5fb4ba1a651bae8057ec6b5cdafc93fa7e0b7d944d6f02a4b751de4e15464def

Resubmissions

18/08/2024, 22:31

240818-2fh8xsybpf 8

18/08/2024, 22:12

240818-14m2caxela 9

Analysis

max time kernel
431s
max time network
433s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
18/08/2024, 22:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Text File.txt
Size

5B
MD5

c2850ea37e0976bbb2ecc89f3a1895da
SHA1

607a036b350db1d65291d2520ec0a0d22630eb5c
SHA256

5fb4ba1a651bae8057ec6b5cdafc93fa7e0b7d944d6f02a4b751de4e15464def
SHA512

a3c014ca3190b6d4425654b1988ab950491e75358977c604b612c320f55b4a2978e361d0441250cfb6b8e4ec7450150fd38a83ffa3dedfa822dde84dd7c4989a

Score

9^/10

credential_access defense_evasion discovery evasion execution persistence privilege_escalation stealer upx

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 8 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
7040	netsh.exe
5304	netsh.exe
4144	netsh.exe
6240	netsh.exe
2000	netsh.exe
6500	netsh.exe
6180	netsh.exe
7632	netsh.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000600000002b44c-15299.dat	acprotect

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	BlueStacksServices.exe
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	BlueStacksServices.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 35 IoCs

pid	Process
4308	BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
5580	BlueStacksInstaller.exe
5680	HD-CheckCpu.exe
5772	HD-CheckCpu.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
7968	BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
6896	Bootstrapper.exe
6976	BlueStacksInstaller.exe
6972	7zr.exe
7344	7zr.exe
4744	HD-ForceGPU.exe
948	HD-GLCheck.exe
3908	HD-GLCheck.exe
6088	HD-GLCheck.exe
7648	HD-GLCheck.exe
3360	BlueStacksServicesSetup.exe
7688	HD-GLCheck.exe
7872	HD-GLCheck.exe
8108	HD-CheckCpu.exe
8128	7zr.exe
2124	HD-GLCheck.exe
5976	HD-GLCheck.exe
7280	HD-GLCheck.exe
2180	7zr.exe
1248	BlueStacksServices.exe
5084	BlueStacksServices.exe
7900	BlueStacksServices.exe
7040	BlueStacksServices.exe
5836	7zr.exe
7264	7zr.exe
5164	HD-CheckCpu.exe
4552	7zr.exe
7012	BlueStacksServices.exe
4520	MEGAsyncSetup64.exe
6924	MEGAsync.exe

Loads dropped DLL 64 IoCs

pid	Process
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe

UPX packed file 38 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4520-15296-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/files/0x000600000002b44c-15299.dat	upx
behavioral1/memory/4520-15300-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15316-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15331-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15353-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15389-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15383-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15400-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15409-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15428-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15414-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15438-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15443-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15479-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15487-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15512-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15518-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15534-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15540-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15543-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15549-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15554-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15559-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15590-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15607-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15601-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15598-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15627-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15625-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15634-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15643-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15666-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15688-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15696-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-15708-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-16361-0x0000000073850000-0x000000007385B000-memory.dmp	upx
behavioral1/memory/4520-16374-0x0000000073850000-0x000000007385B000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\storage.json	BlueStacksServices.exe
File opened for modification	C:\Windows\system32\storage.json	BlueStacksServices.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

discovery

Process Discovery

T1057

pid	Process
5752	tasklist.exe
7596	tasklist.exe
4408	tasklist.exe
4624	tasklist.exe
5284	tasklist.exe
2704	tasklist.exe
3764	tasklist.exe
5036	tasklist.exe
1312	tasklist.exe
372	tasklist.exe
7376	tasklist.exe
7764	tasklist.exe
6732	tasklist.exe
6456	tasklist.exe
8168	tasklist.exe
7240	tasklist.exe
3180	tasklist.exe
5684	tasklist.exe
4144	tasklist.exe
6620	tasklist.exe
5868	tasklist.exe
1932	tasklist.exe
5544	tasklist.exe
5908	tasklist.exe
6808	tasklist.exe
5660	tasklist.exe
6032	tasklist.exe
7332	tasklist.exe
4420	tasklist.exe
5756	tasklist.exe
6872	tasklist.exe
5188	tasklist.exe
6220	tasklist.exe
6676	tasklist.exe
7012	tasklist.exe
5452	tasklist.exe
1000	tasklist.exe
7200	tasklist.exe
4860	tasklist.exe
7272	tasklist.exe
4904	tasklist.exe
6568	tasklist.exe
5324	tasklist.exe
6368	tasklist.exe
6532	tasklist.exe
8080	tasklist.exe
6768	tasklist.exe
820	tasklist.exe
2152	tasklist.exe
5564	tasklist.exe
6404	tasklist.exe
3956	tasklist.exe
6972	tasklist.exe
5040	tasklist.exe
1776	tasklist.exe
8132	tasklist.exe
4172	tasklist.exe
5312	tasklist.exe
6180	tasklist.exe
5968	tasklist.exe
7868	tasklist.exe
2824	tasklist.exe
7460	tasklist.exe
7512	tasklist.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qt_he.qm	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libpostproc_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qt_pt_BR.qm	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\misc\libfingerprinter_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\config.json	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Search\GooglePlay.svg	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\multimedia\windowsmediaplugin.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\resources	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libgaussianblur_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hu.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\librv32_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Controls	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\el.pak	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libhds_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\settings\remove_pressed.svg	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\Assets\close_red_hover.png	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Tutorial\InstantPlay	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\LocalAPK\icon_error.svg	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Qt5Compat\GraphicalEffects\private\qtgraphicaleffectsprivateplugin.dll	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Marketplace_on.svg	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\misc\liblogger_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\SideBar	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\Qt6Qml.dll	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\access\libdvdread_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\Qt6Network.dll	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libedgedetection_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Optional.svg	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libchain_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\avutil-58.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Window\qmldir	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\tls\qschannelbackend.dll	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_mp4_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\HD-Player.exe	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\liboldmovie_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\BstkDD.dll	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\BstkVMM.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\web3	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\account\logo.svg	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\IconWarning2.svg	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\www\offline_cef.html	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-private-l1-1-0.dll	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libmono_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\codec\liblpcm_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libi420_yuy2_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\booting_bg.png	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\browser_loading.gif	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\position\qtposition_positionpoll.dll	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bg.pak	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\HD-MultiInstanceManager.exe	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\Newtonsoft.Json.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\AndroidGame_on.svg	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\msvcp140_1.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\account\frame.svg	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\muti_on.svg	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\access\libfilesystem_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libaribcam_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Assets\installer_flash_background.jpg	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Window	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Gallery\next_enable.svg	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Guide\BG.png	BSX-Setup-5.21.510.1003_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\access\libvdr_plugin.dll	BSX-Setup-5.21.510.1003_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\vccorlib140.dll	BSX-Setup-5.21.510.1003_nxt.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
7892	sc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MEGAsyncSetup64.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 24 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 23 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEGAsyncSetup64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BSX-Setup-5.21.510.1003_nxt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksServicesSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe

Checks processor information in registry 2 TTPs 23 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacksInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacksInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
6272	taskkill.exe
7852	taskkill.exe

Modifies registry class 56 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MEGA (Context menu)	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\	BSX-Setup-5.21.510.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}\InprocServer32\ = "C:\\ProgramData\\MEGAsync\\ShellExtX64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\MEGA (Context menu)	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890635}\ = "\x01 MEGA (NotFound)"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890635}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	BSX-Setup-5.21.510.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}\InprocServer32\ = "C:\\ProgramData\\MEGAsync\\ShellExtX64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon	BSX-Setup-5.21.510.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}\InprocServer32\ = "C:\\ProgramData\\MEGAsync\\ShellExtX64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}\ = "\x01 MEGA (Syncing)"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX	BSX-Setup-5.21.510.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\""	BSX-Setup-5.21.510.1003_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\bstsrvs\shell\open	BlueStacksServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}\ = "\x01 MEGA (Pending)"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890635}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open	BSX-Setup-5.21.510.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MEGA (Context menu)\ = "{0229E5E7-09E9-45CF-9228-0228EC7D5F17}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}\InprocServer32\ = "C:\\ProgramData\\MEGAsync\\ShellExtX64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890635}\InprocServer32\ = "C:\\ProgramData\\MEGAsync\\ShellExtX64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler"	BSX-Setup-5.21.510.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}\ = "MEGA (Context menu)"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890635}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell	BSX-Setup-5.21.510.1003_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\bstsrvs\shell	BlueStacksServices.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\MEGA (Context menu)	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\MEGA (Context menu)\ = "{0229E5E7-09E9-45CF-9228-0228EC7D5F17}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\MEGA (Context menu)	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}\ = "\x01 MEGA (Synced)"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol	BSX-Setup-5.21.510.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0"	BSX-Setup-5.21.510.1003_nxt.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\MEGA (Context menu)\ = "{0229E5E7-09E9-45CF-9228-0228EC7D5F17}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\	BSX-Setup-5.21.510.1003_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command	BSX-Setup-5.21.510.1003_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\MEGA (Context menu)\ = "{0229E5E7-09E9-45CF-9228-0228EC7D5F17}"	regsvr32.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MEGAsyncSetup64.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
6924	MEGAsync.exe
6924	MEGAsync.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
5580	BlueStacksInstaller.exe
5580	BlueStacksInstaller.exe
5580	BlueStacksInstaller.exe
5580	BlueStacksInstaller.exe
5580	BlueStacksInstaller.exe
5580	BlueStacksInstaller.exe
5580	BlueStacksInstaller.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
5152	BSX-Setup-5.21.510.1003_nxt.exe
6896	Bootstrapper.exe
6896	Bootstrapper.exe
6896	Bootstrapper.exe
6896	Bootstrapper.exe
6896	Bootstrapper.exe
6896	Bootstrapper.exe
6896	Bootstrapper.exe
6896	Bootstrapper.exe
6976	BlueStacksInstaller.exe
6976	BlueStacksInstaller.exe
6976	BlueStacksInstaller.exe
6976	BlueStacksInstaller.exe
6976	BlueStacksInstaller.exe
6976	BlueStacksInstaller.exe
6976	BlueStacksInstaller.exe
6976	BlueStacksInstaller.exe
3360	BlueStacksServicesSetup.exe
3360	BlueStacksServicesSetup.exe
7812	tasklist.exe
7812	tasklist.exe
7012	BlueStacksServices.exe
7012	BlueStacksServices.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6924	MEGAsync.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
628	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	5580	BlueStacksInstaller.exe
Token: SeSecurityPrivilege	5152	BSX-Setup-5.21.510.1003_nxt.exe
Token: SeDebugPrivilege	5152	BSX-Setup-5.21.510.1003_nxt.exe
Token: SeDebugPrivilege	5152	BSX-Setup-5.21.510.1003_nxt.exe
Token: SeDebugPrivilege	5152	BSX-Setup-5.21.510.1003_nxt.exe
Token: SeDebugPrivilege	5152	BSX-Setup-5.21.510.1003_nxt.exe
Token: SeDebugPrivilege	5152	BSX-Setup-5.21.510.1003_nxt.exe
Token: SeDebugPrivilege	5152	BSX-Setup-5.21.510.1003_nxt.exe
Token: SeDebugPrivilege	5152	BSX-Setup-5.21.510.1003_nxt.exe
Token: SeDebugPrivilege	6896	Bootstrapper.exe
Token: SeDebugPrivilege	6976	BlueStacksInstaller.exe
Token: SeRestorePrivilege	6972	7zr.exe
Token: 35	6972	7zr.exe
Token: SeSecurityPrivilege	6972	7zr.exe
Token: SeSecurityPrivilege	6972	7zr.exe
Token: SeRestorePrivilege	7344	7zr.exe
Token: 35	7344	7zr.exe
Token: SeSecurityPrivilege	7344	7zr.exe
Token: SeSecurityPrivilege	7344	7zr.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	7812	tasklist.exe
Token: SeSecurityPrivilege	3360	BlueStacksServicesSetup.exe
Token: SeRestorePrivilege	8128	7zr.exe
Token: 35	8128	7zr.exe
Token: SeSecurityPrivilege	8128	7zr.exe
Token: SeSecurityPrivilege	8128	7zr.exe
Token: SeRestorePrivilege	2180	7zr.exe
Token: 35	2180	7zr.exe
Token: SeSecurityPrivilege	2180	7zr.exe
Token: SeSecurityPrivilege	2180	7zr.exe
Token: SeShutdownPrivilege	1248	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	1248	BlueStacksServices.exe
Token: SeDebugPrivilege	3368	tasklist.exe
Token: SeShutdownPrivilege	1248	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	1248	BlueStacksServices.exe
Token: SeDebugPrivilege	3516	tasklist.exe
Token: SeDebugPrivilege	6032	tasklist.exe
Token: SeDebugPrivilege	5280	tasklist.exe
Token: SeShutdownPrivilege	1248	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	1248	BlueStacksServices.exe
Token: SeRestorePrivilege	5836	7zr.exe
Token: 35	5836	7zr.exe
Token: SeSecurityPrivilege	5836	7zr.exe
Token: SeSecurityPrivilege	5836	7zr.exe
Token: SeShutdownPrivilege	1248	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	1248	BlueStacksServices.exe
Token: SeRestorePrivilege	7264	7zr.exe
Token: 35	7264	7zr.exe
Token: SeSecurityPrivilege	7264	7zr.exe
Token: SeSecurityPrivilege	7264	7zr.exe
Token: SeShutdownPrivilege	1248	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	1248	BlueStacksServices.exe
Token: SeShutdownPrivilege	1248	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	1248	BlueStacksServices.exe
Token: SeShutdownPrivilege	1248	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	1248	BlueStacksServices.exe
Token: SeDebugPrivilege	5908	tasklist.exe
Token: SeDebugPrivilege	7012	tasklist.exe
Token: SeShutdownPrivilege	1248	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	1248	BlueStacksServices.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
5292	firefox.exe
5292	firefox.exe
5292	firefox.exe
5292	firefox.exe
5292	firefox.exe
748	firefox.exe
748	firefox.exe
748	firefox.exe
748	firefox.exe
748	firefox.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
5292	firefox.exe
5292	firefox.exe
5292	firefox.exe
5292	firefox.exe
748	firefox.exe
748	firefox.exe
748	firefox.exe
748	firefox.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
7688	HD-GLCheck.exe
5976	HD-GLCheck.exe
5292	firefox.exe
748	firefox.exe
748	firefox.exe
748	firefox.exe
748	firefox.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe
6924	MEGAsync.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 5000 wrote to memory of 3676	5000	firefox.exe	75
PID 3676 wrote to memory of 824	3676	firefox.exe	76
PID 3676 wrote to memory of 824	3676	firefox.exe	76
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2168	3676	firefox.exe	77
PID 3676 wrote to memory of 2968	3676	firefox.exe	78
PID 3676 wrote to memory of 2968	3676	firefox.exe	78
PID 3676 wrote to memory of 2968	3676	firefox.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Text File.txt"
1⤵
PID:3152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.0.1022924251\1886666140" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2effdd06-e447-4238-9e32-92a833665569} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 1792 15a8a80ab58 gpu
    3⤵
    PID:824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.1.1355368791\2079071155" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a0a9af-8eed-4c6f-a613-69b97d1457b0} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 2148 15affdf9858 socket
    3⤵
    - Checks processor information in registry
    PID:2168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.2.1896464248\37831412" -childID 1 -isForBrowser -prefsHandle 2672 -prefMapHandle 2944 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1991a1b2-29d2-42de-bc1e-559f3eaccfaf} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 3056 15affe63858 tab
    3⤵
    PID:2968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.3.1920531056\522977851" -childID 2 -isForBrowser -prefsHandle 1056 -prefMapHandle 1052 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bb26cfe-0986-4659-84a5-10650845ec97} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 3432 15a8beca858 tab
    3⤵
    PID:5092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.4.1796683444\972940175" -childID 3 -isForBrowser -prefsHandle 4124 -prefMapHandle 4120 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47e082da-4887-416c-98f3-74084ac67445} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 4136 15a8ef77858 tab
    3⤵
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.5.786731908\917968817" -childID 4 -isForBrowser -prefsHandle 4796 -prefMapHandle 4816 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33973ce1-c667-4cca-ab70-4f0a25e4aebe} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 4836 15a8fe3e258 tab
    3⤵
    PID:2836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.6.1877525808\432440979" -childID 5 -isForBrowser -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ebe0886-ba2c-4508-8dcf-580139cb3e00} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 4976 15a8fe3eb58 tab
    3⤵
    PID:3092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.7.847201486\1921098444" -childID 6 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bc602c7-6da1-4c04-a32b-1015a3f21156} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 5164 15a9037f058 tab
    3⤵
    PID:4172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.8.734449087\1839511046" -childID 7 -isForBrowser -prefsHandle 5744 -prefMapHandle 5720 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ef9637a-e0d3-4170-b6af-02ba16c05cbe} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 5736 15a8f6e7b58 tab
    3⤵
    PID:2012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.9.1273966097\1900969163" -childID 8 -isForBrowser -prefsHandle 4868 -prefMapHandle 5148 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5299e3a3-556a-400e-892b-2bdf4067a6f3} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 3972 15a92150a58 tab
    3⤵
    PID:3952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.10.574555258\2107070886" -childID 9 -isForBrowser -prefsHandle 5156 -prefMapHandle 5152 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c72823af-d7a7-4e35-bc19-ed1c9d3cfed3} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 3216 15a8f5fbb58 tab
    3⤵
    PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.11.1803870393\1966190284" -childID 10 -isForBrowser -prefsHandle 5596 -prefMapHandle 5348 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {941e0c37-4615-4452-974f-cae68a9f6ccc} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 5556 15a91e06258 tab
    3⤵
    PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.12.1907644970\1287709845" -childID 11 -isForBrowser -prefsHandle 9692 -prefMapHandle 5264 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1eb3230d-d906-4d38-adab-034016790c5a} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 9488 15a92aca058 tab
    3⤵
    PID:4008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.13.783183352\582044028" -childID 12 -isForBrowser -prefsHandle 9304 -prefMapHandle 9300 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2517a7ce-f957-41a2-9a6e-be105d0422a4} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 9312 15a92d7b258 tab
    3⤵
    PID:2200
- - C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
    "C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\BlueStacksInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\BlueStacksInstaller.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\HD-CheckCpu.exe" --cmd checkHypervEnabled
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\HD-CheckCpu.exe" --cmd checkSSE4
        5⤵
        Executes dropped EXE
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.510.1003_nxt.exe
        
