Malware Analysis Report

2025-08-05 21:09

Sample ID 241021-q5rqtawdna
Target https://deltaexploits.gg/delta-executor-mobile
Tags
discovery evasion execution persistence privilege_escalation spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://deltaexploits.gg/delta-executor-mobile was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution persistence privilege_escalation spyware stealer

Modifies Windows Firewall

Downloads MZ/PE file

Stops running service(s)

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Enumerates processes with tasklist

Drops file in System32 directory

Drops file in Program Files directory

Launches sc.exe

Browser Information Discovery

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Checks SCSI registry key(s)

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 13:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 13:50

Reported

2024-10-21 14:00

Platform

win10v2004-20241007-en

Max time kernel

489s

Max time network

494s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://deltaexploits.gg/delta-executor-mobile

Signatures

Downloads MZ/PE file

Stops running service(s)

evasion execution

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Bootstrapper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.580.1019_amd64_native.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe N/A
N/A N/A C:\ProgramData\BlueStacksServicesSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-ForceGPU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\7z.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.580.1019_amd64_native.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-ForceGPU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden" C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\storage.json C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
File created C:\Windows\system32\storage.json C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libremap_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libinvert_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\imageformats\qgif.dll C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ar.pak C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\brotlidec.dll C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Controls\qmldir C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\account C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\now.gg.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libmotiondetect_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Qt6QuickTemplates2.dll C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Qt6RemoteObjects.dll C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Setting_Hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\www\offline_cef.html C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\translations\qt_da.qm C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Dialogs\qmldir C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_output\libdrawable_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\concrt140.dll C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\discord_game_sdk.dll C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\QtQml\qmldir C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\account\Choose_img6.png C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\vi.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\position\qtposition_serialnmea.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Qt6WebChannelQuick.dll C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtWebChannel C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorBack_Default.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\language\th.qm C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\language\cht.qm C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\access\libaccess_concat_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\access\libscreen_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libi420_nv12_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fil.pak C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\glfw3.dll C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\overlay.png C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\Search\mini_cloud.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\msvcp140_2.dll C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\Search\Search.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\HD-ComRegistrar.exe C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\libcrypto-1_1-x64.dll C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtWebSockets C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\boost_json-vc142-mt-x64-1_76.dll C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\MyGames\Card_Detail_page.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-stdio-l1-1-0.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libcroppadd_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\video_splitter\libwall_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_200p.pak C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Qt6QuickDialogs2QuickImpl.dll C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Help_Hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Marketplace.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\zh-TW.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\translations\qt_ar.qm C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libscene_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Qt5Compat\GraphicalEffects\private C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\close_pressed.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Setting_Hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\liboldmovie_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\QtQuick\Dialogs\quickimpl\qtquickdialogs2quickimplplugin.dll C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\family\Rubik-Medium.ttf C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\language\de.qm C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\QtQuick\Templates\qmldir C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\sv.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BlueStacks X\7z.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.580.1019_amd64_native.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\BlueStacksServicesSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\BlueStacksInstaller.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\URL Protocol C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\shell\open\command C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\shell C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\"" C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\shell\open C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\ C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{F70C2F64-C6C0-4048-9820-F21A2D5C71AC} C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0" C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e80922b16d365937a46956b92703aca08af0000 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\ = "URL:bstsrvs" C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\ C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 776289.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe N/A
N/A N/A C:\ProgramData\BlueStacksServicesSetup.exe N/A
N/A N/A C:\ProgramData\BlueStacksServicesSetup.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\ProgramData\BlueStacksServicesSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2624 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 4544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2624 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://deltaexploits.gg/delta-executor-mobile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e4f646f8,0x7ff9e4f64708,0x7ff9e4f64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6400 /prefetch:8

C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe"

C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe" --cmd checkHypervEnabled

C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\HD-CheckCpu.exe" --cmd checkHypervEnabled

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe" --cmd checkSSE4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1

C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe

"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe" -s

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c green.bat

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="BlueStacksWeb"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Cloud Game"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -versionMachineID=3a1a8e4d-40d7-4bcc-8b77-245f2250264d -machineID=91862f82-13aa-42d8-b253-30aa9b2f895a -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.580.1013 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe" -versionMachineID=3a1a8e4d-40d7-4bcc-8b77-245f2250264d -machineID=91862f82-13aa-42d8-b253-30aa9b2f895a -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.580.1013 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe" -versionMachineID="3a1a8e4d-40d7-4bcc-8b77-245f2250264d" -machineID="91862f82-13aa-42d8-b253-30aa9b2f895a" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bsx" -bsxVersion="10.41.580.1013" -country="GB" -skipBinaryShortcuts -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -md5=1090a6897bc62913a9546859e77fc4aa -app64=

C:\ProgramData\BlueStacksServicesSetup.exe

"C:\ProgramData\BlueStacksServicesSetup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"

C:\Windows\SysWOW64\find.exe

find "BlueStacksServices.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\" -aoa

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1712,i,11688352143048134405,14577311356548468680,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cscript.exe

cscript.exe

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1924 --field-trial-handle=1712,i,11688352143048134405,14577311356548468680,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-ForceGPU.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 1 2

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 4 2

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 2 2

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 1 1

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 4 1

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2700 --field-trial-handle=1712,i,11688352143048134405,14577311356548468680,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 2 1

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe" --cmd checkSSE4

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\ProgramData\Pie64_5.21.580.1019.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\\HD-GLCheck.exe" 2

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\\HD-GLCheck.exe" 3

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\\HD-GLCheck.exe" 1

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe" --cmd checkSSE3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"

C:\Windows\system32\sc.exe

sc.exe delete BlueStacksDrv_nxt

C:\Windows\SYSTEM32\reg.exe

"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\n1uhlfua.2d0\RegHKLM.txt"

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\n1uhlfua.2d0\*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

"C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe"

C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe

BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe

BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=4332 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x310 0x470

C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe

BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=7296 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3228 --field-trial-handle=1712,i,11688352143048134405,14577311356548468680,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\BlueStacks X\7z.exe

"C:\Program Files (x86)\BlueStacks X\7z.exe" x C:/Users/Admin/Downloads/Delta-2.645.665.apk AndroidManifest.xml "-oC:/Users/Admin/AppData/Local/BlueStacks X/cache/ApkParser"

C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.580.1019_amd64_native.exe

"C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.580.1019_amd64_native.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Bootstrapper.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\BlueStacksInstaller.exe" -s -defaultImageName="Pie64" -imageToLaunch="Pie64" -skipBinaryShortcuts -appToLaunch="bsx" -parentpath="C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.580.1019_amd64_native.exe"

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-ForceGPU.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 1 2

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 4 2

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 2 2

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 1 1

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 4 1

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 2 1

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\BlueStacks X\Pie64_5.21.580.1019.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\\HD-GLCheck.exe" 2

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\\HD-GLCheck.exe" 3

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\\HD-GLCheck.exe" 1

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe" --cmd checkSSE3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\sc.exe

sc.exe delete BlueStacksDrv_nxt

C:\Windows\SYSTEM32\reg.exe

"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\c3avgdso.ivs\RegHKLM.txt"

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\c3avgdso.ivs\*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloud.bluestacks.com/bs3/help_articles?article=bsx_engine_install_instruction&launcher_version=10.41.580.1013

