download
memory/4584-7748-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/4912-7788-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/4916-7754-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/4948-7744-0x0000000000400000-0x0000000000F3E000-memory.dmp

Filesize
11.2MB

Download
memory/5036-7705-0x0000000067D80000-0x0000000067E8A000-memory.dmp

Filesize
1.0MB

Download
memory/5036-7706-0x000000001E170000-0x000000001E20D000-memory.dmp

Filesize
628KB

Download