        "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.510.1003_nxt.exe" -s
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5152
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7552
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c green.bat
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7584
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="BlueStacksWeb"
        8⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:7632
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="Cloud Game"
        8⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:7040
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
        8⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:5304
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
        8⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe
        
        "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe" -versionMachineID=1440417a-64f4-4920-9673-20595657c1ee -machineID=ddca22f3-d74c-4727-81f4-cb527d7962e8 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Nougat32 -imageToLaunch=Nougat32 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.510.1006 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\Bootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\Bootstrapper.exe" -versionMachineID=1440417a-64f4-4920-9673-20595657c1ee -machineID=ddca22f3-d74c-4727-81f4-cb527d7962e8 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Nougat32 -imageToLaunch=Nougat32 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.510.1006 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\BlueStacksInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\BlueStacksInstaller.exe" -versionMachineID="1440417a-64f4-4920-9673-20595657c1ee" -machineID="ddca22f3-d74c-4727-81f4-cb527d7962e8" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Nougat32" -imageToLaunch="Nougat32" -appToLaunch="bsx" -bsxVersion="10.41.510.1006" -country="GB" -skipBinaryShortcuts -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe" -md5=13ad5962a1b5a19229078dc63ce5b819 -app64=
        7⤵
        Executes dropped EXE
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\" -aoa
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\" -aoa
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-ForceGPU.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"
        8⤵
        Executes dropped EXE
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe" 1 2
        8⤵
        Executes dropped EXE
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe" 4 2
        8⤵
        Executes dropped EXE
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe" 2 2
        8⤵
        Executes dropped EXE
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe" 1 1
        8⤵
        Executes dropped EXE
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe" 4 1
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe" 2 1
        8⤵
        Executes dropped EXE
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-CheckCpu.exe" --cmd checkSSE4
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        8⤵
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\\HD-GLCheck.exe" 2
        8⤵
        Executes dropped EXE
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\\HD-GLCheck.exe" 3
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\\HD-GLCheck.exe" 1
        8⤵
        Executes dropped EXE
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        8⤵
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe" x "C:\ProgramData\Nougat32_5.21.510.1003.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Nougat32" -aoa
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:7264
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
        8⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:6240
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes
        8⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:2000
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"
        8⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:6500
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes
        8⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\HD-CheckCpu.exe" --cmd checkSSE3
        8⤵
        Executes dropped EXE
        
        PID:5164
        
        C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"
        8⤵
        
        PID:7852
        
        C:\Windows\system32\sc.exe
        
        sc.exe delete BlueStacksDrv_nxt
        9⤵
        Launches sc.exe
        
        PID:7892
        
        C:\Windows\SYSTEM32\reg.exe
        
        "reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\agynfjil.h1a\RegHKLM.txt"
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\agynfjil.h1a\*"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.14.1789616904\2111950995" -childID 13 -isForBrowser -prefsHandle 8556 -prefMapHandle 3932 -prefsLen 27508 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b9b6be3-fd70-4d49-8077-11b5ad817f17} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 9548 15a92790858 tab
    3⤵
    PID:6308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.15.1198205253\1041974037" -childID 14 -isForBrowser -prefsHandle 5524 -prefMapHandle 9656 -prefsLen 27508 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e626ddd-7d20-4380-888e-8e9951cba0a6} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 3216 15a928d7258 tab
    3⤵
    PID:7992

C:\ProgramData\BlueStacksServicesSetup.exe
"C:\ProgramData\BlueStacksServicesSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3360
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7796
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:7812
- - C:\Windows\SysWOW64\find.exe
    find "BlueStacksServices.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7824

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch
1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1248
- C:\Windows\system32\cscript.exe
  cscript.exe
  2⤵
  PID:7764
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1460 --field-trial-handle=1596,i,11834236953068985218,4038977924759216600,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:5156
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1864 --field-trial-handle=1596,i,11834236953068985218,4038977924759216600,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:7900
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:596
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:6624
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:6528
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:6696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6500
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8188
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3368
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2524 --field-trial-handle=1596,i,11834236953068985218,4038977924759216600,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:7040
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:7088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2124
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:6032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7872
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5280
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:1600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6688
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:5908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6456
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:7012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7240
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5960
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6036
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:1312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5852
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8180
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4724
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5888
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5840
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6824
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6580
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7472
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5732
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5284
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7636
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5748
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5192
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5172
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3176
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8188
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3908
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5672
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5752
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4784
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4228
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5304
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:984
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6404
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3536
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3864
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7444
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5844
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6320
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:196
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7960
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5636
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5552
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:64
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6664
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6160
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5516
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7160
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7500
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5684
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2768 --field-trial-handle=1596,i,11834236953068985218,4038977924759216600,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:7012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1644
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6812
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7112
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5552
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7376
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:2136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7036
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8088
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8052
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:1000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6528
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6892
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5384
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6552
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:1932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7836
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5164
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8068
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7860
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2544
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3380
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2208
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4052
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2620
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6024
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1300
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6036
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7036
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:2756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6284
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:1776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3196
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3528
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:400
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4728
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:920
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1952
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6976
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:2152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7572
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5260
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4812
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7776
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7284
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1848
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6280
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7264
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2852
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7864
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:376
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6448
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6124
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7620
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:1536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5144
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6720
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3152
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6460
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7096
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6244
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2756
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1776
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8052
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7528
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6424
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4740
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5456
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7308
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:980
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2232
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5292.0.1573827427\1239711629" -parentBuildID 20221007134813 -prefsHandle 1596 -prefMapHandle 1588 -prefsLen 21560 -prefMapSize 233863 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48553b87-f8b0-403a-ad48-ec0eff27b742} 5292 "\\.\pipe\gecko-crash-server-pipe.5292" 1680 1e156f06b58 gpu
    3⤵
    PID:5280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5292.1.1215802991\144657223" -parentBuildID 20221007134813 -prefsHandle 1976 -prefMapHandle 1972 -prefsLen 21605 -prefMapSize 233863 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {946e8737-2207-46d9-b90d-ba24ef02f367} 5292 "\\.\pipe\gecko-crash-server-pipe.5292" 1988 1e144cd9158 socket
    3⤵
    - Checks processor information in registry
    PID:5192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5292.2.1425536489\1099985065" -childID 1 -isForBrowser -prefsHandle 2684 -prefMapHandle 2680 -prefsLen 22066 -prefMapSize 233863 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6da3a92-c7d6-41cf-a052-f9c1112d508d} 5292 "\\.\pipe\gecko-crash-server-pipe.5292" 2696 1e15aa66a58 tab
    3⤵
    PID:6240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5292.3.1499671242\1045041881" -childID 2 -isForBrowser -prefsHandle 3296 -prefMapHandle 3292 -prefsLen 27244 -prefMapSize 233863 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f37ef3d-2e7f-4860-abae-b8c39cd3c981} 5292 "\\.\pipe\gecko-crash-server-pipe.5292" 3284 1e15bba4a58 tab
    3⤵
    PID:8032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5292.4.847614720\124405217" -childID 3 -isForBrowser -prefsHandle 3932 -prefMapHandle 4092 -prefsLen 27244 -prefMapSize 233863 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7bd5883-184a-41ef-9527-0eeb4f695a4d} 5292 "\\.\pipe\gecko-crash-server-pipe.5292" 3908 1e15ccf9558 tab
    3⤵
    PID:6992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5292.5.481626531\1489575448" -childID 4 -isForBrowser -prefsHandle 4668 -prefMapHandle 4664 -prefsLen 27244 -prefMapSize 233863 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5e98b31-9358-4c4c-8bf3-7cbc898e233b} 5292 "\\.\pipe\gecko-crash-server-pipe.5292" 4676 1e15d1a9b58 tab
    3⤵
    PID:7988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5292.6.2097154478\531501411" -childID 5 -isForBrowser -prefsHandle 4812 -prefMapHandle 4816 -prefsLen 27244 -prefMapSize 233863 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab517245-8cfb-4e23-877d-614d0b8fd52d} 5292 "\\.\pipe\gecko-crash-server-pipe.5292" 4804 1e15d1a6e58 tab
    3⤵
    PID:372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5292.7.1852093156\1745297355" -childID 6 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 27244 -prefMapSize 233863 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef1c72a8-604f-46e7-93ed-9d184f4b1944} 5292 "\\.\pipe\gecko-crash-server-pipe.5292" 4992 1e15d1a9258 tab
    3⤵
    PID:6580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5292.8.833920465\341526096" -childID 7 -isForBrowser -prefsHandle 5396 -prefMapHandle 5412 -prefsLen 27244 -prefMapSize 233863 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cd057b8-d91e-42fc-ad88-ec1230f4045c} 5292 "\\.\pipe\gecko-crash-server-pipe.5292" 5420 1e15f15e858 tab
    3⤵
    PID:6672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:404
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.0.965505263\744904352" -parentBuildID 20221007134813 -prefsHandle 1604 -prefMapHandle 1580 -prefsLen 21569 -prefMapSize 233863 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5612d446-08b2-4541-ba39-f58f02975e34} 748 "\\.\pipe\gecko-crash-server-pipe.748" 1684 1b1d56fc958 gpu
    3⤵
    PID:7972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.1.2030823498\729868493" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 21614 -prefMapSize 233863 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe073980-4480-47a0-b3cf-7b69f4dcfde2} 748 "\\.\pipe\gecko-crash-server-pipe.748" 1992 1b1d5337f58 socket
    3⤵
    PID:6008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.2.421548378\1539884972" -childID 1 -isForBrowser -prefsHandle 2700 -prefMapHandle 2696 -prefsLen 22075 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db3bbc3f-25c1-4446-8bad-1522545e7f2a} 748 "\\.\pipe\gecko-crash-server-pipe.748" 2712 1b1d913cf58 tab
    3⤵
    PID:1616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.3.1907198937\1194444080" -childID 2 -isForBrowser -prefsHandle 3404 -prefMapHandle 3400 -prefsLen 27253 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffa5edb3-1eda-4a12-ac3b-e825b77419f9} 748 "\\.\pipe\gecko-crash-server-pipe.748" 3412 1b1c3362b58 tab
    3⤵
    PID:4772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.4.1469858835\614790382" -childID 3 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 27253 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4683cd8-30c7-4ac0-8478-25c4f3c310e8} 748 "\\.\pipe\gecko-crash-server-pipe.748" 4056 1b1db47bb58 tab
    3⤵
    PID:2220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.5.906362291\1272402331" -childID 4 -isForBrowser -prefsHandle 4540 -prefMapHandle 4536 -prefsLen 27253 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c30ad3de-9885-4c29-b1b4-6159a1710558} 748 "\\.\pipe\gecko-crash-server-pipe.748" 4496 1b1d964c758 tab
    3⤵
    PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.6.1959182562\932634803" -childID 5 -isForBrowser -prefsHandle 4652 -prefMapHandle 4656 -prefsLen 27253 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba8fac64-2b62-407e-ae24-0dcb3c9a38ea} 748 "\\.\pipe\gecko-crash-server-pipe.748" 4644 1b1db87f858 tab
    3⤵
    PID:1168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.7.752303880\2077878282" -childID 6 -isForBrowser -prefsHandle 4844 -prefMapHandle 4848 -prefsLen 27253 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe7c9e10-463c-43a6-8274-bf976556fd88} 748 "\\.\pipe\gecko-crash-server-pipe.748" 4836 1b1db880158 tab
    3⤵
    PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.8.911009773\749600781" -childID 7 -isForBrowser -prefsHandle 5448 -prefMapHandle 5068 -prefsLen 27253 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2744568e-da78-4c9d-9d1b-2b8fc3f9c590} 748 "\\.\pipe\gecko-crash-server-pipe.748" 5404 1b1ddbceb58 tab
    3⤵
    PID:5720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.9.2089439525\2088518908" -childID 8 -isForBrowser -prefsHandle 4272 -prefMapHandle 4220 -prefsLen 27253 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b03559ce-e54a-4121-b951-b0c631bf8ac8} 748 "\\.\pipe\gecko-crash-server-pipe.748" 5388 1b1dc956c58 tab
    3⤵
    PID:6808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.10.1064034923\1146545562" -childID 9 -isForBrowser -prefsHandle 5712 -prefMapHandle 9620 -prefsLen 27262 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {541cb264-5f7e-4eba-9e14-df3656f443c1} 748 "\\.\pipe\gecko-crash-server-pipe.748" 9660 1b1db882b58 tab
    3⤵
    PID:4972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.11.280890808\252471760" -childID 10 -isForBrowser -prefsHandle 4896 -prefMapHandle 4892 -prefsLen 27262 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {766c155f-cd63-4e2e-abfe-5fdc17dcf106} 748 "\\.\pipe\gecko-crash-server-pipe.748" 4888 1b1c3360758 tab
    3⤵
    PID:4280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="748.12.845357659\542706346" -childID 11 -isForBrowser -prefsHandle 1332 -prefMapHandle 4496 -prefsLen 27262 -prefMapSize 233863 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94c995ca-b631-459c-8629-e1a818af7494} 748 "\\.\pipe\gecko-crash-server-pipe.748" 3000 1b1debf6258 tab
    3⤵
    PID:2644
- - C:\Users\Admin\Downloads\MEGAsyncSetup64.exe
    "C:\Users\Admin\Downloads\MEGAsyncSetup64.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4520
  - - C:\Windows\SYSTEM32\taskkill.exe
      taskkill /f /IM MEGAsync.exe
      4⤵
      Kills process with taskkill
      PID:6272
  - - C:\Windows\SYSTEM32\taskkill.exe
      taskkill /f /IM explorer.exe
      4⤵
      Kills process with taskkill
      PID:7852
  - - C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\ProgramData\MEGAsync\ShellExtX64.dll"
      4⤵
      Modifies registry class
      PID:3360
  - - C:\Windows\explorer.exe
      explorer.exe
      4⤵
      Modifies registry class
      PID:4072
  - - C:\ProgramData\MEGAsync\MEGAsync.exe
      C:\ProgramData\MEGAsync\MEGAsync.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:6924