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9e4f646f8,0x7ff9e4f64708,0x7ff9e4f64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 deltaexploits.gg udp
US 172.67.203.155:443 deltaexploits.gg tcp
US 8.8.8.8:53 du0pud0sdlmzf.cloudfront.net udp
DE 54.230.55.59:443 du0pud0sdlmzf.cloudfront.net tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 155.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.55.230.54.in-addr.arpa udp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 ndymehnthakuty.com udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 nhisdhiltewasver.com udp
US 172.67.151.29:443 ndymehnthakuty.com tcp
GB 143.204.176.42:443 getrunkhomuto.info tcp
GB 18.244.140.79:443 ghabovethec.info tcp
GB 18.154.84.31:443 nhisdhiltewasver.com tcp
GB 18.154.84.31:443 nhisdhiltewasver.com tcp
US 8.8.8.8:53 ukankingwithea.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 172.67.192.190:443 ukankingwithea.com tcp
US 172.67.192.190:443 ukankingwithea.com tcp
US 172.67.192.190:443 ukankingwithea.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
DE 18.155.153.118:80 crt.rootg2.amazontrust.com tcp
BE 64.233.184.84:443 accounts.google.com udp
US 8.8.8.8:53 29.151.67.172.in-addr.arpa udp
US 8.8.8.8:53 42.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 79.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 31.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 190.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 118.153.155.18.in-addr.arpa udp
GB 143.204.176.42:443 getrunkhomuto.info tcp
US 8.8.8.8:53 vpnbest.cc udp
DE 207.154.213.139:443 vpnbest.cc tcp
US 8.8.8.8:53 www.savinist.com udp
US 104.21.77.171:443 www.savinist.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 35.157.200.183:443 www.opera.com tcp
US 8.8.8.8:53 139.213.154.207.in-addr.arpa udp
US 8.8.8.8:53 171.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
GB 142.250.179.238:443 www.googleoptimize.com tcp
GB 104.82.234.15:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 183.200.157.35.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 15.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 232.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
DE 35.157.200.183:443 www.opera.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 url.giveaff.com udp
US 54.196.173.211:443 url.giveaff.com tcp
US 8.8.8.8:53 link.bilebito.com udp
NL 34.147.12.223:443 link.bilebito.com tcp
US 8.8.8.8:53 211.173.196.54.in-addr.arpa udp
US 8.8.8.8:53 223.12.147.34.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.17.150.117:443 www.mediafire.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.21.63.106:443 www.ezojs.com tcp
DE 18.155.153.66:443 cdn.amplitude.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
GB 172.217.169.78:443 translate.google.com tcp
US 8.8.8.8:53 117.150.17.104.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 106.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 104.19.208.227:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 172.67.73.78:443 www.mediafiredls.com tcp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 172.217.169.10:443 translate.googleapis.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 44.229.226.10:443 api.amplitude.com tcp
GB 142.250.180.3:443 www.google.co.uk tcp
GB 74.125.206.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 otnolatrnup.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bshr.ezodn.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 104.21.87.79:443 bshr.ezodn.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 6.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.208.19.104.in-addr.arpa udp
US 8.8.8.8:53 223.187.37.13.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 156.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 10.226.229.44.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
IE 54.76.45.185:443 ad.crwdcntrl.net tcp
DE 52.85.92.127:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
IE 54.77.111.56:443 ad.crwdcntrl.net tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com udp
GB 172.217.169.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 127.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 56.111.77.54.in-addr.arpa udp
US 8.8.8.8:53 185.45.76.54.in-addr.arpa udp
GB 2.22.249.53:443 www.bing.com tcp
US 8.8.8.8:53 53.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.22.249.60:443 r.bing.com tcp
GB 2.22.249.60:443 r.bing.com tcp
GB 2.22.249.63:443 r.bing.com tcp
GB 2.22.249.63:443 r.bing.com tcp
US 8.8.8.8:53 60.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 63.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.14:443 login.microsoftonline.com tcp
US 8.8.8.8:53 www.bluestacks.com udp
DE 52.85.92.82:443 www.bluestacks.com tcp
DE 52.85.92.82:443 www.bluestacks.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 82.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 webapi-cloud.bluestacks.com udp
US 34.120.235.88:443 webapi-cloud.bluestacks.com tcp
US 8.8.8.8:53 cdn-www.bluestacks.com udp
GB 2.19.117.155:443 cdn-www.bluestacks.com tcp
GB 2.19.117.155:443 cdn-www.bluestacks.com tcp
GB 2.19.117.155:443 cdn-www.bluestacks.com tcp
GB 2.19.117.155:443 cdn-www.bluestacks.com tcp
GB 2.19.117.155:443 cdn-www.bluestacks.com tcp
GB 2.19.117.155:443 cdn-www.bluestacks.com tcp
US 8.8.8.8:53 cmp.inmobi.com udp
DE 18.155.153.90:443 cmp.inmobi.com tcp
GB 2.19.117.155:443 cdn-www.bluestacks.com udp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 88.235.120.34.in-addr.arpa udp
US 8.8.8.8:53 155.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 90.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 181.86.160.34.in-addr.arpa udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 3.122.71.66:443 api.cmp.inmobi.com tcp
DE 3.122.71.66:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 66.71.122.3.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 74.125.206.156:443 stats.g.doubleclick.net udp
GB 142.250.180.3:443 www.google.co.uk udp
US 34.160.86.181:443 cloud.bluestacks.com udp
US 34.120.235.88:443 webapi-cloud.bluestacks.com tcp
US 8.8.8.8:53 ak-build.bluestacks.com udp
GB 2.19.117.166:443 ak-build.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com udp
US 34.120.235.88:443 webapi-cloud.bluestacks.com udp
US 8.8.8.8:53 166.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
FR 13.37.187.223:443 g.ezoic.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
GB 87.248.114.12:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
DE 79.127.216.47:443 id.a-mx.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
DE 141.95.98.65:443 id5-sync.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 c3.a-mo.net udp
US 34.120.107.143:443 oajs.openx.net tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 dnacdn.net udp
DE 79.127.216.47:443 c3.a-mo.net tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
GB 142.250.200.36:443 www.google.com tcp
US 34.120.107.143:443 oajs.openx.net udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
DE 52.222.191.78:443 hb.yellowblue.io tcp
DE 51.38.120.206:443 onetag-sys.com tcp
IE 63.34.224.137:443 ap.lijit.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
FR 163.5.194.30:443 prebid.a-mo.net tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 download2443.mediafire.com udp
US 199.91.155.184:443 download2443.mediafire.com tcp
US 199.91.155.184:443 download2443.mediafire.com tcp
US 8.8.8.8:53 14dd361eaf5ed1f485a346c21652bd2e.safeframe.googlesyndication.com udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 78.191.222.52.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 30.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 137.224.34.63.in-addr.arpa udp
GB 142.250.180.1:443 14dd361eaf5ed1f485a346c21652bd2e.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 184.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 185.235.87.47:443 gem.gbc.criteo.com tcp
NL 185.235.87.144:443 ag.gbc.criteo.com tcp
US 104.18.159.164:80 otnolatrnup.com tcp
US 104.18.159.164:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
GB 54.230.10.77:443 woreppercomming.com tcp
US 8.8.8.8:53 www.chancial.com udp
US 172.67.141.135:443 www.chancial.com tcp
DE 35.157.200.183:443 www.opera.com tcp
US 8.8.8.8:53 47.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 144.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 164.159.18.104.in-addr.arpa udp
US 8.8.8.8:53 77.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 135.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
US 3.165.148.124:443 check.analytics.rlcdn.com tcp
US 8.8.8.8:53 124.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 ak-build.bluestacks.com udp
GB 2.19.117.151:443 ak-build.bluestacks.com tcp
US 8.8.8.8:53 151.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
N/A 127.0.0.1:61961 tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
N/A 127.0.0.1:61968 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
N/A 127.0.0.1:54885 tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 wallet.now.gg udp
US 34.96.124.47:443 wallet.now.gg tcp
US 8.8.8.8:53 47.124.96.34.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 wallet.now.gg udp
US 8.8.8.8:53 wallet.now.gg udp
US 34.96.124.47:443 wallet.now.gg tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 fcmregistrations.googleapis.com udp
GB 172.217.169.42:443 fcmregistrations.googleapis.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
BE 108.177.15.188:5228 mtalk.google.com tcp
US 8.8.8.8:53 188.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 storage.googleapis.com udp
GB 172.217.169.59:443 storage.googleapis.com tcp
US 8.8.8.8:53 59.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 cloud-api-cdn.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 2.19.117.169:443 cloud-api-cdn.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 bsxplayer.bluestacks.com udp
US 8.8.8.8:53 x-api.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 163.181.154.239:443 x-api.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 ak-build.bluestacks.com udp
GB 2.19.117.166:443 ak-build.bluestacks.com tcp
GB 2.19.117.169:443 cloud-api-cdn.bluestacks.com tcp
GB 2.19.117.169:443 cloud-api-cdn.bluestacks.com tcp
US 8.8.8.8:53 239.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 169.117.19.2.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 163.181.154.239:443 x-api.bluestacks.com tcp
US 8.8.8.8:53 bst-launcher-sgp.bluestacks.cn udp
US 8.8.8.8:53 bsxplayer.bluestacks.com udp
US 8.8.8.8:53 dev-x.bstkinternal.net udp
SG 8.214.38.30:443 dev-x.bstkinternal.net tcp
GB 163.181.154.242:443 bsxplayer.bluestacks.com tcp
GB 79.133.176.235:443 bst-launcher-sgp.bluestacks.cn tcp
US 8.8.8.8:53 242.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 30.38.214.8.in-addr.arpa udp
US 8.8.8.8:53 235.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 dev-x.bstkinternal.net udp
SG 8.214.38.30:443 dev-x.bstkinternal.net tcp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 8.8.8.8:53 cloud-api-cdn.bluestacks.com udp
US 8.8.8.8:53 now.gg udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 2.19.117.144:443 cloud-api-cdn.bluestacks.com tcp
GB 54.230.10.44:443 now.gg tcp
US 8.8.8.8:53 144.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 44.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 cdn.now.gg udp
GB 2.19.117.148:443 cdn.now.gg tcp
GB 2.19.117.148:443 cdn.now.gg tcp
GB 2.19.117.148:443 cdn.now.gg tcp
US 8.8.8.8:53 148.117.19.2.in-addr.arpa udp
GB 2.19.117.148:443 cdn.now.gg tcp
GB 2.19.117.148:443 cdn.now.gg tcp
GB 2.19.117.148:443 cdn.now.gg tcp
GB 2.19.117.148:443 cdn.now.gg tcp
GB 2.19.117.148:443 cdn.now.gg tcp
GB 2.19.117.148:443 cdn.now.gg tcp
GB 2.19.117.148:443 cdn.now.gg tcp
GB 2.19.117.148:443 cdn.now.gg tcp
GB 2.19.117.148:443 cdn.now.gg tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 cdn-bgp.bluestacks.com udp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
US 8.8.8.8:53 cdn-icon.bluestacks.com udp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.145:443 cdn-icon.bluestacks.com tcp
GB 2.19.117.145:443 cdn-icon.bluestacks.com tcp
GB 2.19.117.145:443 cdn-icon.bluestacks.com tcp
GB 2.19.117.145:443 cdn-icon.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.145:443 cdn-icon.bluestacks.com tcp
US 8.8.8.8:53 164.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 145.117.19.2.in-addr.arpa udp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
GB 2.19.117.166:443 ak-build.bluestacks.com tcp
GB 2.19.117.166:443 ak-build.bluestacks.com tcp
GB 2.19.117.144:443 cloud-api-cdn.bluestacks.com tcp
GB 2.19.117.144:443 cloud-api-cdn.bluestacks.com tcp
US 8.8.8.8:53 cdn-icon.bluestacks.com udp
GB 2.19.117.145:443 cdn-icon.bluestacks.com tcp
GB 2.19.117.145:443 cdn-icon.bluestacks.com tcp
GB 2.19.117.145:443 cdn-icon.bluestacks.com tcp
GB 2.22.249.43:443 www.bing.com tcp
GB 2.22.249.43:443 www.bing.com tcp
GB 2.22.249.43:443 www.bing.com tcp
US 8.8.8.8:53 43.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.180.3:443 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.180.3:443 www.google.co.uk udp
GB 142.250.200.10:443 translate.googleapis.com udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn-bgp.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 2.19.117.164:443 cdn-bgp.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 172.217.169.59:443 storage.googleapis.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 cloud-api-cdn.bluestacks.com udp
GB 2.19.117.144:443 cloud-api-cdn.bluestacks.com tcp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com udp
US 8.8.8.8:53 support.bluestacks.com udp
US 216.198.54.1:443 support.bluestacks.com tcp
US 8.8.8.8:53 1.54.198.216.in-addr.arpa udp
US 8.8.8.8:53 static.zdassets.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 172.67.142.245:443 use.fontawesome.com tcp
US 104.18.73.113:443 static.zdassets.com tcp
US 8.8.8.8:53 bluestacks.zendesk.com udp
US 172.67.142.245:443 use.fontawesome.com udp
US 216.198.53.1:443 bluestacks.zendesk.com tcp
US 172.67.142.245:443 use.fontawesome.com tcp
US 172.67.142.245:443 use.fontawesome.com udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 245.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 113.73.18.104.in-addr.arpa udp
US 8.8.8.8:53 1.53.198.216.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 bluestacks-zendesk-com.disqus.com udp
US 8.8.8.8:53 ekr.zdassets.com udp
US 172.67.142.245:443 use.fontawesome.com tcp
US 199.232.192.134:443 bluestacks-zendesk-com.disqus.com tcp
US 104.18.70.113:443 ekr.zdassets.com tcp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 disqus.com udp
US 151.101.128.134:443 disqus.com tcp
US 3.165.148.98:443 c.disquscdn.com tcp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.128.101.151.in-addr.arpa udp
US 8.8.8.8:53 113.70.18.104.in-addr.arpa udp
US 8.8.8.8:53 98.148.165.3.in-addr.arpa udp
US 216.198.53.1:443 bluestacks.zendesk.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_2624_ZOEMGWFMLVBGPWJN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11f2a8283a5cae32013dd6b2c94fcd1b
SHA1 727c94a83c45e7a6b77795d7a3cd5c818727ce89
SHA256 cda842bbe5eddad0b3623572038b05cf7c571699ce75a357771b2d3d2a81e4a7
SHA512 a3af80e373f1f0563482026ea00ac208bc5fd9a19927ed7d2793f00ceae6ec95fe54158e9ac5ba9db1ba71eb1ce08277cfa35252248405ef16b6479158e2ad4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7a0d83f380458f321a43ede88ef9a735
SHA1 b5ee04e905a59229cff1793c78a8bcf23ec8d781
SHA256 8cae0e71b00b127b82b2d6e3d35d1ca36ed1839dc8eb96f03b90f713020efd46
SHA512 5903a984d2be75b8ad0f49a0f67b42a03c42381a5b7dff3c26a7314c116a8f9d0fd8373f54818a33e1b858ff791f4b015cafcd19d7927ba14b81322569f36a35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ffb0d35ad7952efcb48a610a8e4d3c46
SHA1 16b6428c388ed113c3c70547b71d255469628e7e
SHA256 192caeaf239245830b4e118772df4c268baf6721ff839e9e8ce789ada1575035
SHA512 459c8b88d541b4eb69de6cdf4f2e1e5cac743153345675de4c7df6ff8d71f9f4b6128979f88af4b58606ebb0aa08010e47cfab4dc844e9dfe0261201bc593c00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53c623a8b79e00ea6de70ad88e6c3495
SHA1 046307c3326095d025edd7fc547148cfc1c0f748
SHA256 a9332aaec5f6e8651adc3adb49ba462373ca3dea4018d12693ac9afa6fea884f
SHA512 3c4aae34384b5ed2a78d3e1dad197acf9aae3a349106f0e295d9ccb9e00b079737160d370f2aa0e814c543e5e479dc1718143eb2d2317d4aa556cfe6ed182a8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5823b0.TMP

MD5 ee0275b24f41e27edf9b5bad9306b37c
SHA1 f86654367f546e1301340bb8a9caf5568f5027d9
SHA256 76c44864b9e90f2a8dc7b611cc66adc42d9103e0717cb07fc8fd51579222dd80
SHA512 0e33d118ffaa2db82d9a90f1d5ac9df7ebbaa40e58b44d44e31757d6a66804d7bf1f324ea072943f85ec8811f9a07105ff7706736c024e01e10d992a72aed2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e1d878f08350eec97c826ca591d3b09d
SHA1 3fab4910f6b60667604be44f67017e34ef4182f8
SHA256 8bd2dab53892cdf4e5fbb09b1e5ce9d61ea375701dc5f986b55cb9c599a62ca7
SHA512 26efdb62e04b85b5d8feb67d37bb07c1d8d9712fe1c99a51053ac78c2757430ced52f8d5bb377380def3c40d2ea06e80d7403c9a4059fb17c8392bba0250832d

C:\Users\Admin\Downloads\Unconfirmed 776289.crdownload

MD5 8b3199b1bba7cec2f65da8bebb8b4bb0
SHA1 5cdd79e1e8c037ae205009195170e96054e079b5
SHA256 47dace19f7d3bb97dac6d871a321d19b80cf1e1b2cca7bd6aeebc22b45641936
SHA512 85108c2addaef1d81abe4d58262bfbbd78e22efda6de6cca73924352b2dd18a3bef74a7ecfd22bd50f238ce5287f30c9a793db52655f2ef9a684de4310c3403f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e05bb0c2714d15ab16721bc8ef4f85b2
SHA1 f5f9a471c0d3b848d7502a263aaf957217ca786d
SHA256 26217ecf8cf8b7e94239a6106cbb0461299741a6399d3ca974e62ffeabbbbcbc
SHA512 5ba07dd26de879853a85536281c3ec01dda8294b72658121947651efe227105a6340be5b2858a6d6dc125f8d091cf94eba033cfaba752363cda8f68f581c2288

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 432935b33da71a026b6b26e5935488cd
SHA1 7a1be57b99cd7d34ab2610825cd48f4e25d4800f
SHA256 48cc16b8eb5afbd2905956c27f4735db7563deff136c30421fe92c5f38cba8b7
SHA512 588d1660a26435c324bc729a8307eb50640fa967f7133d16c3f4111448b688c78fd199f13ee0e510bcbbdbb86629664b97fe1c58c3cfeaafbccbbbca4a1ec4da

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\Assets\change_hover.png

MD5 57092634754fc26e5515e3ed5ca7d461
SHA1 3ae4d01db9d6bba535f5292298502193dfc02710
SHA256 8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1
SHA512 553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe

MD5 73b3daa696952a00a7f13f9914944434
SHA1 161acc05228703462838d28b211d40c05530d999
SHA256 bf6ac9756c4443c67b23b6f881fef562b1635b7ea7f5c8095f5837fa1e8f1c9f
SHA512 aee071a1dc76bc98e51ebdabdb4824d0e902093ece6547d67384792ed597c96f18e5477c2edb34673ee17e8301d3efc7880b3e838f54b9aad81c264c11fbf5a3

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe.config

MD5 1b456d88546e29f4f007cd0bf1025703
SHA1 e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256 d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512 c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

memory/5636-647-0x0000000000B50000-0x0000000000BF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\JSON.dll

MD5 f5fd966e29f5c359f78cb61a571d1be4
SHA1 a55e7ed593b4bc7a77586da0f1223cfd9d51a233
SHA256 d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156
SHA512 d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

memory/5636-649-0x000000001B860000-0x000000001B8C8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\Assets\minimize_progress.png

MD5 1504b80f2a6f2d3fefc305da54a2a6c2
SHA1 432a9d89ebc2f693836d3c2f0743ea5d2077848d
SHA256 2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6
SHA512 675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\Assets\exit_close.png

MD5 26eb04b9e0105a7b121ea9c6601bbf2a
SHA1 efc08370d90c8173df8d8c4b122d2bb64c07ccd8
SHA256 7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157
SHA512 9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\Locales\i18n.en-US.txt

MD5 a1e3293265a273080e68501ffdb9c2fc
SHA1 add264c4a560ce5803ca7b19263f8cd3ed6f68f0
SHA256 1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f
SHA512 cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe

MD5 81234fd9895897b8d1f5e6772a1b38d0
SHA1 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3
SHA256 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c
SHA512 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

C:\Users\Admin\AppData\Local\Bluestacks\Logs.log

MD5 8f2a14eaa29bcfc64215184d32432a3e
SHA1 d517c9d339230a4db33f0f1e961fee689029f723
SHA256 eb476b467fb0dff944b012c5ccff5c6e1e48d294b6a8a7e3e0996da901a78bfc
SHA512 4e5490eba22b62a7ffd07e16d850b7d23a15c3b4ba9ca33ada0e2b0f204df7bfe85c6608512b224272aca0fb7175029b8b11d476c2244f9415e7b21e487a3371

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\Assets\loader.png

MD5 03903fd42ed2ee3cb014f0f3b410bcb4
SHA1 762a95240607fe8a304867a46bc2d677f494f5c2
SHA256 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1
SHA512 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

memory/5636-784-0x000000001CE00000-0x000000001D328000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\ThemeFile

MD5 c3e6bab4f92ee40b9453821136878993
SHA1 94493a6b3dfb3135e5775b7d3be227659856fbc4
SHA256 de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6
SHA512 a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

C:\Users\Admin\AppData\Local\BlueStacks\BlueStacksMicroInstaller_5.21.580.1019.log

MD5 d6bc307eab466196baaa15fc6bf46eab
SHA1 811bdaf18a0ab583251bc9b4e8f7ffab1e4316fe
SHA256 3efc66fa2380e64ce13b78b0656c2315f88d01680a551ac7f7598d79adff6793
SHA512 c94053fafd07891142cb54aeff194e1161cc456792758fbc7e8c5c0c513c374ef6e7102df56fd289dd6fde028ec6ddf1d79c12005e77dc015dbd1afbb63be1a8

memory/5636-796-0x000000001C390000-0x000000001C39E000-memory.dmp

memory/5636-795-0x000000001C3C0000-0x000000001C3F8000-memory.dmp

memory/5548-797-0x000000001DC20000-0x000000001DC28000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\Assets\installer_logo.png

MD5 e33432b5d6dafb8b58f161cf38b8f177
SHA1 d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a
SHA256 9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183
SHA512 520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\Assets\close_red.png

MD5 93216b2f9d66d423b3e1311c0573332d
SHA1 5efaebec5f20f91f164f80d1e36f98c9ddaff805
SHA256 d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb
SHA512 922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\Assets\installer_minimize.png

MD5 38b539a1e4229738e5c196eedb4eb225
SHA1 f027b08dce77c47aaed75a28a2fce218ff8c936c
SHA256 a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2
SHA512 2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\Assets\custom.png

MD5 03b17f0b1c067826b0fcc6746cced2cb
SHA1 e07e4434e10df4d6c81b55fceb6eca2281362477
SHA256 fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b
SHA512 67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\Assets\backicon.png

MD5 7ff5dc8270b5fa7ef6c4a1420bd67a7f
SHA1 b224300372feaa97d882ca2552b227c0f2ef4e3e
SHA256 fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1
SHA512 f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\Assets\setpath.png

MD5 b2e7f40179744c74fded932e829cb12a
SHA1 a0059ab8158a497d2cf583a292b13f87326ec3f0
SHA256 5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b
SHA512 b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\Assets\installer_bg.jpg

MD5 3478e24ba1dd52c80a0ff0d43828b6b5
SHA1 b5b13bbf3fb645efb81d3562296599e76a2abac0
SHA256 4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904
SHA512 5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e64d6f1e2213dfa862a45fd9f1dd52de
SHA1 a3b7723acd3c1680b3cf0ff989d0854753b71cdc
SHA256 37ae8e8c9b40529fc673cc6f252cf09e4073a014b9715f57786dbbe1e4596a61
SHA512 74f1d73d70a6cea49242bd88a3d1a2a57a42ed4ef5914a0cccb7eebbeced1f2a19e2805d6a07634f8b547c12d34167a926585e71c6b9d1131347eec42a7b2b9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4beff4af55bf7737b3edd8f24897ec74
SHA1 2b0819d6e9bfe7fdc1b6541b7c4ce1f9bd866f4e
SHA256 ab0ac910f014fea6a671c5f5ea68d1b44d1de2c1a2cbe63e3860b893f6cb5437
SHA512 d0f0046a2947624481f904849e43dd4c06f34b31e970aca5c6cf267b31797f7851f1d90a4d933a2115190724533d01e8a18d302f090b67c8332a2071f2bbf51c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bfa3dabfa1f077eff30b0928137103ac
SHA1 0c8a62412c663dbb1aaedd1a63c1cefe83fd5874
SHA256 305ebebf872932036ac568080e3caa84e573f1d83a5f90b906183e21f1ca5c32
SHA512 4d095c9d253ba99b2395fc6529b352da739b6fecc67dfdb84d06ba1e0981a9a40a9b915984a3ce1c07d238e2fc5d62b501ac0f38970696c8e076ae2376c8f1af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 354d1ba6ab40785d63c73a554c916da6
SHA1 b5f4d7cbe32654c69ce823d96c3c9f2752365726
SHA256 963d5e94600107fdb087122300cd61b3f349b1c82b6910be178a8b86fc3c486b
SHA512 05e4b51dbf3cf7e7d930e3164a859e5419d9bf940e162190b0540d9d20d5d28a6a40c84f67af491546fbdc59ec12757d44cb9abe21c855f3da592c8a8a72bdbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b376138c46cc111800b2ee3aa23ab12c
SHA1 ae183d47923cfd379f92912928cb08c8424388b1
SHA256 1b0abb7cafcc37971327d974c4ffa5a8dd89ad3598c307efac4fbb99e157e635
SHA512 5891fb83bcc389b089f1a51a3768be7e76f169f125635f0ceb6e3077f386c1b8dc5d2d32ab2630f50e55068b978a49791da26aa5af740e6a19868cd4692a494a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5491c0259eb51d6c09e06c3dac81bbfe
SHA1 edc54faf691620c60a3374c71f9c92022355cadd
SHA256 ddfe77894a252cc5565605ca94be8e2033baf69dbde0f0fac4ee6c2d0e58fc11
SHA512 e797ab3567e675fcae92db054fba203941dd531610cd7674bddd593c27553e476a8002ba7b8810f4be6aa04dd5440969cc032d5fd4699ae7b59cec7deec6b78d

C:\Users\Admin\AppData\Local\Temp\nscE1D1.tmp\nsDui.dll

MD5 d1aafb4ca97f043010b8772acc7fee54
SHA1 aa4612976246f1fba951f24929de236c828c7cd7
SHA256 7e3933eee407c42b21a578fcbff4131656ea23e3ba80127461539168c2f463fe
SHA512 d4f685d5d29a1f930d2244520e9551221f0b035a8eeb25be20b96b59043508380f8ca9c03a012feed1914f76779e13564ac7a8e91d0547aea823c1090077a97e

C:\Users\Admin\AppData\Local\Temp\nscE1D1.tmp\BgWorker.dll

MD5 36c81676ada53ceb99e06693108d8cce
SHA1 d31fa4aebd584238b3edc4768dd5414494610889
SHA256 a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38
SHA512 1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

C:\Users\Admin\AppData\Local\Temp\nscE1D1.tmp\System.dll

MD5 959ea64598b9a3e494c00e8fa793be7e
SHA1 40f284a3b92c2f04b1038def79579d4b3d066ee0
SHA256 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA512 5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

MD5 dfddf8d0788988c3e48fcbfb2a76cd20
SHA1 463bb61f0012289e860c32f1885a3a8f57467f2e
SHA256 9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d
SHA512 e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

MD5 3221ac69d7facd8aa90ffa15aea991b0
SHA1 e0571f30f4708ec78addc726a743679ca0f05e45
SHA256 92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537
SHA512 5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