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408
1⤵
PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

Filesize
478KB

MD5
a667da6e422406bd644547b82f592f45

SHA1
cadd4b96fc4b7c3dce0cc91ea462611f3ce3ef37

SHA256
3f5ca51bc295c2c6c9e71a4464936e4808d712a93b2554a9b6be4b990952662e

SHA512
40a25f7492a03c5dcb5cd3e099b18366d1304821af13b4898d4d0f30c9d98df043b6733d226f0599e432c415c925782376437e3ed354b42dfab38a24c4206521

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\powered_by_bs.png

Filesize
9KB

MD5
7a2e5c21140aa8269c2aafd207f5dbaa

SHA1
4e0d9e7e1b09e67eba10100d73dc51623517821e

SHA256
3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35

SHA512
63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

Filesize
392B

MD5
ca0a329097316832e4a6ea5d870c9268

SHA1
4a36b93361d3dc9df9b00313f2c2b394be9e1e72

SHA256
4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2

SHA512
51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

Download Submit
C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

Filesize
169KB

MD5
bae6e8c8e7296f92478a8669218d938c

SHA1
254754e7b02929b4a01a63991c78730fc4fcc6a6

SHA256
77504ee9da993a41b70629dd25bb535bcf526eb035313ba9cb9e5a70c455101b

SHA512
3e8034bf8d9e5e03c8e39684b878420d4b30956353860aaad045a7a65c1af68867579382f84d93982a29e96e75193be1083b0d937cbd31406dbbdd10c22af295

Download Submit
C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

Filesize
223KB

MD5
a9424c1b2a76efb834a992095550259e

SHA1
26579405976d517b1d59554fd23011ee39d733e2

SHA256
e397ee99dd6a104b1c289fb29420b9f4a28a43624e6af796a7f066f1c4265173

SHA512
796341e1405b5f02a76cc13f096309cd9237005c09024fa50a922ab97296f58f63f419d32bad0fbecb4205a854f602b9f6078b1934aeba2a506e67833e3ddf7a

Download Submit
C:\Program Files\BlueStacks_nxt\ProductLogo.ico

Filesize
131KB

MD5
169706218f98a42594a8c5c5a65771fe

SHA1
b8ded94180212578d86a031eb71ef93dcffe1a26

SHA256
3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697

SHA512
1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

Filesize
447B

MD5
b09525b48c0023f893d6b64d06add4b1

SHA1
10ecd439ea04e02eefe17f6c110d0c0a78a1db21

SHA256
caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e

SHA512
c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

Filesize
577B

MD5
47ff3e4cc15b8c4a07e3ceb6cb619b62

SHA1
0318e54c613b8ff00f54d843e90ef88310c1a96f

SHA256
4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a

SHA512
0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

Filesize
480B

MD5
22efccf38e15df945962ac85ac3aa3b7

SHA1
b94a8615dc92982e1637680446896080f97c2564

SHA256
0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92

SHA512
41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-EG.txt

Filesize
26KB

MD5
7dc7a16b5e42818c9249db888ca17075

SHA1
42f6b065b90017078fca7161cc4c26ae530dfbdd

SHA256
e696f4f231acef534d62ec9d99a3f4fc7b74a1c1deb3f9bbbeb4e94194bd9747

SHA512
f2706e0bb348a691d3cdc9d05ff4f71979804628547a41386aab068b008fe4933b8689500b5e45abf6afa6b6f1db3024ade2846659b2664b37b724fac5416a74

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-IL.txt

Filesize
14KB

MD5
9fb07e066cc2f213a64d35a97a8c2922

SHA1
a70db989f5c562bc69caad89a1402c8ad7c9b80e

SHA256
65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90

SHA512
81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.de-DE.txt

Filesize
22KB

MD5
defbcf66edf5e18b0b13c8062fdfeff8

SHA1
8c807de19b131831b72325455f1bcc3ead0a09cb

SHA256
a9d87275086fd2d700d588f45c3121eb6a75c64a2e6c4a8714a61032403cdb03

SHA512
a30e142679e942932d82fb8179a9f8ca2cd5882577de64e8e4c38eb84c99e359235346c35b6237133159288261b0f6e9032dc6b14f512e2a431f093187e1447a

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.es-ES.txt

Filesize
22KB

MD5
412ce0feb5a656c908775da52043c31d

SHA1
54a35431dc77d66fde2c828f10372142926b4c47

SHA256
7db48c44d717c50011a2fe2d8f5eb0214c817c7eef5bf1f656feb70270a53458

SHA512
2209d911c91d21ceb44a8e9375fefa9b5ea55cb800f49f709a7baaa56d52a94f5711fce850d880394f6ae78d23d0e3f1a5727514b970f940d0b670e2e978a997

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.fr-FR.txt

Filesize
23KB

MD5
3809a8d9df2f73bd1b2cb6a727e3768a

SHA1
78f7f511fb688e49827105109e73affcf0447040

SHA256
a0f88af33c36c2fdb71b4ef157c1fea12eaf4fb30b0c51e4fd2a574d3529fa10

SHA512
d698cd445159fb2ee672f719d99c1feb1a2bf0113f8f5cc17233b2dc01771a8c1cf3a979788a91f02f6e8e299dc7c55e31e5bd3eeac4fa028a7693f945e29f6a

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.id-ID.txt

Filesize
20KB

MD5
7e8631459def09a456900fa9d3cba360

SHA1
b5204153e26b303598c473e7e92b01a87818787f

SHA256
9620d50148651dc75d3741eb12a8a23fbdeb5efc29f1be24842fc37d01b71f8a

SHA512
f813863475538f763733b0668f3b5cd7d4b6f7132c1a9df3b4665907fe6280d6d8c9dd4f6e3e06bfee7f90a2a527f7cd66bd647f08b8203664395f31321cf84b

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.it-IT.txt

Filesize
21KB

MD5
444e991f12d84ad04baf6c8eeccc7a9d

SHA1
f4bec5e01161d6f5cc9107f2cba325cc9b0ef325

SHA256
4b1f6e0fbc834a783ab8230e678bfd1506ae6c18b0ac0a5bef1d8344b5b2531f

SHA512
ff61397322d86f36a225e9be7444c643e2760a556311c97b230583b0b2788208d11f723e500c3d291d55d076b5cb0a52d92b50a8b1fdfe348fd61341b915f855

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ja-JP.txt

Filesize
25KB

MD5
cb5797745966bfbded96d28cf53e2f93

SHA1
1cdc380338f076c608a4143cb685e4cab2bee916

SHA256
25fbeecfbeec0b2a8ad45f8b7da31c4eb6fdbe413f46e75f40cd22d874c8f7c3

SHA512
f42ef0a3566f02a4487daf50725c186a0cd8c03850c569eb0cf4134ad2c2004135730ff8f672207bf12837980fe722c4581bb0c6c1eea5dcc9014da5719901b7

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ko-KR.txt

Filesize
22KB

MD5
299768cf839ca0926344233731549181

SHA1
773aa661c5bbc1a92a41b2f02e59bf1d78b4b142

SHA256
883cf4af6b2124bb70f51d683c7a1f4b3cecccc4ea61163b8c4ea967155ea839

SHA512
0de4317aa9139b415d4d10aba7f64cbfe39f0417e2d19dd8e69ada7d0915a81f71be242caebf5e019a2638d6d0457c042493c80ea0d24c2dd43c18bfe76dd2c2

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pl-PL.txt

Filesize
21KB

MD5
c61810a689ad52145f3b644b3e4b01e9

SHA1
ee7f7229aeea4a0ec6e18805b69d0ff928afbf87

SHA256
c5cdf3696ccd6e3e600483836c81b290e5270984fd7ca12becafedea42cd64e4

SHA512
79dcf55c6ac864764fa4c614667053c99cd37f408b2b573ce18077fd09ba70877b3cbbd1f57b680ba6e9b5ed5a4d257f11d12c67a0b56dc9a099bf2584e0c393

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pt-BR.txt

Filesize
21KB

MD5
162e3a28c1b32a605d84cc18a2998ec9

SHA1
9c0a2ce21321f56a1ecc61879a9b2c1660cb4238

SHA256
345f2c774e182f1dadf8dacb5539dfa94e33a4d3effb006053f9ba17db6c0f01

SHA512
d2377da38814cfc22950bfcc42545542e33ed6d4939ddb102d1fb11ec2ff019e53fb980e97ce9a9a9926c0d9665d101dc12655a1d67f506a1456e5b244ad50d9

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ru-RU.txt

Filesize
30KB

MD5
a7748f70870a0f2cf2e5804d05f433fb

SHA1
ee74469bbfa6e5d04043dae2a2cdec1a777c5b28

SHA256
f74bceefe2a7e7d39650128096f9b97aca5e929fa67e451bfa8238d7b90cea34

SHA512
122025652c05ba9336b339db79b925b781862a635cdb0c8d5db0adacfeb6e0e43ef85c283d417f119d8622640d0ed15cdc6d915749ee3cc1a4f89b062ae71075

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.th-TH.txt

Filesize
35KB

MD5
bfb84603722e804e4697a52285b867b2

SHA1
5840e5e93319f981dc0f6df4c7d7be23547f6655

SHA256
98f156d8184c10d504189eab0077aeac8687e1d6714d0bb228704d660e01446d

SHA512
e26cc6ab7087a252471cd6233e3baa9d9a66c0a7a0b3703987b31ff4f91f89d00854d8d970f3090b2d90155d5eb5f724a096badddbc6a4dca7dd1a53fad6ffd5

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.tr-TR.txt

Filesize
21KB

MD5
2ddee14b7986e234a208189d650a2e4d

SHA1
ab60bc9393258e556c7ac20a8d68f632ad44ea6d

SHA256
fd9c690e597fc7d8b3bbcba7e39816087c424227f89bf3107da7d16d444fb3dd

SHA512
116d06a37e836d4f48b59aa9cf4164e1ba4abc081e62adfc6f3c8d112f46b57c060381dd2fc361fb83a162ab12f915408df193bdac405490e3014bc0effecc9c

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.vi-VN.txt

Filesize
24KB

MD5
2ffe813470cfedf7384207e61dabf1df

SHA1
1673c446a89a41afff299acd0f74b4df65cc29c1

SHA256
e666975aa6894c7d5230eb44a6ee85564cac7a51188ed05b77059beb60545ac1

SHA512
3288001e68c5533ae092460d7bcb20ca42c37c04fbdfd412c1046ba41f0582ca3a135f136303125f680165c401536b9bacf6d6435e10ec1477d7f9b45942c34c

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-CN.txt

Filesize
18KB

MD5
1eee99faa98b0385fd8077acdf53e81e

SHA1
3191f6c03d6fd3b4db1944e3e7b3a8b85ef20dde

SHA256
7d245f9271426eb08f976a83e8b229e9a830f51674e47b6bfc2181716ec0ecf5

SHA512
d2c116c7c56d7fd6154c2ab856adccba5848ba1fe1ce5ae38fd740e388cae77f095feaf90d4161527a4b3c99c129374156f85033c18f3293defde33f78708691

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-TW.txt

Filesize
18KB

MD5
3ab7d825111b89950d8ca4b3da1c00c1

SHA1
cdf4ec4344598ca9593665465497d370a35aa178

SHA256
dd286cac4e14fe69877e4c2f35eab8352de125f7dc757f47e4fc8329572460ce

SHA512
ac0c2dfc6a963a88657304c83d9f00cdadb5735f208571e72d43c410d767ff6c2cd05c4fcfeb5d4c7f8882e079608e8eeee8b1aea1e2cb6442f78cafaa8ffd09

Download Submit
C:\ProgramData\MEGAsync\uninst.exe

Filesize
329KB

MD5
7c177d81b521eb5ac45f5d17b57bc3e6

SHA1
540d248b1440a1bddc41e55c27aecd5fc5013f11

SHA256
74bb31d22906e2ac7121e96dae30fe8cd3f55d1213fddd56915c0ceaef8b8e41

SHA512
5f37b3ec08da7273fe6a17a1b0759bd6e63f3f77ce0dc60ba0289d2f0abd11bdd8c30bc999da4a66d8ac17c3a0f4ac7019fdc1084c05d6b3d91404a5f89f8d75

Download Submit
C:\Users\Admin\AppData\Local\MEGAsync\leftbanner\left_banner96.bmp

Filesize
150KB

MD5
1d8eef457fee93a80364111745d6d7db

SHA1
ab9a797a10744f0ce39ffcaa3040091a8c0d0c11

SHA256
7780f0337551bce407ccee3e6995ca4289aa3c6fe67da7065afaa862030f8957

SHA512
e81ad703d378fd3150b9f408792135006b0b67c705f170f3d045751b2081d271eecc718c9e15531542aeb65d991f555fd49747059dbb5b89d1e0fd77b8f162a3

Download Submit
C:\Users\Admin\AppData\Local\Mega Limited\MEGAsync\MEGAsync.cfg

Filesize
1KB

MD5
d1bf9089e96d23ba03398daae49240e8

SHA1
fe7db7a837a7af882cc41d4c57b8d31a09007eaf

SHA256
41b9c8b7bdf0fb89a71b7532113c340ec9d9dde96ee23429fc091136601a1a4d

SHA512
189b2ed77ef285b56f0e6ae41ace0fca7b4ffe045a4555eff8475aad355d58975eb5ab25076cda29956a613d560a2e8a93b7e010db4b3daa6a1b71ef1e3bb408

Download Submit
C:\Users\Admin\AppData\Local\Mega Limited\MEGAsync\MEGAsync.cfg

Filesize
2KB

MD5
71f26485f3ff1ed2bbba2fed81b8ccd7

SHA1
8465902fa560c77768cb4a20039e5e030627d242

SHA256
2923c99bf383ae300c3f41da5a707006904a6f3d946ade53100b24953a80c33e

SHA512
06b3ec04377902ccb4713f85930d5367d4fdd77a24551b097968ca7bb2ec59b52d032eb83b4e1cb0f97fca4b7d47c881995edfe82b7509a8c8f200d18d3bc83c