MD5 76166804e6ce35e8a0c92917b8abc071
SHA1 8bd38726a11a9633ac937b9c6f205ce5d36348b0
SHA256 1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90
SHA512 93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

MD5 e7fdf6a9c8cae1fc1108dc5a803a1905
SHA1 2853f9ff5e63685ebb1449dcf693176b17e4ab60
SHA256 8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e
SHA512 a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

memory/5776-7615-0x00000221C5800000-0x00000221C5801000-memory.dmp

memory/5776-7617-0x00000221C5800000-0x00000221C5801000-memory.dmp

memory/5776-7616-0x00000221C5800000-0x00000221C5801000-memory.dmp

memory/5776-7627-0x00000221C5800000-0x00000221C5801000-memory.dmp

memory/5776-7626-0x00000221C5800000-0x00000221C5801000-memory.dmp

memory/5776-7625-0x00000221C5800000-0x00000221C5801000-memory.dmp

memory/5776-7624-0x00000221C5800000-0x00000221C5801000-memory.dmp

memory/5776-7623-0x00000221C5800000-0x00000221C5801000-memory.dmp

memory/5776-7622-0x00000221C5800000-0x00000221C5801000-memory.dmp

memory/5776-7621-0x00000221C5800000-0x00000221C5801000-memory.dmp

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

MD5 58534ebb5994eca768b3cc4c32c20099
SHA1 f73d3838de33f51e601e81eea906fce54a7ea50d
SHA256 35c215dd1adfd497f70175934bb15749f7e867a31857e3d620ce56d32eb5425f
SHA512 fc9a3fbe73c0e6912c0b2fb5867882b8e15afd7cd33a487b61eb7ee4bb0a9a4552f14825ae272c841061b8ef9c4e5140f55e26529bd308fde261b9cf31de78b2

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\unchecked_gray_hover.png

MD5 62d7f14c26608f8392537d68f43dece1
SHA1 add4f30e7c3af4f7622e6bc55d960db612f3bb0a
SHA256 a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d
SHA512 e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\unchecked_gray.png

MD5 e50df2a0768f7fc4c3fe8d784564fea3
SHA1 d1fc4db50fe8e534019eb7ce70a61fd4c954621a
SHA256 671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396
SHA512 c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\setpath_hover.png

MD5 b1e53a76b6ddb3ecff52bfc1a8e5b09d
SHA1 012b5879e879fa25bf48e4bb62c35ee829eea571
SHA256 2da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0
SHA512 4369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\setpath_click.png

MD5 624e84e9b49bc150043aa9fb0eed2822
SHA1 f23f2a4ec609e3e9cff9319533e561968ccabb22
SHA256 c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1
SHA512 288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\powered_by_bs.png

MD5 7a2e5c21140aa8269c2aafd207f5dbaa
SHA1 4e0d9e7e1b09e67eba10100d73dc51623517821e
SHA256 3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35
SHA512 63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\minimize_progress_hover.png

MD5 fc2a0361a751177d3aacdba9c31b2682
SHA1 0a8f672d7a8777d1106e3b8ee36bd6e45bd322ab
SHA256 1a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd
SHA512 a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\link.png

MD5 ae2c73ee43d722c327c7fb6fdbee905c
SHA1 96f238bf53ac80f5b7a9ad6ef2531e8e3f274628
SHA256 28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf
SHA512 5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\installer_upgrade_image_bg.jpg

MD5 3bb85d2c8cef28c89a2d07adf931e955
SHA1 596d13e7742455afce8a534382b28cfd2f6aa185
SHA256 b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b
SHA512 7075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\installer_minimize_hover.png

MD5 18fb6465b029206477d0222e8da6fdf9
SHA1 b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b
SHA256 57aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d
SHA512 f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\installer_minimize_click.png

MD5 08fc39a69fa17e0f529915919cea1633
SHA1 2966a3f739698e2ce368585fb7f6ac4eae4497b1
SHA256 2599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95
SHA512 f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\exit_close_hover.png

MD5 92c2bf222d6ab81fe7a0c072bf31c107
SHA1 8853eb08a2aa3e99fae6dabb9cff6461704f2a2e
SHA256 bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709
SHA512 6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\error_icon_72.png

MD5 4aaf83d2b3fd56ad806708e60474df39
SHA1 144777a265879b69fadea3eb3ac6939458918578
SHA256 84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f
SHA512 3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\error_icon.png

MD5 dab2c4538a83422b5deae0e0de9b7a30
SHA1 78c2ab2271aa4020df1e0289bc3c1ba9a43fd424
SHA256 666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89
SHA512 24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\custom_hover.png

MD5 f3e05f142e742e25a98d4f5af3ae0623
SHA1 88363e81ddef700803f4859d2f3f0b4af516bbf3
SHA256 d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424
SHA512 5f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\custom_click.png

MD5 ced07c9db242115400e159d9a02bb7b7
SHA1 6f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77
SHA256 1318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90
SHA512 d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\close_red_hover.png

MD5 5ceab43aa527bc146f9453a1586ddf03
SHA1 88ffb3cadccb54d4be3aabf31cf4d64210b5f553
SHA256 7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0
SHA512 8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\close_red_click.png

MD5 6db7460b73a6641c7621d0a6203a0a90
SHA1 d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3
SHA256 d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd
SHA512 a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\checked_gray_hover.png

MD5 ea22933e94c7ab813b639627f2b38286
SHA1 c5358c5cb7fb1a0744c775f8148c2376928fb509
SHA256 d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20
SHA512 ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Assets\checked_gray.png

MD5 ce144d2aab3bf213af693d4e18f87a59
SHA1 df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa
SHA256 d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3
SHA512 0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.zh-TW.txt

MD5 3ab7d825111b89950d8ca4b3da1c00c1
SHA1 cdf4ec4344598ca9593665465497d370a35aa178
SHA256 dd286cac4e14fe69877e4c2f35eab8352de125f7dc757f47e4fc8329572460ce
SHA512 ac0c2dfc6a963a88657304c83d9f00cdadb5735f208571e72d43c410d767ff6c2cd05c4fcfeb5d4c7f8882e079608e8eeee8b1aea1e2cb6442f78cafaa8ffd09

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.zh-CN.txt

MD5 1eee99faa98b0385fd8077acdf53e81e
SHA1 3191f6c03d6fd3b4db1944e3e7b3a8b85ef20dde
SHA256 7d245f9271426eb08f976a83e8b229e9a830f51674e47b6bfc2181716ec0ecf5
SHA512 d2c116c7c56d7fd6154c2ab856adccba5848ba1fe1ce5ae38fd740e388cae77f095feaf90d4161527a4b3c99c129374156f85033c18f3293defde33f78708691

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.vi-VN.txt

MD5 2ffe813470cfedf7384207e61dabf1df
SHA1 1673c446a89a41afff299acd0f74b4df65cc29c1
SHA256 e666975aa6894c7d5230eb44a6ee85564cac7a51188ed05b77059beb60545ac1
SHA512 3288001e68c5533ae092460d7bcb20ca42c37c04fbdfd412c1046ba41f0582ca3a135f136303125f680165c401536b9bacf6d6435e10ec1477d7f9b45942c34c

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.tr-TR.txt

MD5 2ddee14b7986e234a208189d650a2e4d
SHA1 ab60bc9393258e556c7ac20a8d68f632ad44ea6d
SHA256 fd9c690e597fc7d8b3bbcba7e39816087c424227f89bf3107da7d16d444fb3dd
SHA512 116d06a37e836d4f48b59aa9cf4164e1ba4abc081e62adfc6f3c8d112f46b57c060381dd2fc361fb83a162ab12f915408df193bdac405490e3014bc0effecc9c

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.th-TH.txt

MD5 bfb84603722e804e4697a52285b867b2
SHA1 5840e5e93319f981dc0f6df4c7d7be23547f6655
SHA256 98f156d8184c10d504189eab0077aeac8687e1d6714d0bb228704d660e01446d
SHA512 e26cc6ab7087a252471cd6233e3baa9d9a66c0a7a0b3703987b31ff4f91f89d00854d8d970f3090b2d90155d5eb5f724a096badddbc6a4dca7dd1a53fad6ffd5

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.ru-RU.txt

MD5 a7748f70870a0f2cf2e5804d05f433fb
SHA1 ee74469bbfa6e5d04043dae2a2cdec1a777c5b28
SHA256 f74bceefe2a7e7d39650128096f9b97aca5e929fa67e451bfa8238d7b90cea34
SHA512 122025652c05ba9336b339db79b925b781862a635cdb0c8d5db0adacfeb6e0e43ef85c283d417f119d8622640d0ed15cdc6d915749ee3cc1a4f89b062ae71075

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.pt-BR.txt

MD5 f7ec10775c6fa5d5ab49531ec7910ed4
SHA1 9d3b8f8474328725097de234a961b32b2e1dc9ba
SHA256 909f5b1bbfd2cc1779dda1bf4f481c1d6ae1e1af3d9902c1518a535962860668
SHA512 d7d8ea4c15d54d9e4a2b75e4962ac9b81a316d23803c64c8925ffe6348b200fe21d445c6a0b0bd1a5b0a7e413bd5f5ad8935ee15cc56485886a5f4b29e51963b

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.pl-PL.txt

MD5 c61810a689ad52145f3b644b3e4b01e9
SHA1 ee7f7229aeea4a0ec6e18805b69d0ff928afbf87
SHA256 c5cdf3696ccd6e3e600483836c81b290e5270984fd7ca12becafedea42cd64e4
SHA512 79dcf55c6ac864764fa4c614667053c99cd37f408b2b573ce18077fd09ba70877b3cbbd1f57b680ba6e9b5ed5a4d257f11d12c67a0b56dc9a099bf2584e0c393

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.ko-KR.txt

MD5 299768cf839ca0926344233731549181
SHA1 773aa661c5bbc1a92a41b2f02e59bf1d78b4b142
SHA256 883cf4af6b2124bb70f51d683c7a1f4b3cecccc4ea61163b8c4ea967155ea839
SHA512 0de4317aa9139b415d4d10aba7f64cbfe39f0417e2d19dd8e69ada7d0915a81f71be242caebf5e019a2638d6d0457c042493c80ea0d24c2dd43c18bfe76dd2c2

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.ja-JP.txt

MD5 cb5797745966bfbded96d28cf53e2f93
SHA1 1cdc380338f076c608a4143cb685e4cab2bee916
SHA256 25fbeecfbeec0b2a8ad45f8b7da31c4eb6fdbe413f46e75f40cd22d874c8f7c3
SHA512 f42ef0a3566f02a4487daf50725c186a0cd8c03850c569eb0cf4134ad2c2004135730ff8f672207bf12837980fe722c4581bb0c6c1eea5dcc9014da5719901b7

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.it-IT.txt

MD5 444e991f12d84ad04baf6c8eeccc7a9d
SHA1 f4bec5e01161d6f5cc9107f2cba325cc9b0ef325
SHA256 4b1f6e0fbc834a783ab8230e678bfd1506ae6c18b0ac0a5bef1d8344b5b2531f
SHA512 ff61397322d86f36a225e9be7444c643e2760a556311c97b230583b0b2788208d11f723e500c3d291d55d076b5cb0a52d92b50a8b1fdfe348fd61341b915f855

memory/7948-10428-0x000000001AC20000-0x000000001AD06000-memory.dmp

memory/7948-10427-0x0000000000030000-0x0000000000058000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe

MD5 c1bafb46e0073837294968e0e2a1a8be
SHA1 a7a03632199e61f51ce317514c52e057d0e300d6
SHA256 d7620e5052fb81ecece72ce9fd923430b4eeae0018c140291f6d70ab69d354ea
SHA512 b3224390302b23b7b96f405de1dbf8db566afa75b7424959aaa500abaeca0dbb5c17919d808ec5570ab91d6851f0b5eb2f27b6a74828e69d1288ae5a77777d75

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.id-ID.txt

MD5 7e8631459def09a456900fa9d3cba360
SHA1 b5204153e26b303598c473e7e92b01a87818787f
SHA256 9620d50148651dc75d3741eb12a8a23fbdeb5efc29f1be24842fc37d01b71f8a
SHA512 f813863475538f763733b0668f3b5cd7d4b6f7132c1a9df3b4665907fe6280d6d8c9dd4f6e3e06bfee7f90a2a527f7cd66bd647f08b8203664395f31321cf84b

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.fr-FR.txt

MD5 2625613573f48fa7eaa813d7fc16b63c
SHA1 a57a1cd71dbf2dbabe8bc873839adb2005f54c7b
SHA256 08062a8ae430d89af04c9d090506dd6e380490387eb2909f356a47c01540b271
SHA512 8a443771fbea7708479412c5d6c336e5e74745e097118712fbecc279277ecc2ff693ddc8e576f91c6b61ff658d7a576cd37c5b084d5116bc9606434fbfc4222b

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.es-ES.txt

MD5 412ce0feb5a656c908775da52043c31d
SHA1 54a35431dc77d66fde2c828f10372142926b4c47
SHA256 7db48c44d717c50011a2fe2d8f5eb0214c817c7eef5bf1f656feb70270a53458
SHA512 2209d911c91d21ceb44a8e9375fefa9b5ea55cb800f49f709a7baaa56d52a94f5711fce850d880394f6ae78d23d0e3f1a5727514b970f940d0b670e2e978a997

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.de-DE.txt

MD5 defbcf66edf5e18b0b13c8062fdfeff8
SHA1 8c807de19b131831b72325455f1bcc3ead0a09cb
SHA256 a9d87275086fd2d700d588f45c3121eb6a75c64a2e6c4a8714a61032403cdb03
SHA512 a30e142679e942932d82fb8179a9f8ca2cd5882577de64e8e4c38eb84c99e359235346c35b6237133159288261b0f6e9032dc6b14f512e2a431f093187e1447a

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.ar-IL.txt

MD5 9fb07e066cc2f213a64d35a97a8c2922
SHA1 a70db989f5c562bc69caad89a1402c8ad7c9b80e
SHA256 65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90
SHA512 81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Locales\i18n.ar-EG.txt

MD5 7dc7a16b5e42818c9249db888ca17075
SHA1 42f6b065b90017078fca7161cc4c26ae530dfbdd
SHA256 e696f4f231acef534d62ec9d99a3f4fc7b74a1c1deb3f9bbbeb4e94194bd9747
SHA512 f2706e0bb348a691d3cdc9d05ff4f71979804628547a41386aab068b008fe4933b8689500b5e45abf6afa6b6f1db3024ade2846659b2664b37b724fac5416a74

memory/8020-10429-0x00000000007E0000-0x0000000000834000-memory.dmp

memory/8020-10430-0x000000001CE70000-0x000000001CEF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nse31FF.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nse31FF.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nse31FF.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nse31FF.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nse31FF.tmp\Registry.dll

MD5 2b7007ed0262ca02ef69d8990815cbeb
SHA1 2eabe4f755213666dbbbde024a5235ddde02b47f
SHA256 0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
SHA512 aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

C:\Users\Admin\AppData\Local\Temp\nse31FF.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

MD5 ed2d157a8b231e8fae881d1b37273913
SHA1 2164d59122893eaabf44ccb667b15cd4d6da66a0
SHA256 05621534f2bb6b7006227641827494b581d59cecc2ffe5d1e7c73ddddbc37763
SHA512 98440a2cc950d79f2863ae1fbeda7aa00d5f9f5cbc4ce134d0dcba2e3eb7a8e77abfa8e67e424fe3959cdac218fd0950a513430db6dd211dfe6477c7377725e1

memory/7628-11176-0x00007FF9F1F80000-0x00007FF9F1F81000-memory.dmp

memory/7628-11172-0x00007FF9F2390000-0x00007FF9F2391000-memory.dmp

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-95189229349e5af0

MD5 e851b53c89348c496321af2d06926b14
SHA1 2d253d4ae82a4f38dbfa4d3b6ae352584eb3210a
SHA256 1e5e23341e87a2a483d3ab27548e387976b5787d00d89f897362918218d63ed1
SHA512 0b1bbe713bc70946db7ebd74a5fe14cb6ccb42e83c04a89ac05bdfc173346cf9ca3454f6f4cc2ecb9cda96da708c34351b9a08ec7e93a9902c7d7896c7e6ddea

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

MD5 7e629b8fd876f7d8d03a9c441f488bf5
SHA1 f84e248d0fb7eea49df5071e2372c0d639746f3b
SHA256 0dde7642ad1021f2ed95ad10e508c86313fe6c33c75fc3724870916fbe61f0b1
SHA512 8bf0ffb1fb80dadf4d16c6a94f2653bcbce06b9447a1a179ca51e594881afa334ec42ebc8ef89e38ffa7c7d81bec1765921cb211939f36cf5d7a0401056f6b99

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Program Files\BlueStacks_nxt\7zr.exe

MD5 fbaba140f30a11e5ff4f97d921de6d45
SHA1 d12360b79d9fe7ddc5380a22539dc7d4768ff5f3
SHA256 4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16
SHA512 cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

MD5 ca0a329097316832e4a6ea5d870c9268
SHA1 4a36b93361d3dc9df9b00313f2c2b394be9e1e72
SHA256 4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2
SHA512 51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-95189259225a7d38

MD5 445eefe93f0feabe16e9b542ad70bd6f
SHA1 0a72c47793b551d649a0b296e1a3ff66c9bc7578
SHA256 e18ea18812232fe04fe3a2728d4940ef9c0863f1b8a741201d16a47aad6fc8cb
SHA512 aff690f193eee5db1f94573c90ab6f08161dbab42416138c31e0790fbf5ac11a1c484bab639b3db59449b098b493b77843723b128d73e911bb80a0df4526815f

C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

MD5 caab63a67c57a39f41b30c825116e937
SHA1 9e7f1265bfd8c4c9afaeb01921cd296d44919a27
SHA256 c24ff1b3aa50d3a30077816f1f3e8cf242b0f422d9346dd8c50f29a5fdd75799
SHA512 e8c41b6a0856cf3cd8cb279fb74827a80948cbfc855fdf027a84b6341e83a452ec0a6c7c0c179c07a633cc8381c2f276b39c2a8a8f26a85725c4de212d01eefb

C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

MD5 be43d6a6bd032ed107f41c3d8714fd6a
SHA1 d949ad564fe651a130b126eab859c19cc6d20d82
SHA256 fad28f000300bff1b4796c03deddd95bb31db6f0d7bcfe970cb0449ff1e4a6ee
SHA512 24a2372b8e2fea6b0f63d3f1a35b219ac1292239e7c40f2ede1c2eafd665d9cc7183cd89fe4b7029044438ac086f342ea308a96d431764604d227765f118ae66

C:\Program Files\BlueStacks_nxt\ProductLogo.ico

MD5 169706218f98a42594a8c5c5a65771fe
SHA1 b8ded94180212578d86a031eb71ef93dcffe1a26
SHA256 3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697
SHA512 1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

MD5 b09525b48c0023f893d6b64d06add4b1
SHA1 10ecd439ea04e02eefe17f6c110d0c0a78a1db21
SHA256 caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e
SHA512 c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

MD5 22efccf38e15df945962ac85ac3aa3b7
SHA1 b94a8615dc92982e1637680446896080f97c2564
SHA256 0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92
SHA512 41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

MD5 47ff3e4cc15b8c4a07e3ceb6cb619b62
SHA1 0318e54c613b8ff00f54d843e90ef88310c1a96f
SHA256 4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a
SHA512 0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

C:\Users\Admin\AppData\Local\Temp\n1uhlfua.2d0\BlueStacks-Installer_5.21.580.1019.log

MD5 ab3ad690c38f9d0612646681efe6efbb
SHA1 34779d1b8be65f5cd40db5b988209971f0fa1805
SHA256 9bc49d5e127db360f35c8f61e66f482cd4d00f5feed6e13410562430f1b22065
SHA512 8f5a6bba4a78b5ab6fe1a66e7199301dc63cbe737b5f68eec4e1db7875391ca9bced61a04d98be1ca0240445fff72034e14b7969335ea81a1f136dd2ee6e33a2

memory/8020-12621-0x0000000021A40000-0x0000000021A48000-memory.dmp

memory/8020-12622-0x0000000021A80000-0x0000000021AA2000-memory.dmp

C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

MD5 fcba632049814cf0a7acbca5190f950f
SHA1 c4eea394a7915d941a13642875f9b48dd455004e
SHA256 85c5c2a28d96e68556f3f70c8dab61b8527a9cf500d82a1b34a54f853985f4b0
SHA512 70323aa1a1a3249429b10bb6292a3dff7f69ac787fe33123609ece058cfd75d39cfc382417d8bda0fc63bfc9971cf85b56e706b37e7acba0195ebaeee1f606bf

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Platform Notifications\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15b9451473943ec600a9beab50e9d65a
SHA1 b7c113153db90a3cfcc7c74b853f920cfa4494c6
SHA256 a5ab7714c57796e5f4053bbfe9d41c1ccafee118bd5695e779b8af10cebc538f
SHA512 99d8cfeccbde84d65ad9912cf6b6f32bbc71a307bf481859a98723929a30e4c2104539055d97bd294bed635db3b99641df53cde1c48f3418826492742401a194