Download Submit
C:\Users\Admin\AppData\Local\Mega Limited\MEGAsync\MEGAsync.cfg

Filesize
3KB

MD5
a6d14270d117a430305c5a6885580f50

SHA1
09794e557840581f4f59fd09320196c33820feb0

SHA256
c47e11ff97e04acfc5a244178aac0fd397e5effb1d71ad37e0e8c880914215b5

SHA512
1e47e3408525701eef57ceff191c3b6d9267498595bf00c28946e2fd36105967a25f33a4ae77da0f29f986f50ed1a4a14888425cb2a4fca7465f8a0964b46553

Download Submit
C:\Users\Admin\AppData\Local\Mega Limited\MEGAsync\MEGAsync.cfg

Filesize
3KB

MD5
a67c5317b84b99a547363de094b037f5

SHA1
b06f1f56dc26b28d48872eb0ce8964cba995855e

SHA256
7398b033f2d3feeef64789e6931245caa5ef079bc8ed49cfcf1e4288a6de1cf6

SHA512
5f43e637f7ff11a557e4d8dc12d3437e1b758ede4069fa8b84e31e5b20c6a223c302753c9926102fb37cef4641b267d4dd8f9f4a6e7c226a2b8ac0b8480bf980

Download Submit
C:\Users\Admin\AppData\Local\Mega Limited\MEGAsync\MEGAsync.cfg

Filesize
3KB

MD5
70c1c750b5bebfd424b7eaa6e5089f87

SHA1
eb9d53f2671710d54b366f6ef55d05dfcc2a8d54

SHA256
0b330bf99ada82964ff22cfd161cdd57e04e06eb220da6a8470028cc593399c6

SHA512
09e1023753cfd75b6af9becae8f3ef50ed48af8c1d218b76c4b73b40e16f25ce217773dac52323d9d9f273c414c2a1433cb8d3004a6b98a3a0699dd8cad6cd28

Download Submit
C:\Users\Admin\AppData\Local\Mega Limited\MEGAsync\MEGAsync.cfg.lock

Filesize
61B

MD5
8fe35be3208f3d47178e2b4075ecbfb7

SHA1
3205b27b37003cbbbecf5ff64fae232475a13817

SHA256
6b61a4edfe1e1e0e935200c666cc834fdb0a131e28d131f4d0086cfbf2aca5d9

SHA512
cfc9124cfc94d894d975918f3d0f52e7417b2cf8c35422ab63f6561fdc6324bb0d3ddb437eae062ff02c703e3a30bdcbca15724daf62e501eea55829807c6c72

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\13288

Filesize
20KB

MD5
787cf677b3bed0f45228b2ef4aa921b0

SHA1
64a9ed9d42ee0935c05989ba7cff1ba7f9b4fcc1

SHA256
6b4fd6f3073dfe17c096ab5afd7674ecf250516826799292003e39d33531c99f

SHA512
034bf65c63f1f8e8ba67da3fabb07fdfd12472dae9bce5a634f4712dccf49d2b14fd32cd5294695581c9587683255f9d549b45ec040bede5cea70c52fc977f7d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17198

Filesize
12KB

MD5
390aa8c9bba23e21812424771dd2fa66

SHA1
9b19736f457f165f7e85e6b551c32f4e2379b0e6

SHA256
e6dbf40fdd9ba7ce8f245c42c09099867ee59142812870fc23fd2ba0636ff404

SHA512
78bbc20fa39cd999e3fb8dee0d2f388cddaf1eb2f0cbdf2e11b1066187f0a75f8c42e80c3d4156420b5ac82278840fec965eae069cf931f7bbcff1dddbd5252a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17854

Filesize
2KB

MD5
f550f45b052daa65e08eebd3d5fcacfe

SHA1
82890baa3803d4e4ce2c27010cacfe31d3737eb1

SHA256
6296484081b226f11822918b0b39a4e745d356fb8ddbf829db2e52f755fa3347

SHA512
3508f4c2284170dc99fc7e6820e18ef92679bc0a8b5bd43442d6e8d908db3c345a1fe7166ca5c0988c93d6630961b90beadc1794975e0abcbecbc9c93fdd272c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25568

Filesize
9KB

MD5
e0a254a3054e6329cfe756b4d99ba4af

SHA1
6c96e56e22add77f02650986d9f6da498cfa1556

SHA256
1268d2b01587539015c4de367c3d6e938d38f517f9dd9753790b93d116f6b5ab

SHA512
276537e37213316b6adce34fa463af63559a948201af4f1dd461e481736cd9229776f44c2fe8ee3738c06a575b59413d5112c95db3aa1a33c6f0e4d8e3d64352

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\31434

Filesize
6KB

MD5
6bd691ed8868b6a24b708cdde2ccad4b

SHA1
2f9d3c46dad20c6c8fbbdad6d6d19c8b095e1e8e

SHA256
8b25b7de4f7641a3533191d3ffa7c2c18e29cc71b769b2f6a65b4621d30c1f9d

SHA512
6dc0581e973ce0baf3578f166bcd3a4ca952a6027d658511144a1a0a069eecd1885ef33ff69d552ba9c6c170b903a2ddbbb27b142620981df33ddecf48da18a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\4548

Filesize
3KB

MD5
a2e2233d9cc40cd87408f7a58d0a179f

SHA1
9995adc161e023cd0891a42c4781283e17358bf7

SHA256
70c0023a6c2f0b105f8866b6aa333a8c9b16fbc777bccc5fd86a88b8d2577bb2

SHA512
5f9ca0556496b2bfa55280bb915a06e3bc01a09b6de2b43c9380a95821413d30839cfd32b8851fd058b453e14f334a2e393adbc713efe8be3d2990ea60193073

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\8472

Filesize
714B

MD5
c701b0e99aa350c55bf6929759863256

SHA1
7c07128f8214641ddeba1ad987636df5726e05be

SHA256
da3d93f7859d769c60132466a3366bf23ce4cd1dcc2572058dd4212234fbf6e7

SHA512
2c1d30815bf8d6272d9afb5308170b7dc3ee92738063ce1d0c23de34eeafde831af27153fe0cb5f57e47d1ff54478b9c26bab699563ba3fa01628e4c710fbe98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\02C8F2FEBC7936DEEE15E99D47C5FFF5EE314A81

Filesize
32KB

MD5
9c3274589f3b5e2f7f09ad5a31d7b490

SHA1
2b9798dae2f81a5ad9617ba8965f50bed3dcf8e5

SHA256
be29175600bce5d7628605f83e7b1fb79f7d6e82ff76b1f5f0125dea07e0052d

SHA512
729d19f5a72212de361b527e49a2af19976c97358b5deec37b72e6b37ecf118ac2c93be3818c5a84d342739a51febe734320c124f293a568f6cb448fd73a4d57

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\04467F0C374319AFAEBE2CE43321FCC94D3B3410

Filesize
52KB

MD5
8b05cf8b3420939dd02efa2ce98136b5

SHA1
ade4dad02a7eae05ca8fee4c1aa617e346c79147

SHA256
50ef45a36bcc0faccba79a77152448d9a10675da61915e853ef1a62b1de81268

SHA512
fede6daceb2182998f445a56aabdd3b99ce1505f853377478088fb52a803eaab238cf4a92fad0ca767487eb48c485b401e75666e4dbc1e7bab6672eeb1a0fe6e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\05C847F4C5B415754BF3E069B9EBC4473AE4EF36

Filesize
14KB

MD5
95857e2c04e740ba7cfac9295357871d

SHA1
6e6fb9d9f304e64a979f3cf887247b4375069fd5

SHA256
008c2dd6a898473120a4ec959f921757aeb5aae3ac15ccdcd05b03ee22d6f3e9

SHA512
f0bf1dbb65a248aa129a5533551cc62dfcc3159859a616fbee45090b91aff3f1f6e79f72ad06292558a0eb8f4f334b688ec0889d32f746332e64e61f286c4496

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\073A53A6BF006365842652FDC45660D1C05132D2

Filesize
88KB

MD5
4a7c05bad84eb0e5f1a99c630a56890a

SHA1
e1d7f296969133060a9c7225bf77d08c6a0cae6b

SHA256
ec7d18b0532d238957bbe41cbba4dc505c9999ac815cd3905cfeec54be23674b

SHA512
a05687c520fb453140dfeb66818a9f7d505b51e7e3e1076fcf6d504322175bf5b68347e75573191bd5ecf95d78508cb241998f21879c94e6bf77b8c5d0a90fda

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\0A73C6E23F02820E5C7F05AD9890531BF91D87DB

Filesize
111KB

MD5
084fa6edb17cb5051a5c29f0877fc0cc

SHA1
cb9663b4a9e0800d08f9ad4d7c812c4bc03f1409

SHA256
e204e6fbc651a687e4ae67748d15b2ae59c6f9fb0e3f2dd49fff4c6a3da88cca

SHA512
912f1e3ccdc977d1cd52847a572abb632c7102754411ff682a93bb7f488144d9d7ad06cfe3c00809cf8433961ab266fd77285b4265e4753880eba52f9ca33376

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\0B7878168B49C74D53612BEB61B446AC030C5F5D

Filesize
31KB

MD5
8422b2c1c379631e5ceb37e47ad91dc5

SHA1
c758cdcfddc6622c87f1e7b2b483bd54ba48a2e2

SHA256
95ff758e8e0bc077d84065559960ab742f068dd5e9b47135a9e77fe55787b805

SHA512
fb31c1d60b0d69e7726288d8fbc3ace2df3d56575b6353c21553a9dedfd65dda62753671be61a95ec1075567d54532b8516877baf70e89b0be7bc700687a8593

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\11814592C0A60C76C45A4D3152808CF58A936E1B

Filesize
14KB

MD5
adac41f15b3e593bce99a5d6aa9c1ebe

SHA1
685b3e56436c958f97c3013cfd49bb81488f3caa

SHA256
d51555d0f4cae3444744754e08c455f2d44f98c11a07e8ccccc8e67933dd389e

SHA512
0e148007a58d7c05b7c7271dc8804357fda7a544779e92decc8d81fce517f12c9cc05a1bb9d9197dedaeddc59988d7b46c3927995b9c0516f6f7ec345064b6d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\1378DC10E5A7261D469798D7A63DE338C9153052

Filesize
19KB

MD5
c2fc2eca488cb457ac3dbacb163bc2b5

SHA1
833452bb1854a4bdb8ea383f44308b47bb787130

SHA256
ecf32b61d3f942fc97bbd24c2092e5b7ce036fb255471ae8d800d284171ad93b

SHA512
e9389fafc9c6769e0f0fbc5478609e1910ed4f42fbac66616689ad060d09ce4b2a5ee14ee8a6e31c31cc69648bf8c24e4edbd9b19b04e5f0911d1e10a8d83294

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\17744E8738AFAA54929A7DA3911CE1311A7ECE25

Filesize
22KB

MD5
84094086585c5658c78583d3b95f933d

SHA1
729271f4df442b4bbee1123209db9b72814ebdf8

SHA256
88e856959106e6f079c660cd002a33d15e5ebb7aabe40be792b8f5b3427c6442

SHA512
bc4740def993d0fcbdd27576f372dd6d777aed854c909d9abf58d7167fc687cc068a146a8010e79690ee63e5537cf1b8b4c9846f44f61d3e2663fdb2e808bdaf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\1DE9FAE01E1E957F1009D37AE5200F1111811A99

Filesize
88KB

MD5
0fea9d75eb06941414cd432505a09bb2

SHA1
b708d77a1227e9632826719b87ba2e0ae82fd9a2

SHA256
58e74d66ac147a0ffda2f6823b48dc4ac637099519d154770e9cb1be1050a876

SHA512
dcbe6d8a67f01973a303516de7016d2ce64188853efc486881eb4cc6d47e2fd674e878bfbf7566fd1a283a2a6b655852801b359a602ea32b1cb828c4a3c4adb2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\232C0EC2EC5692542F5AE7D26FA95FC3EC24538B

Filesize
8KB

MD5
a1da96be29523974c328cf487dc97667

SHA1
3d215f4b4b16f8f8f4fdb3a685a54897f5905a46

SHA256
a5ee2508761998117b21725c7abd8cfe87bfcaec388c43831cf7af482eb1bd5b

SHA512
2cd53eaef0faa62e390e2500921dc5274b0a121273f4731442994d37fbde3bc21169da526b34edad1ac61b6fbc03aa95efa68ae1851e5fca5653fc7019dc33b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\277354129DEF9D9EF480D10FAFDF9B5E87726A0F

Filesize
32KB

MD5
9560643f3e726511e7135829e0bcae26

SHA1
a3ba5eda57a7adfc1d23cebf7d6bc7a48e3a709a

SHA256
c373caef74c3f847b1eb2388b5a045ab93d685fa723fe644a1db76ed1e162a1e

SHA512
170740195bcd93223540e76ba18073fdf78fae334128bfcdeafd3c92695c778e5ce869e3eea0b922588f98f27d920a30b2c2c942075a2c4bef78de8e46aee4f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\27DDDF6837E5DF9EBAF30F6B6883B51DFA77C9E4

Filesize
13KB

MD5
4cd99e061b4e5299bd0f587b7ba89692

SHA1
88b0ed6e6b22ee8ba851fa3634fd90d14b4e6864

SHA256
f169ebd8c5a5795336028f1d27b542f3263c83e0b3c8d2235bb982776d6b9c5e

SHA512
a9b5282c00cf7a5d94daa85993b520910cca6e5215294b0644594335e50ac454bed7af886f0a447a80472e987d4e28c65f713116b264ab54cf2c2ff1345a67e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2A2858AF962DFDD41C4223B7B9B1890D806D7FFB

Filesize
16KB

MD5
4d5992b1183657cef87b9805de370922

SHA1
0dbf29d4a7d7da6baecafaf4cfb7a0ab476e5c8a

SHA256
aeb727c831c92ed1938bcb302464a63c87c8ee6cc7237cc8787bff885944ff1d

SHA512
e99da852d3aba842da4615e093f164a4e9ec80d713a0bc7e776428198985fbac0ba83ba7267fb0ff5b6f52f244ebf5dd5f35688b38600be368d73329bf25dde7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3AE8A7630FA301F782F91C341869CFEB9C2E9519

Filesize
16KB

MD5
192404ee15e248e9f220a6a1afc6e1ed

SHA1
ad17dfbd6f6312a9b6c9250b1ca118c2bd4919bc

SHA256
7201ae3e44cc353bb93b143e2914847a0c90122eafe818afb106f5091300f406

SHA512
861f89f34b6c11e47427d81a75c0a327e691787dc13c90ba252d01cb5d7ca4caa4d71993ba4ba10873a409b3fafdab1fbca9d2e266c0a2444223f7897575c78d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\41C374248326BD3CCB40FDA569C45FFC5E385F34

Filesize
14KB

MD5
5022aa0a268a45af3c7eb16a239efa40

SHA1
2249ac8d8802643e6d76d31fb0b030599bafa027

SHA256
dd923c8f377c5471cc8cee849a9fe1b321104374f0fe875a49077c649eccc943

SHA512
4fd3e81d049e8c322d8894441733f8485561cc28cb63e20a6e172be9368ffea7bdc08c7db4f44b8e4bdafe70286c9d7e66776d0f72b923b2696aacd964b9efc2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\43AF6A0B96B65E9C285379BBE64C9DF77572921F

Filesize
1.3MB

MD5
273028ce64c7569ee8f975192c3b543e

SHA1
54c22199619943d6ac1a821079eb1aaa9e9ea98d

SHA256
a055c67cfa593aeb5400e891cb2aab00650de40e2f0acb409a9600124af2ac8b

SHA512
0f37e005c61d08a02127e7528ec59997c9ba836f4f858e81e3d3525ea94159a3168838e88296b92b29062d24fed27b65ee3ff39bb2d2fa47fd9a2d6ae34da555