memory/6236-19173-0x0000000068C40000-0x0000000068C50000-memory.dmp

memory/6236-19401-0x0000000068900000-0x000000006890E000-memory.dmp

memory/6236-19394-0x0000000068910000-0x000000006891F000-memory.dmp

memory/6236-19387-0x0000000068920000-0x0000000068931000-memory.dmp

memory/6236-19380-0x0000000068940000-0x000000006894F000-memory.dmp

memory/6236-19370-0x0000000068950000-0x0000000068960000-memory.dmp

memory/6236-19359-0x0000000068960000-0x000000006897F000-memory.dmp

memory/6236-19331-0x0000000068980000-0x0000000068A8B000-memory.dmp

memory/6236-19330-0x0000000068A90000-0x0000000068A9F000-memory.dmp

memory/6236-19329-0x0000000068AA0000-0x0000000068AAF000-memory.dmp

memory/6236-19328-0x0000000068AB0000-0x0000000068AC0000-memory.dmp

memory/6236-19174-0x0000000068AC0000-0x0000000068C37000-memory.dmp

memory/6236-19172-0x0000000068C50000-0x0000000068C60000-memory.dmp

memory/6236-19171-0x0000000068C60000-0x0000000068C6F000-memory.dmp

memory/6236-19170-0x0000000068C70000-0x0000000068C80000-memory.dmp

memory/6236-19108-0x0000000068C80000-0x0000000068CAC000-memory.dmp

memory/6236-19106-0x0000000068CB0000-0x0000000068CBE000-memory.dmp

memory/6236-19096-0x0000000068CC0000-0x0000000068CD0000-memory.dmp

memory/6236-19087-0x0000000068CD0000-0x0000000068CDE000-memory.dmp

memory/6236-19074-0x0000000068CE0000-0x0000000068CF7000-memory.dmp

memory/6236-19061-0x0000000068D00000-0x0000000068D0E000-memory.dmp

memory/6236-19059-0x0000000068D10000-0x0000000068D20000-memory.dmp

memory/6236-19055-0x0000000068D20000-0x0000000068D2F000-memory.dmp

memory/6236-19054-0x0000000068D30000-0x0000000068D41000-memory.dmp

memory/6236-19047-0x0000000068D50000-0x0000000068D65000-memory.dmp

memory/6236-19044-0x0000000068D70000-0x0000000068D8E000-memory.dmp

memory/6236-19027-0x0000000068D90000-0x0000000068DAF000-memory.dmp

memory/6236-19021-0x0000000068DB0000-0x0000000068DBF000-memory.dmp

memory/6236-19017-0x0000000068DC0000-0x0000000068DD4000-memory.dmp

memory/6236-18997-0x0000000068DE0000-0x0000000068DEE000-memory.dmp

memory/6236-18990-0x0000000068DF0000-0x0000000068E04000-memory.dmp

memory/6236-18982-0x0000000068E10000-0x0000000068E1F000-memory.dmp

memory/6236-18970-0x0000000068E20000-0x0000000068E2E000-memory.dmp

memory/6236-18967-0x0000000068E30000-0x0000000068E40000-memory.dmp

memory/6236-18962-0x0000000068E40000-0x0000000068E56000-memory.dmp

memory/6236-18935-0x0000000068E60000-0x0000000068EED000-memory.dmp

memory/6236-18932-0x0000000068EF0000-0x0000000068F11000-memory.dmp

memory/6236-18913-0x0000000068F20000-0x0000000068F69000-memory.dmp

memory/6236-18912-0x0000000068F70000-0x0000000068F7E000-memory.dmp

memory/6236-18911-0x0000000068F80000-0x0000000068F8E000-memory.dmp

memory/6236-18910-0x0000000068F90000-0x0000000068FA6000-memory.dmp

memory/6236-18900-0x0000000068FB0000-0x0000000068FDA000-memory.dmp

memory/6236-18892-0x0000000068FE0000-0x0000000069002000-memory.dmp

memory/6236-18884-0x0000000069010000-0x0000000069024000-memory.dmp

memory/6236-18861-0x0000000069030000-0x000000006905C000-memory.dmp

memory/6236-18856-0x0000000069060000-0x000000006909D000-memory.dmp

memory/6236-18853-0x00000000690A0000-0x00000000690AE000-memory.dmp

memory/6236-18852-0x00000000690B0000-0x00000000690C2000-memory.dmp

memory/6236-18851-0x00000000690D0000-0x00000000690F7000-memory.dmp

memory/6236-18850-0x0000000069100000-0x000000006911D000-memory.dmp

memory/6236-18849-0x0000000069120000-0x0000000069137000-memory.dmp

memory/6236-18848-0x0000000069140000-0x000000006914F000-memory.dmp

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-9518983678558b32

MD5 8df06597db32592ea1016f722a09b982
SHA1 c824d8504e06d4e7d3bb38b17193a460f1918657
SHA256 b14cfbe577c2f1ff326438bde9150e847a2cb1398f7cbfdc2c97436be251a879
SHA512 f07faa3111657431b28cc919111448e4293f3dc30d0e4b3f21e9e544cf882ecff252ee5f77ebb1fc5cd61be5aa71a363f9d600503a41a322350df557d90f8f09

C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

MD5 48835ec9faf50c547b25adfb99cdfd2c
SHA1 ec1075ed8fca5a9c48b672345f0aafd4280b6055
SHA256 ee4aa05ab4d06c7bf5b6ffa9cb5c5bc2d4be593a0f4030c6f2934f283a6641f4
SHA512 a6934ae9d66cc5e6ed6863518b1b18571ec6ac3e72a15b2f99a33505bbe9b8a935207364f4a0f058f0a68d4b5feabf4e662d7466657995a280426a14613833d6

C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity

MD5 4fc2ba513d0e5a295c3b1bd71443e14f
SHA1 c741d2bfe96f3d2ee539cc95704ac96be8222693
SHA256 c4fb1ab09b79af550dbc1d71097ecf8b299984141bc7648d12fc3961fbd7b2cd
SHA512 2f20ac7f199d3d2d9e7f767e98325474bc20fcb574b73fee4524704b409d8a200771f5c1bd80496228d7eda0416c1ae3c220bf3c5b6930386599571af964b637

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity~RFe5b7a4d.TMP

MD5 7c7f4262b7f37cb8b286b6a8936cf6b4
SHA1 71879a5be3055a02dbae32c8ae053e8d5a46f1a8
SHA256 cf6ec4bde29036b7100486db8146b396ad4624833417cef5b3bbcf6af5dcaddc
SHA512 d59a054070c698129e0f79354df7a02ea43dbf23318824ec2490e0277544354054efd5d619b990773b474d3ae8fa565b2648e098f2e5be581e2f2ce04e3df701

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3b46dbed351d0992ca947e0a7d90c582
SHA1 316ee9b6e589cabdd79833c24ed7d72d9cef3b56
SHA256 760f622e1a4b09b4feee75a1ff58c2abca643d133866aa75b77e3930073bb6be
SHA512 d3ef54e7871adbdaad7e8a8d4893b53fe181a927a7a0c6fbb0bf17b992f93a058cf6b3506ea06b9020b8b1bf248ca82d8e07c964f0b046f287adeef2f240a60c

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State

MD5 586697ba5eec094d871ebe6013d0810f
SHA1 2c9f68a1f1298517ffb52bda6322c7d8186824d2
SHA256 7f09a727eb068178bd8114fc689114b48697e0829307f3e64357242ebde24da1
SHA512 e5f8fe940c47392805987bbd3483203f62dd36385fe94a3c366024fd0f5f2ec53592a7a564bcde2f797a61f0df651e9993f09d6307134ec9180ecb976255c712

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 326e8466d78971a47af434f39233d35a
SHA1 12419f1710a034a39f509e0cc4b62787884ed08d
SHA256 cdc0436e7e1a66cd47ab80bbe0fdb5e0c101f19316dd0423102f2af28745e82c
SHA512 54c6f6dce9ee59e2de81b74981534063302bcb560bc62e969462b8925093b3a3e4ab59d79a12b9bf343cc0e28b95f72a2d31415abb37649d861ae5cc7a1290a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8a30912b092351a24f3bdc03c5a51132
SHA1 891aaad71f350c6d22c3dcf39b9b7913806cb27a
SHA256 ad2da4e00c7dba134d0452f89dc92556b212eaa2e4322eed22f0ee7864858fa0
SHA512 f452a914dc22dc1b62bd567dbbba62d9c9f2c6c56dcd4beb3783d41685b03f8edc6a09894e01d48a16dab17ae3ad74abbbdc78d3f13d096ce3dbbcc6a01eca68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a1684050c02eaec471a4bd2d07bd7f40
SHA1 f54f65380ace613cd4cd023b5ccfad5fd0386329
SHA256 012e193f4aa0c10747c4157cd8d3779f6af35ff289e99158b39d92e24be854e1
SHA512 1335dce68ec8ec8332930eaaeaca9dc69e0978473b299505d0190206acfb02bdb1ada345dfd1ce9695fa0c837bacf6d063ebeee6c46f4cff62e6bafa6b87500b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5222fe16-8a33-4841-9a15-3b814aa37693.tmp

MD5 a4c56d61834d1d72df059f4cbe5e8fea
SHA1 f1b7d699abbeb71f12fb96e3cae92ddc2fd1c86b
SHA256 f16e5d7b3d0a92afdae489bdbe13ddebbaa89480ffbe74a3169ae4d8acfa8b5c
SHA512 8dedc901b539cef5644583b17456e0a83fbc5c61eee25e1b3443d1bbc660553a75314e6caad0f380f6f2bac30ecb5dd851fee9d3eed9148bf7073df4ed4bd8b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 93ebd5cd43aedbec4b66181fc4a64306
SHA1 2e73804c68a5a525ffff90e6e0b035e98df797a5
SHA256 c64b24ea43279ba9276b894fcad4d11dc035f14204209be223f9f64233216680
SHA512 08d4e50b8b79295ab61f50458f0de46917e6b94cdb2fec5a84c748022632cddc69fa9748c868a210fbfe87b7fe4f31a243e7d0ebae7abb983e6206bbf381c66a

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\oem.cfg

MD5 880dbbc36b6f1d4a6ca9a73419564776
SHA1 1b4eaca846ca50a9fecb6a741dd19973eee9e557
SHA256 0d111e0260b3c11e1dae2b5328bcfd2d1fb21f15f5b49064bd07e272a8bb0822
SHA512 19980cae5bd279216d737cdabc9e9980c74f8918234879b9d5fe9aef1e265cf426931e9db798e2582399272258e18dc04d817b0dad6557010d04b6ff7a715322

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Microsoft.WindowsAPICodePack.dll

MD5 5257146586898226daf4dee13145fec7
SHA1 a4327cd173ba12fed509d26ef37abdadc232f845
SHA256 9c6230b295abc5b8fe049458cda91ed9fec94c6372756ec0021e752fec123862
SHA512 1ed0fa8593f76bcfffe0601b219ebff85fbd20e0333a8de3824a83032a1f1da791493c96d3bed9a4acec9d73a5046ddfec3f194a6ef37bc82cd843dcb1feed27

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Microsoft.WindowsAPICodePack.Shell.dll

MD5 531913c1b3c5a003e072f2a15f58e1a4
SHA1 cfa271e2e30f74d2506d636fe0a8298b1a76a19f
SHA256 d44395bd0254733ff245f64953de2637961d3ca828349fa414040ae56f1d3308
SHA512 3a4869f9c18c748ed676de4256145246e1ddd4f3d8c6c71c606cc96b320e88c705aa97bc523fb306ec55480332c84e2f92f813ecc9c75ad5b840215c67703228

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Newtonsoft.Json.dll

MD5 1f819f619fc841ca7882a07c5b01b7bd
SHA1 c8c4795e8b4914a3991a22e38843d85140de164a
SHA256 da5b9c5adf8d1d43e40005d3bb37b78aee8eafe8d6b1b38ef958326075a34fce
SHA512 81c7ab0e83aa3c02f6a1fa535f5503b60b6778e79984c099b7ca144e2567af13c4e65d9aee26fc7367f039069a1f41f72eaea9acd1fa2c2238cc8cf3cb481ab5

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-Common.dll

MD5 63b327cae6b675a266fdca61c4c8590c
SHA1 a64b3fa950fa3af20e26095744657bb5c71b19d0
SHA256 2b6d56e6974718c8f1bcadc10491eb17331d79743bc56e75e732db962a4ae476
SHA512 d7277df2a9efc5dbb5bff77bc7154cd4d938505efa161b69f76699717aecb8e2d904040bd92e6949d8f0821563c401a4f3a6dccc337050097feb04cc9812ab54

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-Bridge-Native.dll

MD5 ee7d33a5121214fa88087a979e05eebe
SHA1 a4787e83a6c0af326283ff5819ad31249d622331
SHA256 b22043158b7dd77575941073c1cca87ca3857d3b848025d9e6d90111b811c7e3
SHA512 4e4cbbc9500cd37de0733b446ec7cee54546b5e909d53c380cf86e281975bbe04f614f08fb09d52aab22925d871a77e9d0864c93d9a6444553b1840c8b8ca1c8

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\BstkTypeLib.dll

MD5 14eaeddcdf2c09f7fb65ded924189684
SHA1 479e6d68e8498d841089b6e16b0492a0a54b570b
SHA256 a21e6b63ae0beb3e3e83fd0d845736f971375107278028a6c1b4ebad56483552
SHA512 8c438ed3313e18edbcc597ec0ca85a48c521f2fc9cc59102d3401f385f0a4cb88c1b31a9427fb6fac494cc55fb7eb52078fdcfe43c678c7d372c06afc4b79639

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\concrt140.dll

MD5 c4fe3f03efd3188252caa101f954ffeb
SHA1 98b613aee45c71aed9d2be0d61d7ace323929e9c
SHA256 95bb425be3d515a6a58f7399d44dd9e032baea11667dfdba29517c460171880a
SHA512 80018e0bddf079367d3568433a5f89f0144aa0a75286b0105fe32aeeb5d80876c9b2e1ecaafb70fb041271e27a234a2cb88a2d3d160a4aa3768ccfcfc574704a