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4

Filesize
1.1MB

MD5
f8dccaf957945bfccb33910739139ef9

SHA1
d5cb91e032c470f037d1e668a73a42de057b07be

SHA256
4bafa3de28a38b2bde8b8e6cbc747c34b929247f99a2688f7d34e21ba7ec8d18

SHA512
3d014a67bb35f11c7d5b0c1ce8d9d1a8c88ae06bf4220ca529577abe773cfbd89dadef2967f42f6451f590ade4830575372fe2a2770f598f0e27bc0b905a905a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\483902E671C16FB8A774F2E9388F2A79CB7F4F8B

Filesize
140KB

MD5
30741221db64883100e5bcdaee020162

SHA1
1314f3902ecf49dd7bc5baf257cb34c46064d966

SHA256
bbc5d7b3244bee30e3bd7d5868f0c3346f8879e979a1ba9e893968083d0d4866

SHA512
de64538a502ec3feb88042774a81cfe2357da152b787a3d2c94cc8f0c545caec69c0d92ad9324c522c980ade64e55f4d7a4e1fe180da74467ff3229d1aee9a23

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\483C26C5EB9CBA8F8DC58D68D0146414CBD8B1DF

Filesize
62KB

MD5
dda13d739509d8e961873fb7103f9443

SHA1
fbc0e3fb95555e9e46d996fc36d518c8592ab5e0

SHA256
655068602b3ebf0b1ee2f38debf0975b7c978b2920d12d1ed1d9504a4515864b

SHA512
6f3013fc33dc62a4c1409b4edc66981e80d0930d37f3f2e2d9ac597aebfbf91f9faa0e997d7ca8f429c664b94cd3a96b47bca0856b13915bbb8b4ba906d0c1cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\49B79B8126331C6A1380238B712ABEFC85B925BC

Filesize
17.7MB

MD5
e938e284014d1254b56d34a9da04b62f

SHA1
ca9bec6deefb841f53870b32cce40e2a163151e1

SHA256
44a4b23321818429a04f425ee1f2ae1a0c651189f01110e6c9a7773df4c8f528

SHA512
173c6e26124ddebea480729b4bbda326e27b5c25444cd97f0ddd2fcf7ac04ee694ba6be620a11aa5be8468e816e5b5015dc72ef34448dc698805e2dd22f27205

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\4C205A95923EDA92FD2CCAB54838CCB47370BFED

Filesize
13KB

MD5
ec1e7c43f6342c1b1e1fd7b758ac5f17

SHA1
e34df9ae9681fcc843fde109d180b836cbfd72c2

SHA256
9648ec66ab3d3045aa4da6b703fa172cb37b83e0317b61a2f6c15519afecc63e

SHA512
af1ca1903972d580e434bb735ac41bbccd82b2cc8837871d88e622058f7ae63502291e781c8ca5ae57186caa9da260c7c7c1917b21797612ac2224cd3fa124bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\4C7B6F2CAD8B3C17C2BFE488FBEA72FE061AE34B

Filesize
20KB

MD5
bf19c29bedcbd1e4e625b8cdcec618fe

SHA1
20d6f0bc5b2185aa60c54bcd2379a6e43c0582f7

SHA256
601fade6e215943ff9e57792f109dc0290b252662feec9fffa6f9065c462d30e

SHA512
a27fa281cc661f9b8beec4786a71a4c1145f992749b1a5d2f65fe87e22b1869fbacefacf1262226249fe5df726a54acca7add2dc9026846f244c62ba6aca2334

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\526ADD4D09CB23A5B5179163837EE9395052BDCB

Filesize
414KB

MD5
626a74740ec7963fbbf29af8c2a85dc7

SHA1
c539715b239dc12432e585095282cb5a8c5f6237

SHA256
b6da61d2d2484f168400cd46a96532478ef5f6fb5a43532656d853675c6c25c5

SHA512
d1574b3ea7c30ac0b27a8727dfa955cedec52a12f34b47d9cb3074fd70e52a604a511ba74a946583f518e46a75ce3dc4a3ff48f2f792ebfb51934261ca255a04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5524427E76785200FACC0DF8A5808E07217D7E24

Filesize
14KB

MD5
7461439dcb63ad9e73acdd305b153090

SHA1
c245aa2cc99bf3cb8d07a04be33fb293722c5ebf

SHA256
bb00b11cd90f7d769f30893482071c7b6d28f13ca12f234fc0f984679d18c5a8

SHA512
7df2ea4cd0371f174ec53851641ca64a8f80160bb27db1a24d4e3518c7f27dc70888d66ace5a230f8c66fba2598f7b02973aa2771424eb46a009a29c3277dcdb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\58C00737E308843D6EB80760F3E07951953B0ABA

Filesize
15KB

MD5
ea65020706c90b0e47d6be1733c0d5ea

SHA1
85d0a9b056ddd2bb9e88a7def3c2cc31267d8404

SHA256
e4bc2936445a3c6eeb94bb4cf63503c108db608beab0cbe1f7549888521ea273

SHA512
891a6a81d3927ce27af7f805734bccf2a454ef21b0cc3c78f30d17f046109b4f58bb707a8c57b6efab065947f32c02d60fa105754d8304185e56b5e67312e3d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5F0C742AE8A57C7CE41AEDF2A20D59AB7F578F36

Filesize
16KB

MD5
d9b3fb16620d7c869b3535f7b53e8114

SHA1
5299c93b55cc1261f4ed8f10b39ff8ca75667e39

SHA256
9c1dfa73217ea23fd6f654b6258906256ce1384ed6ec1afaa27dbba8c5e2ecf4

SHA512
cebfd2169e659476dcb832f942f33c66564265ef574d54890bbf808e61a15430a68e4efa30ffc50e6dd8fa84957242152b0a3b0e2e715a8ddd227bd393dda72b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5F236CEC6CBCBBF8CE12C9EAE8B51E8DFB604669

Filesize
8KB

MD5
36913a1707e3fa3db7ee028cd9f1b4f2

SHA1
cd7802768072ff04b4d85b263e8e97bc7512d4ea

SHA256
5b0d728ef2860ac8639b1d223743535fda0472a8c0311526f860c582fcdaa91d

SHA512
cec1a225bc7c647f033a8e86609eab397f6b20af939d53f203e26003f7b2c4d92158f8e6858ee043279d716bc7971ac9168c00d0c62845509ce3126cbb69c751

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\60D9D3987372306BA64BAF2BCECA03C0A7825B5C

Filesize
31KB

MD5
c2a70e4df95ab5c9655f9aaf888895b9

SHA1
04d45b0d1870b92a3552099d1f17fbe0c030f6c5

SHA256
82612655a7e9628df9cb99cdcf6615db8f91c88891a6b87cef595c0be5e401ea

SHA512
74222a449feaeaa0213c65351ff6401851553b6d0f1365c099015ce9a107080c9930ba08191d7701c5708c384c6347189d999e3247ae9e921666c3b625515d4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6171C3DCD3501947A8FD700724EF6121B8CDBFBC

Filesize
13KB

MD5
abc83c450b715bda3299bab148b290d4

SHA1
d078735341c45aff3601404228e980ce72a102e9

SHA256
f66fd4fc2ee5cc76041dd9cd4d1b764cc0a66cd887f58b29a9adf5a4b92aa762

SHA512
16aa9fe4b59ff9b60212915723a6ac49ccc450d8a74b97c0908d2f972f2ca9ec298d14e3209f8c7ce62a79c79ff176a4122e8ee18f2d766f581afcd29d7a1808

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\61F9A63CB31614394E1C39B46B1F031053EB773F

Filesize
94KB

MD5
fa53377d7279ee7cf1298ef052fdfb09

SHA1
9b79c22663484b1c1a261172bd848c32486c7835

SHA256
8a0e25fe768fddeb93b809bbd3faee97ed7be68ce74ff6079f5ead50a8f03da6

SHA512
0309089e4e888f7c31c301cfff796d9aba4755528ed5ef07926758cf90fd718dc4fbce0a7f09fc0a2e2d10d1a527aa28ca24b7056d82bd1c1a642e478cb5e723

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\64734067DA3FCAD3A190A95377C1AC95EC2B62AF

Filesize
314KB

MD5
7a4210275302dc52e573065b01ebce6a

SHA1
04ee456efbe6fcaf03c874642a660eb46c0bcf5b

SHA256
d7147653b3e367d06f0bdd13398437136e4fe669d81bd63babaf4cf4622df2a2

SHA512
bf6bc4d7e21306bf30d4db23fea28c7a419f873eff6a0f397fa610f7487a05dda9e898459aed60ef5db659056e5333c90167f1bc9ef1e6b21e651a1162b3083e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\64B1DE9D6B34698E1A90D3D7C812BB73741446EC

Filesize
28KB

MD5
47f44b2e85b46dc200b7f30cc02d1d96

SHA1
ad9c8c15ac944f5f57a77dd1cf25cfb5b08d4821

SHA256
fa78d02dcef4af198ff3ca997c79283551cdf2c0ccaa1c9fe479ffff7cfdae5c

SHA512
fefd9a67cdad5658ccc9bd3ace38c951b4196f6f3aeead91d562d7087ffeca27d036b40ef9ba97a913ec642a3f33fab2a3489e5a163a37b8c6a2b1d5d5c612d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\65A8E961DDBBD55EC04CD308B2503879B755B039

Filesize
93KB

MD5
6800987b40ad611f7998305a6acd89eb

SHA1
217dc693dc920cf6b6eea8e1aa7893b7af11f5f5

SHA256
0b59d807ab640c24e77a0b5be62ea841e6c3c30baca97993ece9316b39387214

SHA512
c8d55e3e8cf7dfea3eef1af62427a66ef39ab8d848085f36b7ad05a61a18ed41f05702e93a03771c75f502602f319da1c31bc58f59bf2d223e65dda63a8db5c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6718705F52A6665651669F64F054BCC011C4766A

Filesize
71KB

MD5
033cee3c7935953b4249f7c554d80dbb

SHA1
027f4b59e889bff906636729701fdc6f162ed66b

SHA256
d7233e87d42d84d6ff26e141fdedc580948f152f9cc29938584a89c0be287bf8

SHA512
fddfbc6226c8a4ae4ac0b6bfdb002e203e06bbbc75e6b83741dbee771f98ce8adae26c9baff4577e8ebe64fd9223bc6d472f575ca0cd3d138b2e4a49eec3eb3c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\70BF68727BB48ECB184C4AFE3BC2677CE1F781F6

Filesize
35KB

MD5
92e8a9bf6a3ba53ddad6a40c657cec0a

SHA1
3fd21ddfb9b38f6b74619359d03edee7350ff39e

SHA256
fd3b2dfec3e79479e4a245ec47f816e9b2c6886d59913fa400b5fd1ab45152d3

SHA512
61a72f25dc904f5044ca08b57691447f1118207a50fb2b84bfb0adb572f668dd4e460548b55671ca87045a859a5268e5988d5e73caec9dfce3f418abf13b00fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7293FD3AA63FE1D29FC02B00F83223F364047BC5

Filesize
14KB

MD5
d5d53e68b21b732126271dd1d7a4b5a9

SHA1
0e16c2f7eaa90e9b3802e680c03d50f88eec4c40

SHA256
5e679267a36dd3fa8a9b422079bf30b07dade6f961feaf1654418ae7c7ded78b

SHA512
3e879b98deda557f12b7d704bdddc1f3d87228799750a9be29df31a46b2b3586f2d1868c9fefa5b126fc25cc18679afb9a048cceda67536502d094ed760483d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\78C5602AD9B870C6C4D381677456A348D0186FE6

Filesize
97KB

MD5
7b0b1fe801a5fdc4f54a08ff98f017d8

SHA1
6d7438925153e8734127667f29299fd6e385d74f

SHA256
2aae0c78cbb82b5d8e7ca5d8e51f29e92744b3635037b2daf98e95832c32cf3f

SHA512
a92981e151cc9632a6224f94a4b2e13a68555f0d6ef8a42f6068a2011b46a9fc110bfd9976183e49a6a98dedf80b5330456b00cd51d707ae87eac2f065c42247

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7A591A4D69FCECB821F6EEFA118A4F6B305F0D8D

Filesize
229KB

MD5
c7dd9589d4e0c08fce8f668d5bba0a3b

SHA1
7d710839fc9259186077b4358ce981eecbf2fd77

SHA256
9b88a346ba04207d7c29f63cae38acb761060a80c2ecf3c3acd176da52d36670

SHA512
502afaeb99ed329d214b6ab0b32dd4ea05fc12b0b84dda054abc6496168452546cfe9ebefa1dafa3da34fbd58073debf893967f29f7c54bee87eb88fe18e30ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7C4BC02B90208421A2529895012633B497D5A4BB

Filesize
17KB

MD5
b1dd09b003130eb8bd56f0d24d036820

SHA1
ec70410b5fd6371a67ec0d56c83972a08aaaf9c4

SHA256
d1e4dd5380781e40b22175495482cbef36d2e44771a8aef43d4a72530e9e12ea

SHA512
c43b6dc348f8404c0dff0bf4acaf48400cbf2315ce985027a843d1616807712b8d0b84ac8335aa4352653d92eab5f2a7209be3f651ecaed2a4dd50e85d5f95fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\80D1F3ED7C558610683543B9A34DA150D8E24818

Filesize
1.2MB

MD5
1d05b5c0589d8284d9b400f635bbeedf

SHA1
728198210c0714262b642582ec63f8f3665b62f2

SHA256
f1bdc6ff0fa20f049327b2cc545b6a15b69e71bc1042d2aa6717ac9d458d64e8

SHA512
4a7f850b459a7147510473fe72d84c5e24865ee6057e919fadea420d1b931e63f197332fe0f03fead7802cff90092adde2d8a54f41e0983d88a683af8e150c2a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\810BC7BDD1F26D3D370E0573083586FD003F26CC

Filesize
15KB

MD5
b4dbc63d5c6fd840d2742011e69ab508

SHA1
6289c299084f7532fb8a86aa3aee0515303685e9

SHA256
fb26064e49552c4cc6513137c4fef1509ab13bf07f0791f57386e9b24bcc4768

SHA512
baa628f1270410cb48be7078e3fabc58143a88e6d29ec0f9fb40ca9bb357c08bf1861403cc4841b753af6289de96d3f8a33ef983970c3511e586ae8d35518607

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\82FA4133BA387D91F5D1FBE5939209A14D4C1E6A

Filesize
52KB

MD5
01fdcdc492839ea3b11217303480789f

SHA1
18ee5af533fa821147d3b0ae0ded8ffc9f50f6f1

SHA256
80dff6b55d7e5c87022c16724e61b01e8f666b33c44d8d51653656125d274955

SHA512
1cd9d6cf0fe2e3f63a30c880396c660f287e74f41288a489d4f5be9c76697aa3f716745d478e4e5962e7669b613b723d7e6cd79ec0633c7751c01de4d9c412cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\83923E324C8AF651633F913323650392190B8857

Filesize
47KB

MD5
accd993877e151c8d29be237e18540e1

SHA1
bef6bc016679199adbbc91a3bc3ef643801c010b

SHA256
4539d1f57021d0f7e084562361991583c02caa11e9f63bac460d23c001831d1c

SHA512
ba146de1c7c008f076a8fa6c2a40711d4aa0e854c8c0a12716373c6f2ba4e01e160abb3fcf0a879c85bf26c0b1374d701784f737e7efe5ac0406874ea660a662

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8BEDEA9D51609B0EF5FAE4B7E34EE86D752D295D