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\d3dcompiler_47.dll

MD5 5faba8b020b313253703b07591d00379
SHA1 f5ea546901c3faf60122a4ec2d15a86b916d5d10
SHA256 bef3c125122bb459434bb02e763454cc21454257a78e63ceabfb5b347d46efd2
SHA512 b23f0df210b25996953e51ceb2304bd85aaed33c41c75ee1577f6d76f37bbd2a2e96be0ba7561270e23b26cf0db2c8ae60567cdf91fbbd2d0577ae88e9ce3939

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-Astcdecoder.dll

MD5 b4d633e92d4dadc8091cdcc8b7984bb6
SHA1 af9c0b922f008e209bc7e377170397853882a210
SHA256 0c739e65932607d4411ff808910a3a2f5c532e1f59a2030df541dd2430507e57
SHA512 82e344a479abd82390fc1fb310a91c27f4283b4946dd0cc30fc171c79d6227187dbdea28c30b29081318c7d57ae664849119d9c8eba1bbb5790b1aa06d3671f5

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-Opengl-Native.dll

MD5 9cea40c72f61eb5bf291954fe13d1cc2
SHA1 76cbc7df5c107618957c8156bc6045f483e3dfab
SHA256 a4ad048100b365f502cf87e05fbd2821c2768e13f1fed884a66c0d1b8077995a
SHA512 7e9d6b2a7062e8e1d09b2ee02ad81fd3c121c8092e1550c699040114cd718309365ba503dea38a4dc700c7983329f00b06cca0b0beb42fa38dcec5f8c741826c

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\libEGL.dll

MD5 be6ff0ec680921380c04331351a1ca2f
SHA1 164a58758bd929d3f61f5193494dc4ea188c34c2
SHA256 5e287e7e884504b524dc4610bebe79e013f0bc6f87fe788dd1f5562b70a6dd65
SHA512 8603d539b08c32a9777eb5749ea9707a26a025dee72e8b44a34bc7e5270d8d88004a3dc0625986b4814402a3891ce32d815a27c6ec7e0079638a36b68d13890a

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\libGLESv2.dll

MD5 35b10fb121ff7c4f85636c4ac075307c
SHA1 ced4a1b68ec66eb8bad69651e8d2d7ea63028f8f
SHA256 5b0acf994cd091c5c07d707219a33de7d5d9ce2038bf93644a7c3d8d64de48d5
SHA512 14fad63bbe5bc296206656b1b6075167d4d86278e2db7afe5ec68144e7896227a07ea07d93e3a5b042deae6089984ab1ff9f38f80c9c9b128787871d13f28d71

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\libOpenglRender.dll

MD5 8250677840b42fedee69a49687233d2e
SHA1 0de289ac14cb341075187170f06daa0f01e9f3ea
SHA256 5c307c8e60bfe7e8cd71fa64daf6db2044bd0b7162bdb00c28ce0ff87d352d24
SHA512 894c51dd238f0b1bac9a90c1f6c40b838b1121857b3832cf391fb994a83328c3a0a23b3af6e969e57d28939ea74bf31e7d3cc534f41ab26edb3991dad89b5856

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\msvcp140_codecvt_ids.dll

MD5 4266e7bb9bfce998083d2f4f938b11c9
SHA1 23fc9c4c9de9fd3e71941df86e26c4dd44f2a95b
SHA256 e1ee6d29e30708ad5812035626bbc1058ea12fd5503d5a79d28c9cb67fab4a14
SHA512 5dc1e769f973aec3f0f766ad7c2364a184b9f71c1266f5e5a874c3e63ca7082e9a2c38346d387aa516e2f23acaaf62979434819697b2695644883ce07bbfd867

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\msvcp140_atomic_wait.dll

MD5 1d2a0d23e35b93464bb5b09e5e4c02b2
SHA1 04d1a1eed3868433c5b7652ecae0fdcd29e1ef39
SHA256 a577b5fc4e3a14ae141657c30a38d11ff8593135e51e55485b252eb821d47e75
SHA512 18a0db760e4c4d9c4e014cff5ee0f433b298b65fdeca95b8f5f172b9bc534a1c7f64a1b2751b90e89cf76f41ee1ab468415466d2a657905eca9835e41cae264e

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\vccorlib140.dll

MD5 7ef7eab654df53e087ac4703c9ea0b16
SHA1 743dc76d168326b60f09347945fe1342a6effc4c
SHA256 13e568fdcde1b7b7f2d1c97a474bdb8858f5ab761157f0fea7201ccecf84b9b8
SHA512 0b860f10c03acb3866e82fd6044c29d63a2c6a1d5f6628f3d31f1cd1e44d7144e3660df3446b7a0b76b7811b261675e5aa39fb27efeec060d287fde3e630edd2

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\vcruntime140.dll

MD5 11d9ac94e8cb17bd23dea89f8e757f18
SHA1 d4fb80a512486821ad320c4fd67abcae63005158
SHA256 e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512 aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\vcruntime140_1.dll

MD5 7667b0883de4667ec87c3b75bed84d84
SHA1 e6f6df83e813ed8252614a46a5892c4856df1f58
SHA256 04e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512 968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\avcodec-60.dll

MD5 5c9a91c44c5646c0d7d2ee4cf990cb5f
SHA1 65c34751b36fab3d4bdf6e79e34d1e9ad50c3291
SHA256 639f445c807dfef8a42a5e1bc0b1a19f82fcf2523b46820c60465bd47d8e47a5
SHA512 11f227a0431451e15426e5fd34fcdb69096f50d589762e2f17ff834b32f70d5305c5e707eb61efe07740f2f001405c905a7ebaf5b0e91b4b040a8b14062ede3d

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\avformat-60.dll

MD5 aaf5e285e8e8ed6a6e428b52728ed18e
SHA1 89794b8e834a617724f24aa18de745f413221045
SHA256 17e49a141502a26655cb3adec68c45ea19491e713eea13b1c3c35e458e77cc1d
SHA512 67cb2a03ab2740ed4f10955be1c2b7025f5e16e1eff7814fa6176458cc676dc892dc4b6d53ab0ac94be1c6176916f29b49d9dd3e1dd8e08c002d968c90eaf051

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\avutil-58.dll

MD5 203009102eef773a714cf83515723b4f
SHA1 7d3a4941e2ccc42e9d313a5ec2f1f7bad65c1a61
SHA256 a8da1bcec215e8b002c4f8da2ddbc340d93937c93c480cd30d42b1d506f77a7c
SHA512 919b8badcdb3e1a78b5a96ec81dcacdf5cc9b76bca53d27dc7916700cc1e77e416642338d456345a617118bacc6913fa62bfb43c8937048ae346c1d295b5d8b7

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\BlueStacksAppplayerWeb.exe

MD5 33f277e986149e4b3cb590e052c4904e
SHA1 00d90936afc6183b612d03a3ec12db2bf4b0c8b0
SHA256 a753fb439c724ccfc00a0d5218ba540ed13e287fbaefa55017d2a96c6b616c29
SHA512 7aa2f723d3c042d849ac771c190f2c06de532a8f263eb0ba3468f0594a1dd8c58ba545b58a77f611d1c4feb519138dab455dd47dcf483907660089c8f4c82546

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\imageformats\qsvg.dll

MD5 b90e88e9952dc0a930895feab50348c0
SHA1 768a2797e6d0732faf54ba3994a804374dc9bf98
SHA256 f04ec129d462e1bbf3fa4b8fefacab7fdaceafd4a2ecfc50a677e8c85f7238ea
SHA512 3d573d87bab03edf59dad9c30381e1f6da140c016967cfec801ae335cd6eb4d8bc169c03602d457974ce1d61667c13973f7c6ff57881c7ef416b20ece7039f15

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\imageformats\qjpeg.dll

MD5 85089a44f0a801bf0df3e529d5dfdfe0
SHA1 9eaf3133ee6e4f504092bb67ab86241b5734cbc7
SHA256 ed785d7a87abc60ef8e9df6fb9a68eeea65f354a6959fdaecd325e56182af7de
SHA512 f95542b9357a911dcbbade0545f4121847c5bf64fc7fd01592bef7faa97b9a24af0ccb345893d14462a0bc32d139cac84849ce12ff02578f739041ada2001adc

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\imageformats\qgif.dll

MD5 cda2aa5f7792f7f6989fbfb976c76107
SHA1 6f1f2a75b11689adb68175d2b382e9cdd435d395
SHA256 4db6e6109b1771f966deba62abdbb80300fb7d154266a2fa8c77e2fa6d4abcb0
SHA512 0068f8ba909533b2d876e80882a0ad10bc8323afdce405fc273b2c8dcae5f34be76bb2c04ed816c136c8dedb513356af0cd92d0cd832b066ef4c26f3149e138e

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\multimedia\ffmpegmediaplugin.dll

MD5 200a2431241ea2b1bebf61d1c242bbf6
SHA1 80a6e9298c6ce3af44d7f829d5359534979de266
SHA256 5b8b003a86e49e3c4d1c750c940c6620fe6d8f0c2cb4e35b01eebf5899c958ff
SHA512 b4ce3565d780a8201a7f01f74cc830e577a026d1002f60c9de28a13491160213dc76831a80265539c8148044db92f9e4fa76b77f86fa82d0e84c93a3b09f5cac

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\multimedia\windowsmediaplugin.dll

MD5 ecbfa8c49ca2fa398553fb71dbc3f2f0
SHA1 c20cf6528683d7d85d2498bdcb99816466b92c33
SHA256 d1ac17c7c60869dd6c974a443084e7b5956e8d3d15b36327d9ded665118577cd
SHA512 8f1604ea33b8a6363af531a4b8ce4ce8564a4e18e9c796f9a311181ab970aaa8339c286e924671b69b06fddcbd5580f40faa6f63b21e91124694fcf422b929d4

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\platforms\qwindows.dll

MD5 b3c0fdf5e0c90b2b11ea47ac30d00dcb
SHA1 f0e77ea6359b825483807c4791cc802afe584839
SHA256 82886475a18ea367f9d409946c8d1ad99a6d926e20a40a6e2ff8edbff0dd3b4b
SHA512 70815fbdd030c0b174b186bb59ccb2705c4a9d5e04621c24f9c1e6908d0e223e7f5a3284c874ba9c3a34be92779ca3480eb6cfede5f4e2e40fbae59fb00432b0

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt\labs\platform\qtlabsplatformplugin.dll

MD5 5995705b62f1ca954f74b0a59dcc99d5
SHA1 342077d1b46d5bba36e4f0333dd7258f55ade651
SHA256 8df3e0528be697ca08e5c82cb2e77131bacdc8f2ed9324d14a3ce7fb8d2c7b25
SHA512 5d391cfaa898a0501f54b5a6248b111f63950731427944d4d40341e4c0552692e8178297bc31e63fab4106d30099defa50785565eba01e23bee8215b0fe7f493

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt5Compat\GraphicalEffects\qmldir

MD5 dff2761c6a369bb68fb64757f2ce7a1b
SHA1 1b8f6975a6ace9a806aa332af0f90a92d4cd3b38
SHA256 746e523c5ab620100ae9331b0736a7b76013b432982c9aa68c10cf67fba0aa89
SHA512 fae63c67b220913fc81f385e9de05f55377eb3bbc1ca3c5d3f51a2aef05532631c1c9d34013eda3a4bd88b98cb86d5e5f78ebde6ed48f0737a16b670daf202c2

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt5Compat\GraphicalEffects\qtgraphicaleffectsplugin.dll

MD5 40a9f3952037a83b01bfed728be9b2de
SHA1 61c643498ff17937e3e42925733220e88e207551
SHA256 34e10130fb528670c01c03c3ab9e1ae7171df0de477211a050e797bf9b0eaf2f
SHA512 76d8b87dbb1ef249f9b46ccc57014a8d88b29c9603d2502993c30bfc8d394bfaa4caa2b7e1bc05de28ce65a1e82aa71e3ee493426b929ca1218f0d6cc9e77e66