Filesize
15KB

MD5
b00097fb7ce90d0dc0a5e2ce2d11ba7b

SHA1
c2079665e80bfba54936994cf4fe4afde92a712a

SHA256
876cb009711846665f1e76d0995e1811899d0cd7a73d8ef1ead782427207e0d5

SHA512
e8aa1cff85e19c866b698405bee9ca45156b5caa0ac3d860c58325ac1c5498724013691b65f7637913867e468908df97da8e84e9c3c9942b30d7e4328995ced9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8C882D7BC348B8BA3B613F6E985ECD964F8370DC

Filesize
137KB

MD5
00a7e1034aa919aed8e9566ae7dbfbd1

SHA1
8f2fddd3a0543d85dc9d5b70c89bac12ad9f7463

SHA256
26af6273f2cfc60811816be735f1ec5c494d8a863d5bd3f5198b53fc357f7f9c

SHA512
af216dfd6a163996a94ca74cb3ba11bfb338589c6f762d322c08a4f317f4c13122d442ec14b6da835849b265ea95bd5abe87f397a786d0a9f6ad13e95ed4092e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8D2DA0CE21FCB7C9C778ACFC2B9018C3056A7732

Filesize
600KB

MD5
999d215bc920599d76b407f26858f653

SHA1
e33a75d9feb7314dc5c856d96d9ea1c91ecd6300

SHA256
89d4e2bb561779852b0795fea851004110702fcce2ef548e948cf09550a62f32

SHA512
3d54903a99cd950e58b1306c5dbf59fd88ea3754ba986cc11201dc4c8d7a8437d9995c634c60f83d50e929ba6275f75895cce3b62a48f75c2c9c37cb10ae1eb5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\914C32E3A583E48AC9A8A42F871B51B54F4A3BFF

Filesize
14KB

MD5
87bf3ec49987b6d1506910ac60a0c7b4

SHA1
1309965ef32726287c7171528139de69e1247c58

SHA256
522ced352d168e680828cb7c0d5a845ad60df92a6b31aee7719956e076c7dcd4

SHA512
4ed3d54d06d1dad36c69445cfd13281f1428629db9725f340f8f09922dcfb860047ecc6688d64344e0b13de70d664a9e4a3efa938654a0f4510fcf7ad0bcb726

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\92472922F93BC9C9DE6DCD9C670346CBC2FBEE02

Filesize
379KB

MD5
cc423a88af7791e11c8f79a4239d3732

SHA1
50f454743b7866fab46cdbea4da5f12c01fe86c1

SHA256
f17777bda28df1d19ad4e4d571a8b333230a457d97fd712f8e51b7382ebc9098

SHA512
17859d0a61bb0e1e304bed698103008e9e4d02a13b854addac7e699c1a12008d906bffdbdfa297242298887348e6b7fc4cbd8ac845d7ae465018402691c37ac3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\924A3994B50470069B9B0C5431776C971F042F4C

Filesize
368KB

MD5
c043c041cdc80b3c2b88e1eac03b522e

SHA1
142833f2230b80c4acfafb758e21a5c59ab4ac87

SHA256
25e12ba920240d79bb5e29acdac1b6c9ca0cd4947e66e92e1d3c9e8742f7e131

SHA512
30f69fd05b765d0ef469d575c5464a34a9eda507ddb13d7b97c4abb377cb1a7d2475477e9b77994cf5db2b57bd86b7c2ca032007a05be7edfe5176e2e9318e35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6

Filesize
2.0MB

MD5
d591220231b048e3c0c1d745d99f3883

SHA1
604fdfb91e0179e4e8306061899480a9a6a311b4

SHA256
29fa58d8b7357d5999a7cc373c506a32664f1494e73ff93da1e52409aa9f2671

SHA512
fb707465a4ea0df42c71c1f66741aafb86ab73c1455e4f45d45cb834dd75f276da35641abcdc75ff93e7c916f30dbe825e159155226ae2c6087cf7d64eccd2e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\98AF737DD946CA3B37F8CD63EC1E1756F57F2E19

Filesize
68KB

MD5
fd20906785833839ceaaf39d4c74f4a7

SHA1
4fa84f566bf227f0b0dbe35731559566f4250dd7

SHA256
a8df50cba846353f3a965c77e4e3737ef99cb2a822e20113c0acf20aab479ba1

SHA512
681e51738c55bbf55966b0c37edba6a6911f20a522f5e7943d16fbeebe4e7a937aad81e51241aaa81fc97883550b72e026a2589964824f901254da5fb7f820a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9B9C795E8A5FCC4FF1D7B43C7BA1A33A43268873

Filesize
21KB

MD5
1cd85807c0b9c1d20f6facb374024979

SHA1
e5e58c0d7a13455cb4c4ce50f82694afdacd2efa

SHA256
774d61cd99dc57ebfff522f6561fd928a95893701191495e56c94229591e1e9b

SHA512
60dc07520e7e6cebbcdbc745a2a96dc6c6222d06f47b9e42bf75f46740fecb060fdeb971afa9944ba01ec49f1ee0256de90caf726378e21d93bdb530eb2360a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9D994EF872E4AFFC913666DDFA5B18CE111C574C

Filesize
53KB

MD5
f2f9104f7e28a4009da89efcb6f695c0

SHA1
f69f489ce5a164caa3bb827fa4a9df92e9861009

SHA256
0a9309f1122bc7b0a8a17f2ea1dfe6e002fc50ab532e2f0c43757ce835f0ae31

SHA512
9127faf2443aaa7354a8bb28e6820fa2f5ae0eb0a7643dbd708f1757327f84dc845ca6e1ff9d1fcd9eebf19bf578334ad00c99349dc8a90332b8cc56614f3ea3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A0E66EAFF8F66C8816DAD2B46D750D4570C81E75

Filesize
39KB

MD5
010889ee2667020e6decbf3ffbc2fdd9

SHA1
b7087a65f231c84b2d5ef87d09fe1e4b5271eefd

SHA256
5427ddc7dbdf9aa4cb8ec84a71eb52b40beb98fe523ede968f421fff1a57674f

SHA512
6e599184f8714c85b0d4098a2d6c2fac9319aba51e41db1a8f208cec298d9639d3436c356ce346b0784eb30a9a7acfad605d588f65a62e0cac1e19b5d22f1085

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A122D84CC4A87388E5CD003E12DA1D90DB55C54F

Filesize
7KB

MD5
41c0daf20bc4a5c2e3bacc9f4da320ab

SHA1
39ae7b618afcf4199fe80d8ba234c64918bc0c20

SHA256
46eec98fb49ed16080316962bf1524f6d349aaa90b42390aa3cba469a6864453

SHA512
0cd23f33880eeb6ae7978c82a6e18b46025934a81385f1f68ed6b6c9da94cc3d76c1695e46eee3a168e7ed986c6704f8c232a4d8f47c109ca5e3a54627baffce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A54038F45D60255A1F3141F7FF0A1190BA3EFE25

Filesize
35KB

MD5
1c8fa692f1b62aa396f9ce5fe8e664a7

SHA1
bbf4c33b2fe2475faa6ad3cc8901ab7e54330537

SHA256
ff32cad3c906e523526eadd269b30d2fb4a6d0abb19726696262269b5f3d2593

SHA512
b2f9c435b9ad0ce13c658c6f17723bc13a6e6b2d4dd90e59df038711eaab2a13d223e7d91594edeb4286282be09c039f9d444b1cc420625aa79d1ee6e7471b2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A54BFC018A94D8CC549E6D8738E8DFE274855EEE

Filesize
22KB

MD5
0faa29038f91ac39ccc1c8e4611b54cf

SHA1
f454fbfa7ec82d83a52902e9f775033a00b0f7f7

SHA256
641d495c5f6f5fc581468b51d5f6ad483961e630f45da8f605d472c44af3373a

SHA512
da44554b6e5a924e54c320f75c362f085c3a68df321944bd3c5bdb45fdf36f078ca0ee858540bfc30eb6ed8f5b81e30530fcd9cac43bead66d5b11cf2765ea2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A5CBC6E1DC23803E9AF6BDD194C7A367F5CF0E76

Filesize
16KB

MD5
95d1f911ef5ae70b6b6ffe7fb5bcdab6

SHA1
6a912b149c1bd094fa15e943ce01f32803cfd47f

SHA256
f3c961f4080849f8c754bf35c44742b1638baccb303a97478c939f164a444c5c

SHA512
35d673e80bb0f989f1ad6ad9be63196aa0fd14ed91d6f964d4531b9fda6c27444d0d8cb667b2d634b62b8276fea431b48e2943f80a0845d26ab2e8f1006a610e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\ACFF9664428F96A0DA0BA39C44B95F5EE330213C

Filesize
6KB

MD5
94c20dd819432452e91c48257b93efcb

SHA1
f30bbfae9ceb9e7782029c79d710672303d66053

SHA256
33de91b98890dfecc107a6c38b511d80a7ec20dbe0474d44284ea31e5e8c309c

SHA512
3a3da9dae2c04929bb14713f4c721f58fbe34072a5ee2771846387af3dc96dbf1becbb0d9ccb69c491e27200c84ad4c1013253f00f27d38d64684aa829cba1cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B02CD1705679E135A9D4633C85B218F56B1443BE

Filesize
141KB

MD5
a8bee7ad81a7a09b245213effb4c0263

SHA1
4afcb7c36ff5b8fcb6cd930553fec0da1042ca39

SHA256
e8320b74e1582eceda4bb6a0e1f6d44e82c7a2a2ac13bf47443007870729b8f2

SHA512
fa18b1e0c225f29b8006a1613b9d678969444bf096974159201974e19a7d00f9b5d725942f4ac933f207df99e46169bc95e778f2ab2da2b34025dda89f4714a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B0E574806154BEAB30E9DA6D4613BC6B502A7C7F

Filesize
206KB

MD5
76e8b139ef3094afad6872cc9d3384de

SHA1
41e7b00005197bdc3e6c5b7bfa87bbb5ee584fd8

SHA256
a71ed4067f30c8a850d25149f6a76a07bf9dfa66110209f8c8645f558d35f955

SHA512
35dc9866ce3017c124134199c59e172c533e456fc56e197f54ba60f2de78f9ad854cf2160c6b6367f695d5cda5da61ef8da8a1b7295eae03ca008d40bfc1acd7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B2594C1FF313831D20767E765E1A9F8F814F5015

Filesize
5KB

MD5
8b33388df147cd80a487a1bd931cc6c0

SHA1
cbd6e4d7525a066fe9f84d3ab7435c2e386c88e9

SHA256
2cb989ebba82163a90cf9d35ea15b60e4aeb37fe921c5a68cfc87a9e4345ae36

SHA512
aa8742065e4cbee988c5850e8ffa0e43286270f4b8a919c939f23574894217e275d8051a375b435073d7f797767bba81b7a37dd95759d1036e0310b589f231ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B8953C9CE846AEF79A17A09C295C86EA92208F3D

Filesize
17KB

MD5
27fb36f5b29a88b0fed306beb32a67c4

SHA1
1455e842bac30c704cd929b24942fcfce58566fc

SHA256
468c492827e9ba0dcb5fca3c97c23a7d0ca808ea1f72c58091c8babc82a95f73

SHA512
d1c9e7e31f738b11e4ef6c2f866088f937fac9709700c1f9d6897cec5ce21549371bc4e43e5b2feeb943d5e99dbd9b932b7f50d20a98a9a25db35e8f1a54c59b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\BB8958F7B3BE8DE51B4D1027F7797252755EFE81

Filesize
40KB

MD5
b4a731c98d4542e863042e2e7f605fb8

SHA1
1a7a677526834f8dd86c8e64ddf88dc5d343a2d3

SHA256
b7acae0b37b0ef8237e3f050de9fc38b443c6a40ebd00a099b22eab4d62dadee

SHA512
be6db861314e1a4e97df107240682864cdeba07b3260093a637bd78b172d92fa44515d7af44696e71bc11255e5b58ad071dd0036e96ffd16b4d2631a77a7d827

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C08A59B3B1595F0BDB04750BC2DAC00002FE255F

Filesize
65KB

MD5
726c51873568b6fc9592f1ec720c6179

SHA1
3d1ee8efd2d6492dc56e7682337f8363448b0437

SHA256
2189e5f5c7f225a735d6b5a8fac630cb8ddbfbfa656c4c8b5167a9804ce6cd98

SHA512
8bd55474897df466322ec026343608e852286e4f5a7097f751d4e8915889cbeff1bb8bff81c60a40964ba2b74da736b79041dfbea1d55b8aa451d2c8aca80242

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C9D265AF42BA976B0724DAD6449EFF2B3E384F45

Filesize
6KB

MD5
a9f7dfb48960708ef7702dcc962a1bb8

SHA1
6826de098fefd8266ca2b6035f61645b6205076b

SHA256
0142c75845907b3e92d4749aee7034c31322cb29d6a9f6fc715639af82ebc451

SHA512
2f66c83ccc3a6167aaf90a83555219a771c9f741c1139cfad9a17aebe6bb3ba621c673277ff83b8862382ffeaee4babc3444cbdf7aebcf5476c95a6504c2ebe7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\CCDF696C4D34679D94013BD8D628D7146E0E5C15

Filesize
17KB

MD5
c65880b63ae7296796acdcd10b399297

SHA1
f0f69495d2d7334e56a3ea0c226f80175cd85a36

SHA256
f580a8c9c0de6d9991b1f021dc6d028687e9a4760126042c8f4007910e94f4d5

SHA512
29a8197e5a717d92b874f62f55d5a3b4402eecde5553ee6877d85adf3b345324c4c5a69410844fa0fc8a5aa76d7e85a86efe75771bc617d9b90f13b5c8a8d311

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D59EE07A85D21F921024CECB35C18B03AC2DF137

Filesize
176KB

MD5
5286c7328470748a5bcd0981229fc80b

SHA1
d7f56e966d6508349a4f94150a13ea111af27423

SHA256
c9aca960a76017e6774e602d2fb1e8f20a4c2e78ce54f08736eda17bf2498241

SHA512
7c222e908358b60766e77a7b33b3b9284a2c28d45c786ef4e0263d1c4e263a94400eb2027c698c16b823a0420d70d2fa5c6bb17824b1cf680a10e98391e737ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D6E9CCDB49E4481BD4888BB77F22C2FD9215D53B

Filesize
13KB

MD5
de211e2314baa107a94cdc197af0571f

SHA1
5528d3bd6f2717c117903cb3bb7613c1048b71eb

SHA256
74f446ab3e70001ea5d0084e6fd5875ce66ab51680426805be420f4013f06f3b

SHA512
07171ebaecea72e64875c1780799844b50a1891ba79e5ab0e42bc138a177415c9a87ef6c018baa1f708c4c68e2fb599b1b96df09ad61fbb44f1224ff6a580d28

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\DC9D9F0C28D6EBD1ADC348DC29248B1D4BA307F3

Filesize
13KB

MD5
1fb69a31806c980c2e1a89469db20347

SHA1
b34b41c945c327811aa8efa9fc4df37d9418004f

SHA256
2ada69b2e7794d18cd5ed82ce22993f0ca409cee9b64855c413c1781133617d6

SHA512
314959df65285af4d18f7ee94e5ef416902dfef46a66335cba7157c344214aa6362d4ee524380649d34ea3206d64d7817b6eb574195f383c645eea117c9eb4c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\DFB888DCB746C4131F6B747FBB6EC803A173A58E

Filesize
14KB

MD5
b8a4b4b4fd7786eaa6c71c470faf1ebf

SHA1
6ce0734fc91cf5dd11a312e6b98a7f91b2e06d59

SHA256
c4991d8eeb32932f370f9529403728ccab979962384217903c59e9228d7f1787

SHA512
d6dc0b459598fda975798d03471f269b7235bc607d097989d54f98636389e1a49f1c9acdc11b167bf949a9bf15ae264861fef3c5efec62f9fab09f07298d58e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E60CA0B984F5C2BE6D07544FADE900F74CA06F1E

Filesize
47KB

MD5
35e50f0ddf64ccc69ffaa318fb52c47a

SHA1
5582f9ea205464cc0553f42ae50627e3fc8884bb

SHA256
10cd88b9921f459cd7f8280b10f64ff7c27814dc94c8647815e7937d51853381

SHA512
9bc80eb18ba64cf1cb641dce6f9595d602c415c24ea95daa10279461390316e5a689749bb4371ba25577d5e12cba9b74a8690aecd349b77fb8cc63e203168789

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\ED2EED055161171AC36796BDF8E9622BA84EE1EC

Filesize
18KB

MD5
12eede5f14bf4c5e535384fa6223cc53

SHA1
1f7a0bbb3110f9de1acaa1a1a9a23de63f6c859c

SHA256
15ff860734a13d97a6223c771af423ddc55c42efbafdf7cb8d363c56c1687106

SHA512
51a0ce5aafff79e3480c9ab18a5d30e14038d63dfe1b1ae55b020384cacd863405a2f1446f25d7a10da8083d621a43178bb77ff465defe03c100e9068982ce29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F16254D7D513009F11050AB7A3500C4F739DB3EC

Filesize
35KB

MD5
aff8e97f3061925bc2c5282e0b1dfbd8

SHA1
e01fabf30a4b8a15ca669d0e1caa1a66be722b0c

SHA256
739e8496977d44bcab97fcca9891524a3c0213396410eff4bb4a2c11d1890026

SHA512
51ce07f3c26582ff1062fe2a014b975d98bfb4c0a4692da55a03fd8d0a500d18d7e2125eaa3922aedb1f2b70b82ac4ad6e81a9d409b1996bcd397586d73a9b07

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F71951D0F28934326CBBE00A4972F421E882765B

Filesize
218KB

MD5
fd1eb68e18a8b9dd828d0761c0610517

SHA1
f840225ade53f84e62b0faafda5812794efa7650

SHA256
ef56023ca1d7febd0c85b57ac0e7f8bd7b9379bc2a8723cced163133044902c8

SHA512
a970c6b01f2962510094496517e17f9dcdf33fbbe1b235171a3a107a04f3bc097ae795b3cde56d0ead9bab8c2afcc01d7af702d6d5b05caf3087727544500b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\7zr.exe

Filesize
812KB

MD5
fbaba140f30a11e5ff4f97d921de6d45

SHA1
d12360b79d9fe7ddc5380a22539dc7d4768ff5f3

SHA256
4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16

SHA512
cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS02FB2009\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\Assets\change_hover.png

Filesize
310B

MD5
57092634754fc26e5515e3ed5ca7d461

SHA1
3ae4d01db9d6bba535f5292298502193dfc02710

SHA256
8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1

SHA512
553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\BlueStacksInstaller.exe

Filesize
627KB

MD5
71288608c071c86508ed89ace87e2603

SHA1
315ed87ffa8ea140493659241db70d6eab8679a5

SHA256
2fde30ea7dfce2e7c0e79b36f903e0787dc39037698f1cd7cbd1eee3ae2aeed9

SHA512
7fcd84ceb273e043997b7de30a07e3079fda51dc4bb655c5ac0ba24e9c7d79af8ed5f5dee5ec41454fe16d6ed3d5668c95f07878ca08a2ec8097403f31a577e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\Locales\i18n.en-US.txt

Filesize
20KB

MD5
a1e3293265a273080e68501ffdb9c2fc

SHA1
add264c4a560ce5803ca7b19263f8cd3ed6f68f0

SHA256
1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f

SHA512
cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4D04F738\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\agynfjil.h1a\BlueStacks-Installer_5.21.510.1003.log

Filesize
129KB

MD5
cf7dead93e2f86e8d95644fcde12f645

SHA1
eccdfa0e78eb6265e321a4898b7aa8a0bd0c3519

SHA256
dedc6cb03f30f3bbde5879c8541b38ca400b491c4300540bab7758c113a936d1

SHA512
a6440b691ccbf9017fb7296293fbe24b2a601d848e6c7b9d4c79554ccff9700d1ec9a94c207c6b35888607a6a8c37852bbd85f9e62eb6ef32d25b6c1da0faf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu9B8B.tmp\Registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu9B8B.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu9B8B.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx41E4.tmp\AccessControl.dll

Filesize
8KB

MD5
65d017ba65785b43720de6c9979a2e8c

SHA1
0aed2846e1b338077bae5a7f756c345a5c90d8a9

SHA256
ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

SHA512
31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx41E4.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx41E4.tmp\UAC.dll

Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx41E4.tmp\UserInfo.dll

Filesize
4KB

MD5
9eb662f3b5fbda28bffe020e0ab40519

SHA1
0bd28183a9d8dbb98afbcf100fb1f4f6c5fc6c41

SHA256
9aa388c7de8e96885adcb4325af871b470ac50edb60d4b0d876ad43f5332ffd1

SHA512
6c36f7b45efe792c21d8a87d03e63a4b641169fad6d014db1e7d15badd0e283144d746d888232d6123b551612173b2bb42bf05f16e3129b625f5ddba4134b5b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx41E4.tmp\execDos.dll

Filesize
5KB

MD5
0deb397ca1e716bb7b15e1754e52b2ac

SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx41E4.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
22f96bccfde3e63b2ce088239e4fcbbd

SHA1
4001bd227c963cca74a290b7498963857339d364

SHA256
b71c83c3aee484a9a16b323abd4d0f9086a27d3694d74b61f7587e63d07ee971

SHA512
b42fdb9af5356951d3238d1fed6ee18c6d22863382180fef4ba98c6e967f95728fba5304a55dc77af9d0dcab0fdce1703b8db8b0de0ce2e745a360890e671c2c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
acf9e0ac73f4ff1669b874b33e2e1fb9

SHA1
0359c6fda220fcfd7e123fa16e5ab285e0741a51

SHA256
fc093c3a225ee932a3f6f63728cef566edfc8dbced16a833d1ed248ce94c5f92

SHA512
5a83fc19e5af1e87d4c2c9be6bb848d32649a59e8c3ba845663c8f74237826ab3d20280777eb424835ba0c262698956fafd1f86ccb9702f4b83f291d91959616

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
17KB

MD5
fa9f2a44a16d5def337c69a4d62883df

SHA1
ef720281750e4e8e5be686d1fad4b2a4fe28de8d

SHA256
cdf1bf90925edfb944c90be3108507ed99aaa3a9cd6d7314097eeaf85ab755ed

SHA512
7bea0ca9b666f9d5d705ea27f5a48053f2d3325511db4a1a3ff8d25a397fed63fc3c418006381bf3290b4d15e2df0242d86fad6b1d0e355497fc90f7acfee470

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
dee39fb81373f0c4999d6bc960cb3b14

SHA1
9afc3762b8ece8462151deb4ef669e9b7a1ab155

SHA256
8a9d9423f184c3e8d3d3ac83a4836edceec662958b3312e2791ea8fdfb0e188b

SHA512
ca979e09fd200d39de9c29910a8e2c8754095c317e17e147d95f4862340d5482c1d8ae74f74d92195c5fe684b9949e7293e351ef1163c378fefca41cc8848997

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
18KB

MD5
93aa8a29c62a94429bbfa9ead5af5704

SHA1
5f6e47ba4389b0177ca258cbd1b3acff0e8c4513

SHA256
1be2591a2be6eba910fa6cb419743f231f4429a0772c3730a964e53eae6187ed

SHA512
8388197edfa3b5ba1d7640a8584af4df5776a9c5afb724bef459f1d60ac99c142545e30e30979bb338953a26077b128bad1e3c82577c5253d398c994f46f6d74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\3efbf6d3-c941-4853-8428-066532749765

Filesize
713B

MD5
31f2c5bd177b75e36df8e3512674417d

SHA1
acced29a8bedccc96c9fd8ebf803e4dbf0e74b69

SHA256
6fcb1cf1782ed8d71406acb7faa478ef941f159ad9ef51ff6e002153d2e8aa62

SHA512
7f8e033738bee87849cb4bcd36de833e9e224b032e9ee0e5f950fc010f618d792a46755899a293af88181a8c40a6fe32f0294ce007bbd9296c96a820c9537cb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\4b2e0aa6-8c64-4680-94be-0b96f1d9a02e

Filesize
790B

MD5
437548fbfa443054211e50c26fdc1cb8

SHA1
779b34fc640c290f520579ac7d5dc47e1639dda3

SHA256
0386fc59c27a503a3d96d1ea4b15fb07dae3c907314fe540b837475347755f4f

SHA512
837181d1c08e859767db4b9d9799dad9dcde876ef01c29fc3116ce402ffd6259fd05a9c43a85ce0d4f5cdec73835a60708fdb5da94ecc243c0d2fbcb54811882

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b8954417-05a8-46da-94a0-33b6cc81397e

Filesize
746B

MD5
c90832038a34c5e1dee287dbfca81bb1

SHA1
2783f4ef3c0d4e584a6fdc9e379b6974c3e82cc9

SHA256
f2140726b695c7c4557b5b3ad822906e4ec7dde7446b2c8e1609000f0426752d

SHA512
c248a112944e3ffeb24bac7c80022d728aef5632ef205eb4fe8b8ce5a54d4fba73916d229c75e28d9049a96a73ce10ea12cff28e8de98aa1b4621c90ba55491b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\c79871fe-ee88-46a6-b51b-9c564b60acb9

Filesize
10KB

MD5
6ef835ec9c55aa9e79b94e9261f5978e

SHA1
ef87f3666921fca2e6b2c049d61eab51f9b53bf0

SHA256
1a56ad6802ad7bf41026da6a9369443fec01d9472763989bb79bd426d0a365fe

SHA512
b6dd34fca00f2fd91b71396d549b528a4ad8c6df06e3473b472692d4f053ee90a1206e00eb1fce43ddb7cda7047ec4a4c87c1f1525790b44cf1fef09e9fe06d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\e900ddd6-570c-408b-8a5b-b295ee98a042

Filesize
1KB

MD5
a30731ad3028db50c8beaebdba289e00

SHA1
dfd2d68f314b8bfa11caa3b9ceedd57aef85eab2

SHA256
82e942b0b3aa7a6fb4ad61d47d4ed30317f87cb14cf719cd36ef2b5937d03918

SHA512
0ca843da77d013db233973b8581be93ae211de9afd2ae0ebde089d3d9d62d743326a181646a11295c70ea381c0bebdc2a446d022df86f94db29793fc65e530cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\f6e01462-1573-44a7-935d-80551c26a6dc

Filesize
836B

MD5
4905fa00b94f833248569df103be76fb

SHA1
c81bf75fac43ee372e67b9f0c341d1c2dde76656

SHA256
d3d51979e3f69849716e829272f8bbd886d49793c62a4dfe26972e2e472085c8

SHA512
adf42f819bbfadb27949b919e435f16e49ea7e71312f5c7fbf68b725462d8bc4d5c14c20e4bd947acf195159308636958e135820dd69a8f11244bda5be6b71ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite

Filesize
5.0MB

MD5
be7c837066d6ec68eca07e712f5040bf

SHA1
11f00820583c16c574b81be6cab1ea9db4c9a489

SHA256
44a21290150e4c8cbfba73f79d5ef070fa128541d3766faf143039cc6698c3f9

SHA512
a87b4bce841333c4cd80dc1ade1bbe07f7ee9ff598620637374543085f78461c89b6e9e8def6d7d3c91df901153346e2fdc1b706d14c7bee21a6a6726af2947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
146020325d315719639ad89b5d75aa31

SHA1
eff13f802b234dfee2bd356d1c7a622ba3b75f5e

SHA256
4c34509e44de9d37b7595ffc78b50e78ec5fd3c5dc2cb7558ccb8ed6320bf73b

SHA512
d13a9a0e5bd6324e8047bf6b3a447c68d0cb5f187da6bd2bb41cc0e62a8938809d4ac1ddfe1609772fd1f29c7ee17a533b56fb0ec4aeedde45e4d1a764cee84c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
b1a7acc7e43b440881abe2014890f47e

SHA1
60d4ef16f639a944f9b6318d364b44bb6a5e0b6d

SHA256
42b061b41c670a0b6f88f6289ad294fdd8f2fde78569dd31052efb1e576612e9

SHA512
e8d8e3e93505bb9bf41cdeca3944feda8be4d78f62af49d2c121707ed4eb72deb4af0f7fcd42cdd9755ff3ffd321b0d90c903f9f434d24089fd370cbd8d60afb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
889edbdb91539be55493e06a4c6b8aee

SHA1
8385e8ca6aae114df186e858f505fa18ad462889

SHA256
a269a9da82ffcea7eca4970d75dbf4514c8a5d8f738271a1a5c3439c5f0f4b87

SHA512
6a3b49534cca45d04d1321b2a122d2d538c5fb7d083b19e36b41ddcdf97630b5dd58c9a17e5c935075ce0c09ade645f949566b801d3bac486631d0394665c87d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
b4d499245746d9b75fd630ede424ebc7

SHA1
9938dd85d323688c04dd2af59afcdcd5cb182be9

SHA256
1776fe76d48906f9362120b4a428cd42b9545030bc30a5e01ce5fa5fc1f98ff3

SHA512
d39c8a5fc80a968a4333e30f546d678f6cdfb4fd1b0917d124b42cac4985430a0270151243adb886486c553d6d828fc652ff321df93e1f366978ddc7d3947ece

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
7KB

MD5
3810cdecd6a5390a8b204d2c4fa4e963

SHA1
ef113a3fc0e20730bd2dc9888be5788b8ba8b19b

SHA256
aac1496b0ec7e2bcb230ac33c42a8ce1a0a5810c1694e455ecc1d076a25632a3

SHA512
eeb4bf6748a0690f4963897e0f54ff7d9e4d8f13354ca6b89764f8b8ba4e2936ebb4d82f02cf44603be9dbb2b3048d0540e92c49fead26e39dfd5d7a38360c19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
7KB

MD5
b660e62ac7d3c062f8f75421c2081240

SHA1
98a810213fda0b9cea3c166c8f51ea3fc27c9168

SHA256
1dada74c98db5d8235f77b22117a50fcc1fc243e14a05c45e86b1beff9fd2fb0

SHA512
588cef9fde5dd8680c389946898d87ac626099a724df3e683b64ab0be4914c36e44ef294269f42a7b1059d64ea60a3268ef255137dedfbc001547823f2283a5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
543896ca69e911b6171c5cd2aff8f801

SHA1
73cfc989544bad124f3d89ec2c05fe384e8c7829

SHA256
ea32c78ca598d0d2bdfe5a9f59c68823e9b74e005ff9fb273849586ad25a0572

SHA512
89948a659aa596cb089d4048ac0c5e18a3d8336d009e0551e6d9a453ed6af431cb7f717fd043f3e408b78d4137e8940343997806e8968aad8c57ca2223e1d80a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2292ca393f3ff3e20b9e29020746bcc5

SHA1
0e6f71b96e509cc4c7de355aba0a8937c9a00c09

SHA256
71a76e036ac1eafc84a630010133851d4a3b1a989799ce47bc20ae3684a6fb7b

SHA512
4af48da29c3cb2b74e39b6c10970f2c73bbc26f0943567f0891d8e52c0dd52ffb6b1b259e2e5e5fb298f28c5bd6e8ea8c91d4ea79b7f4ffac9db097ee99554c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
b4549851d50b78055c6face650a222b5

SHA1
df7a3aeeaad72bcfe1ebfa471c3e5b2b695b5ee6

SHA256
661c07b995f9bfdeb50f1338103b6b853b2188870c0ea3bc3cd71e69428d73ee

SHA512
25861c03f827f3969101ed9f56097e4dc5118e8308bbefedafb0ecc2475063cd1ee1695589ffc3913ef7ad5300bb5b90263967193d1493727127dc105111d456

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e0d910d563852af59d7c3ac3d5002bab

SHA1
51aa5536df5f1bbf8b644181e99d375e4a1ee561

SHA256
e408f9c992c4d4f1eeebababf2d9ccc7f042faefa07b290f56dc5f9f0b81475b

SHA512
01aaa130b55ac98fab1e0f6badf470dbd201a71f55ef934f06eb252fbe119dadcef1ca98571c7cafd2d421fcad3e67d4f026c6546976bc34897a084cf5f0e2de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
371b18e114e3fcdf2a156a7ad88036d1

SHA1
7422042683efdeff712f8d367b0b093f055a102b

SHA256
8ab0fd18136b5d5ca2f3ab809b351775637265c7abdc010b8af5462173d74663

SHA512
1065a1bcd9b3fc978d5a1d416ba4e7ea3cd278b9c0258934b006a7f822826393775621318df988f802307833d07e4d81b360c4bcbf2fcd5e44a0e6e88d070b4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
c8c1a39d7ebfd53a4ec2a0a166cdbcd8

SHA1
e5793a23feb4fb3e3ff2e6eb1d91f6295d95dc87

SHA256
9795319d16e4c5da4b7e71cb63b6ac144fe1911139d2baf69c474930ab9e60aa

SHA512
fb3f17a6c2f64df5ce90f86c27d5bcb67135a6f0a07a1f0aec4160da9405cd09012c8182cc304f6d8554b3c3e6b96aa6de512f11cba9d7882a781489f7d2b111

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
05b17875c23af29a737c9a441d6975aa

SHA1
27cbe54c73e44cc04a187581305a51acd3a2e03c

SHA256
4141131f95d68871aa4578e1089f7a5dcc49833fe635de6575b2aa9be2dd455d

SHA512
618a2f1b16ef887265668b18259e957d0fa5e9ed13872695966650d21cbfebc51805bc8cf942b5d339431e2d752676489db807fd9f789ad46f9db8ef2f796752

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
5ac8925efe693f41a77b76585ef2bf8d

SHA1
853b37f9bb2ff69b913e12a2eefb4451b92efece

SHA256
4701d71426aa98e185156425ad5c5dd9a0f572300ed488b9b7769986b03c14c7

SHA512
b8500cf38f62d2ca3d7e978c644e95639444ad48e0da3bfa03673bdce81a7153ae4b52ff7596a7cc0ef938c0bbe2cda284c32f769f882938a0e43337e03c4f46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
70b647931f8a4af0479c17c3fb2db8a3

SHA1
aacbf6131701ae032e000747070ad2cf2ca365ee

SHA256
39459f1d31153936671f361b8292b02f8190d5d0198bd7d87be8728002fba441

SHA512
947ef86cdeaa5e2211e351f128737361be9d51db0cdefeb55d06b6123273adbb68a1af37036b873819381d5fdcbdb04d16ed28803f4ab3eed48d071f17210a37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9d2dc8694dd194b84141c07bcd4047d3

SHA1
17c2c1ca40eece866276e5704d84094c453b1c7a

SHA256
6daeacbec9de2e42fad83fed9f6f8968c8603e9b6a44aa9f4dc927fa1e9b19f4

SHA512
f4ed8cd4d8f0c9f6dd9fd374fc9aa59ad3658c7a39a206c2e57333e4a1c7c4ff727ceb5d120b0686d33a4d6b5ab82de008b83c275fbd1e34bcd52eca41ae01b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
96dc2099a80f70edb233a14103499e7b

SHA1
360573a42a293562c0da287a015ef24f9c4eb3cd

SHA256
a170f27390ee981e2bea1982cb9cad22d81da5193c99710015160d628aac40a1

SHA512
330de645bada90465983324d85514065056c4a5c4dbc0666e87b2c6d656614fed78737f2c8fd752662a7210627bc78751d4320f86468f39eb6c19d90d6a14304

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
56ac2669b3c1f4e3922f738713529842

SHA1
91c5ded5ba034c027ed3b44eeecf7ccd92fcfad2

SHA256
3abd02b127992fe54b3257d4f214da0b1bad87137e7e7e3f3021301ce8e61c08

SHA512
990998ca3dade30e395b6f60902a60a354369734c2ed0c0544b75ec351116361f4aa9ab99cf6b55bde4ad65f7f437ffc0be8f6c966c6ea2b86a73d4047632823

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
08440f14146a3240ca7e666b0c1e0d53

SHA1
6d252e6651c696d66dd5ff0a5c47ddac17a5b248

SHA256
fc64a3a1379f29aa0b417b1dd84468d2d71245e4598a71b306e54be2f4486886

SHA512
20a9adc39335adc75ed78da99e750ed9ca70d4ca2b3f342f2485bf5c709c9853a4e334e534f3100efe5e210145b02dce0fb110147e3969d8360fbc93ca64de34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
30e549b2607ceb2293e215972aca2162

SHA1
109c01f0c1046e2a0b88f911d73cbbaeba3c5864

SHA256
d1c24949068871eda3dd629d1792305cc6af10c6bb50156dcc089cf06f1cb8c0

SHA512
d4b90ade98893b95a0fc0f05d78c148fcff204b9f0104b951dc328df92b23fa3151df9cc7d52e216493dd00bfb43356634b39478a668a834234d66ca13713fd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
18KB

MD5
95eb3efeb3800a3ff0ee13b82a118098

SHA1
c0e6de236e60d9be223240ce088802a103fdbb0a

SHA256
448a9c8c533337001e1666cc9b98468a9416e3b506334c5f7fa1cbbd8aa4d440

SHA512
8ca872fc48d79ce4bc7c8afc12925da0f0e9e99a65a79f5bf9528aca7843fffa1febf502d4df0e8fbb7545fb0d4a7995b60f269e46d11cd98d4b7bb93ed3846a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++mega.nz\cache\morgue\92\{23be228d-51ff-4c8f-9176-cd64a3cc5d5c}.final

Filesize
1KB

MD5
3efa9abd92666265dd81c4f4311a96f9

SHA1
41b6b716d67b93555e444cd453f3c6e3f8c9522c

SHA256
5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7

SHA512
5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++mega.nz\idb\3713173747_s_edmban.sqlite

Filesize
48KB

MD5
c79d7b172062ec89bc5a18a4550a7653

SHA1
c28ec974419875bfef1147b55ca89d7d1081b75a

SHA256
3da3ea6940bdc6f931ca3e107df7da2ea3c007dcbf77c43eb87fdd72d1641c37

SHA512
c67819569d04f42585e460e00dbb6cc9bf7eb106f8d36d2a58d6b507ad036d11912cb354cf1f01edd65b1c0c97bb7ef139957d39d3bd166b7cdfcdf4ccee1597

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
7f868e557b098795d645df9ea302427f

SHA1
001f3306144559b4049a8ab139b4139f51e59c0e

SHA256
b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5

SHA512
56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json.tmp

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
493B

MD5
041041d22e62fa32030852c674216bd2

SHA1
b2339aa65ca570c9185807836a833a8aa1b0724d

SHA256
b581ef34cae4ebd6a2a3a6a6ce7f48b32bce1a849431dabf97a910bd3741b7f4

SHA512
03f6d55396b167db2cb98be2f625583248514440597cae7a76a51d2b622e60d798cca6d072bcd44ab7f9ce03c4eb2609f51739b991fa8a0d39d93829de49d6e2

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State~RFe5acefa.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
57B

MD5
2c5eeaacd3cd5fe3c83b1b59207defa5

SHA1
19257008a112c27522d5b02c80089286722ad046

SHA256
98dc16ab0481fda54c247771465a0a64e3d1eb2e669c873bf1c5f88d153f8530

SHA512
0af11b0c299b70d292483cf2ae7a442a1fc6024a2593da62ba653a8cc11003370ebb6b36954c19bd47a8da7c1948f9fb8db8a852633b5cf30361a28ccdfca027

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-401930941948ac45

Filesize
92B

MD5
932ef640554e6c76ea6692fa1748b547

SHA1
add59d47be38972738076ab3f07bca37f100b576

SHA256
c5f5de44f6c9a5171b6e33f121fdf9975f98ec77e04e5df779de1e69990327e3

SHA512
5dc0c6c45a24069e8fc0570aaca3107f0d6ec99a3a7d1c2e1f6ead1499417c3b9647302973341c09f0a3d7797eaadb7b3045751b27f99ceae152f1fa4a795202

Download Submit
C:\Users\Admin\Downloads\BlueStacks10Installer_10._468WjFV.41.510.1006_native_13ad5962a1b5a19229078dc63ce5b819_MDs1LDM7MTUsMTsxNSw0OzE1LA==.exe.part

Filesize
912KB

MD5
90e3edf39bfde7d3b841443ad22707a5

SHA1
001a05a2e6398db229d0e9911305fb09f05f4306

SHA256
59bdef6c93910de0e4036c73c537d9d13e12a9754fd40ff928b5b4b328843ef2

SHA512
4eb4acfb707aecc8b496c37b8de462d0c2823e2f4e976bb8c4c45da946e6f1046690dd55ddbb1819ea71e606cdd85bed316011b3d18d136f73c5e8eab1260c28

Download Submit
C:\Windows\System32\storage.json

Filesize
51B

MD5
aa9ab927f7bc1bc84ada9519e58f9650

SHA1
a9515474d15f9cd43c4f1c30b2c7041d6c6b05c4

SHA256
3cb23b535845ddd6fd6160dbb5fb6b14096161d3e632e0dc424a788875c85094

SHA512
b5bb47ea20ec20587e29dd3b6f8f68e7f8ac567e087b1e432320c3264769ae5e03b16693f5c9d4ba38a0c67d2f2a071b3ee7d104e75cbfaa0aa9342515f0085c

Download Submit
\Users\Admin\AppData\Local\Temp\nso7377.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
\Users\Admin\AppData\Local\Temp\nso7377.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
\Users\Admin\AppData\Local\Temp\nso7377.tmp\nsDialogs.dll

Filesize
9KB

MD5
f7b92b78f1a00a872c8a38f40afa7d65

SHA1
872522498f69ad49270190c74cf3af28862057f2

SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

Download Submit
\Users\Admin\AppData\Local\Temp\nso7377.tmp\nsDui.dll

Filesize
3.0MB

MD5
7a23ec36ca7bb8869d7723db33fe2139

SHA1
e87bc46b5c50bb28ac287387f770365bebf0314a

SHA256
2d3563873297e69113eaeb8e5865a79f12919cc2865e9039d6a47dd4cd083d9f

SHA512
6561f13bbae32a0bd2dd9fa8f5366adff1941ade9b0138ab9d0099facc4a00124bcee9e2beb433bcc39f773ac32fea1e3712d7bc16f40825346fec5fb49255b0

Download Submit
\Users\Admin\AppData\Local\Temp\nso7377.tmp\nsis7z.dll

Filesize
434KB

MD5
95f6f6ab9509bc366ab9215defe4251a

SHA1
e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b

SHA256
a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50

SHA512
a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc

Download Submit
memory/4520-16422-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16349-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15296-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-17021-0x0000000073730000-0x000000007373B000-memory.dmp

Filesize
44KB

Download
memory/4520-15300-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15316-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15331-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15353-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15365-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15370-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15391-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15389-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15383-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15400-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15409-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15428-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15425-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15420-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15415-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15414-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15433-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15439-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15438-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15443-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15479-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15488-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15487-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15493-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15504-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15512-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15513-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15519-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15518-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15523-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15528-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15534-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15540-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15543-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15549-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15555-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15554-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15559-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15564-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15579-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15590-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15608-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15607-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15601-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15598-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15627-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15625-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15634-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15654-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15649-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15645-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15643-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15662-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15666-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15688-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15697-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15696-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-15708-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16316-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16324-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16332-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16337-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16341-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-17022-0x0000000073730000-0x000000007373B000-memory.dmp

Filesize
44KB

Download
memory/4520-16354-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16363-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16361-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16374-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16380-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16561-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16385-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16388-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16420-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16412-0x0000000073730000-0x000000007373B000-memory.dmp

Filesize
44KB

Download
memory/4520-16413-0x0000000073730000-0x000000007373B000-memory.dmp

Filesize
44KB

Download
memory/4520-16419-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/4520-16418-0x0000000073850000-0x000000007385B000-memory.dmp

Filesize
44KB

Download
memory/5580-947-0x0000000000A30000-0x0000000000AD0000-memory.dmp

Filesize
640KB

Download
memory/5580-958-0x000000001FED0000-0x000000001FF08000-memory.dmp

Filesize
224KB

Download
memory/5580-969-0x000000001CAC0000-0x000000001CAC8000-memory.dmp

Filesize
32KB

Download
memory/5580-956-0x000000001D3F0000-0x000000001D916000-memory.dmp

Filesize
5.1MB

Download
memory/5580-949-0x000000001B770000-0x000000001B7D8000-memory.dmp

Filesize
416KB

Download
memory/6896-10508-0x0000000000170000-0x0000000000198000-memory.dmp

Filesize
160KB

Download
memory/6896-10509-0x000000001ADF0000-0x000000001AED4000-memory.dmp

Filesize
912KB

Download
memory/6924-16841-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16837-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16424-0x00007FFC011F0000-0x00007FFC015F2000-memory.dmp

Filesize
4.0MB

Download
memory/6924-16858-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16857-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16856-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16855-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16854-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16853-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16852-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16851-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16850-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16849-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16848-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16847-0x0000029E49610000-0x0000029E49611000-memory.dmp

Filesize
4KB

Download
memory/6924-16845-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16844-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16843-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16842-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16425-0x00007FFBF5320000-0x00007FFBF586D000-memory.dmp

Filesize
5.3MB

Download
memory/6924-16840-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16839-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16838-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16426-0x00007FF697E10000-0x00007FF69CA2C000-memory.dmp

Filesize
76.1MB

Download
memory/6924-16836-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16835-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16834-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16833-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16832-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16831-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16830-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16829-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16828-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16827-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16826-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16825-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16824-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16823-0x0000029E49600000-0x0000029E49601000-memory.dmp

Filesize
4KB

Download
memory/6924-16431-0x0000029E43F30000-0x0000029E44132000-memory.dmp

Filesize
2.0MB

Download
memory/6924-16429-0x0000029E43AE0000-0x0000029E43F22000-memory.dmp

Filesize
4.3MB

Download
memory/6976-10511-0x000000001D8C0000-0x000000001D940000-memory.dmp

Filesize
512KB

Download
memory/6976-12375-0x00000000241B0000-0x00000000241BE000-memory.dmp

Filesize
56KB

Download
memory/6976-12361-0x0000000021900000-0x0000000021922000-memory.dmp

Filesize
136KB

Download
memory/6976-10510-0x0000000000F20000-0x0000000000F76000-memory.dmp

Filesize
344KB

Download
memory/6976-12360-0x00000000218C0000-0x00000000218C8000-memory.dmp

Filesize
32KB

Download
memory/7040-11903-0x00007FFC119E0000-0x00007FFC119E1000-memory.dmp

Filesize
4KB

Download
memory/7040-12315-0x00000205C0B90000-0x00000205C1FC7000-memory.dmp

Filesize
20.2MB

Download
memory/7040-11904-0x00007FFC0F570000-0x00007FFC0F571000-memory.dmp

Filesize
4KB

Download