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt5Compat\GraphicalEffects\private\qtgraphicaleffectsprivateplugin.dll

MD5 329586d78bd77e76e91c50602fd2c956
SHA1 0a9aa198a6b1cb7dae7dc6d9faf8242f4e1acd7f
SHA256 19922327ad13710715304f6734ada287f6ca3fcd5921e27d5daa155381d03cb6
SHA512 f99747692ca92a1e5df9367d77ff20164e81fd0a3a986868555f935667bcffe290374a4b90c22a0cff6fb4e56e5d30da7a717f1e41d91fd66f94cdae7e9023df

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt5Compat\GraphicalEffects\private\qmldir

MD5 f1a067104d9bd191b0f3d848a0fa6d64
SHA1 53b15433f57c61c540c493963aff6a77f9fdff45
SHA256 bb9481e3e26069623c4dfaa9cb9c415529d084edd67edda1595854421bfac5ce
SHA512 71ec428d3ba43ea5c544f25dea40e58cc3f8605b6a15ea4312427003227637a99e74cb0e8f04a4a95a726026a65c2c02a31c1204db00dfac259298b3cf91b381

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt\labs\platform\qmldir

MD5 e49a668b90132546b4d746fde6428b49
SHA1 46870297a9a52118a50b846db083215b3233b2a7
SHA256 a56a9f3e36f099d7ecdc2d0f12bb1e4bca34f0c9b6218850a8dc676c29280e83
SHA512 1da70221873392cf25856a76f2810a0290c4ffd490cae22bc8183a3b165f645a10a2e47eacf373ff34bd1f4ec7d9352fbb814e52bc84c1bb514bc905c39134cf

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6Core.dll

MD5 b5fdc51aaabe8c0f1b611e003817b3e0
SHA1 e856cfb754a1f753c85f10e3e51914b76c916f5c
SHA256 8a1af6b5ea341ef0d01573a9005e5c68206cfef6853b5584e8a737c26c9d9ee7
SHA512 b9d9973d34087dad86a0b6fdaa0a8ffcb1261c73782459cdd16675001bea9333039e9a75da98c4f2f24891931fd4ce7dfdb090dfe046d47ece6b5ada99368afd

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6Gui.dll

MD5 817b182e009f388672445e69144f8543
SHA1 a66cf9f9909bc2c4306dd7a6382965eedebbcde1
SHA256 cfce665b7c477ebff815fb27a9b55d0b629183c0cecb5282a87bad666d76daa8
SHA512 3e7ac5cf005a11d0d0e23084efce3256a342fa559c393f40bb81ced616898e03ebdf265fbbc855864d402665471010210d6ed12a2688f9fdb4383a0c659043b6

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6MultimediaQuick.dll

MD5 b5a48a332e16e6728a2d26714c126c49
SHA1 5f6b55c7a2eb5afe58b5c09185d2ce1eb97e4518
SHA256 c87fa93fd57a6fb2f7d10e9c45ec09c9cbe1298ddd5f4d7458ff896e99b17b85
SHA512 4a5f92f87c6eeade882d088ef6c46cc93a57786fb740422806e6a603db4dadfc9ddd018829add5c59db40ed86a4d5d25c933d97b712cb2b757a32a7c8771037c

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6Multimedia.dll

MD5 bdd2401c24e694769007d290744fa00b
SHA1 b1d5b2333a643fa3010fd4d1de8a403f6a42f033
SHA256 d65d749813c1778264115ebd03ecccd87628dd1432a03560f13b009330459306
SHA512 922ebff563f4c9a2c04526ae9b3d0eb63a4a3e2a60bb3843c08aeded55f6cce4dff247ddb70b44ff31de9c6e49fd9af78cbee45b4b05b2b8e6264fcb86ae134d

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6Network.dll

MD5 794760c25a8de30dcb152808dd5b7416
SHA1 8a4fbca5e2a29e56e5d25db6912a23784fe1a644
SHA256 f6702966e341d9a2f1707df5833db984205b3717fb5ce3cd2a37383ac347905d
SHA512 7d03a3077644e394aaf0e9ebbb1dcb28c4394139a508006c4134891670541d599216a8fcc1e229debb84ddfd0c2248392510597e2fa1073675e01728a0d8dfd8

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6OpenGL.dll

MD5 7e0773c305ab95833cb14884766fdad1
SHA1 566c5942e445e42ccda7766bbb2c7a5ec7219948
SHA256 5180dc9d9394d8c4de756d6e97e6f12e4f27639578124236589e08ba837f0d3f
SHA512 809599445c48b9fe486ad157891ba0459d446cc268374419f64650dbe2b11d3848d917811115aa11ad613761da9ff556a788a81cb2c5f390cf7150fd2fb75c39

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6Positioning.dll

MD5 5918eade11bcca3d515081fa588d8483
SHA1 a83686f6612786a3749431a810b90cbbea6e4926
SHA256 ed4660c36afabf34e5ac18430c94ef82122e770c28a3f71b88a09fff0cbe7a69
SHA512 78167e577f241d0ebf2fdae86bf4d89410c36043ff8bfea7544942d779297434e738db5c8d8f928d13244515d9fbf3535c8e8adbe99d351bb95242cf9cf73bee

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6Qml.dll

MD5 903ee7dcbc454a86d6eb9827ea627966
SHA1 2fd693ba9ea121e2055f12a966028f2264ce9275
SHA256 578afdb3822eac599b48f6e101a35d40744afcbdea8f35bf3c69b57004c8ad51
SHA512 042bdd2283578faeee87d8f338e47db5b138e0118de24fb4533c353e8a4c7f5d99c7dd6ff699a8d9da706dfc56e5d712d285e17e2088a0c56b531206cfef03ae

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QmlModels.dll

MD5 3d185167828e5b21ba37d2f7a366aa6c
SHA1 a865604239a8c960695512e494b6a876ba052720
SHA256 846d37da5d81570c08824fccc2a1fa7b10b40dc15bcb2a71b9da553b87680992
SHA512 8d41b405fe4c1881b2f6aed9a4d655ed9a3041a92b977ef7e48ab7f27af1e61f6b8c97b48946a15ba7ac3b99ef06186670d42bc9f0f68b7f8e02ae79e0de8f55

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QmlWorkerScript.dll

MD5 48f041709a6b31471d6eeaa090232d19
SHA1 feb934bde6bc8d4042e96b579b7b8a2b01af3679
SHA256 c52c62b7feb5491d2d914ae10478f3a0bfa3fb58cb75189932f5dd5ffad31b1a
SHA512 efd6169527836c8088d78741b2d813176ffd6050536187323d19e41ec1ee58eaf28ef51412665fab2425709955d046dce370f5d7613c64d2713e81111140482e

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QuickControls2.dll

MD5 c6a5d1d04232d1f649ecec45b6a3f01b
SHA1 3a11301f621170b0aada088753f83b1c917edfbd
SHA256 3e8892f343a7850884d88935cf67c28a97e186271c34d33dda7e5d0c83ab22ea
SHA512 39ca3971179a6b11b1293d473f82cd22f8bbe0819773c96d9c952a42c93cff12e6050eab6b5b8b618c66ee93f72fa0862d271c1318e30c305e1a8cb828a2303a

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6Quick.dll

MD5 59511eaa8c0fcb1af74123efd644e849
SHA1 3538e0948e97f898745b0abd268ce15c97d00715
SHA256 5deee180c5947e3370cbde40ca5151367d8cf48879fdae1d748fb1ee995744f5
SHA512 e2373982457febcb021e9eff401df3092d9edad7134e87f2ee6d0717da2df8ca47d7d089279c396502235a9ec4cbe748ac53a6613ee088f1fbd0814e49f63bf0

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QuickDialogs2.dll

MD5 8edd41e58cc4203d53ff49d823afef39
SHA1 38dfd9301113737d4d6fe3444e048d1bf4dd3dc6
SHA256 bfb0dc7f2d715f203b19a0a39f16542f00892c7c7d2c9789d878f97b8e646b2d
SHA512 5f68ef40292ba9133d43b259fd1441813ec130b935fc6a664a892fda75fadef38cd332b4175dc038ff75e60b4285c4992c0e61f6267e2961a2e0b1dd32045932

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QuickControls2Impl.dll

MD5 cd9c82e899b96d90664d0fdbd3b9b328
SHA1 533d7cbd433d88aa815e530c1898d2436c5cf26e
SHA256 b1f431714c90b70c990378f4ed8d598f333125803a8f891b5f5d49d62f37045f
SHA512 539e7f6ba69be8d86187aca70af18e59104098a7979b2258e6a6b6459d3a40b34c70ea26af524d4961b0de3da6766ec672d36d6f8766b2c17758661e5d448b9b

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QuickControls2BasicStyleImpl.dll

MD5 8a6e9a37ba9e1b09c20db8e36ceca0b5
SHA1 fd2ab3d9e63dfdaaad1c5e0913e8b8988920fbd2
SHA256 e584ad5196ba39477c82b53c4494e2634f1d680662366e13e9d196974f4b09d9
SHA512 462e37a8d7f49f15c62c495e4bef728603b37e3d521637c04c1f009b55acfeeb9b3f782f43795ead5a280663f086018a2197b665d82bafc275b3617b17e9e1ff

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QuickControls2Basic.dll

MD5 0efd67dea0c545954384c802b361830a
SHA1 fbc6f799b9d048957dd58975a358f0c5706af5bb
SHA256 241f93951bd5354b645dc85db5fb4f886e7486f624bf007ba7d233a89e5e4f0e
SHA512 ede83a52bcc79014fc752360f2cc72d7c82cc2a4a3daf5764758b5a200c434cedeafa299012b4f47f84a38004f449493010faa7e5dfb734327041d42cdf2e0b7

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QuickDialogs2QuickImpl.dll

MD5 1fed3fe9d304c1083e54ea30b383635b
SHA1 aad2eb155460089e8d6d3cb00821bac8c5d00e7c
SHA256 2560952163e1de8d982e669dd271bde723e32b2c93de6721e3ac6174fee91cbf
SHA512 1121193477e8218e9aee2fdbdabf5b43f42f922b2af72143240e013268b6ba1fa4a42bb13099c7ba6e190715854798488706c44158408e2ebabc4c0983f7b099

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QuickShapes.dll

MD5 70b3be941970285ab6c5df7da09c7995
SHA1 9e9cf814123537cd6b4c2c78821d639457172e04
SHA256 96c7d04941ce1e2aa053756c24cf770eb21d5d87488d12e0e52ff1aa23f2120b
SHA512 6a0094d53fd076e45ab445435590e3c36243517d97e31b054180298d9873d67986554be182e07a4c87f7ec03346c567ee2288e12d0c8bf7f9ffa2bebe21983e5

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QuickLayouts.dll

MD5 8a386180bd4c11a96a1ff7b2a9b47320
SHA1 3a25f58ac2dd640469730045f77a1c8d36349c84
SHA256 ba807b732f8b380118a0dcab28aa75c2df3bbbe1952f0b14164430a7d348bf30
SHA512 6d0ccec63889f4d7b54aac8ed97e11b5ca2179ddc0174b0fdc111ef670497f349e81e4a5961abd1d4b260ad9cebd25a1ee2c5ad8dde7a9a06192c52152498e4c

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QuickDialogs2Utils.dll

MD5 0206f58a2b914da1ac21bec6858cd61b
SHA1 b0169cdba3e35229d29809e7da759b1fe198707f
SHA256 e54f5c10133e2b331c5da0095dbee0b3df4c0f29f2341db9d3878ff5a825209e
SHA512 98e390617a5cc898d45ab3cb204a9c9a688158487e1bf55f47f3e492d9a66edc9e47a99d4610c39834b2488d06a8c0edb634a703f0188293eec6094fcb77c9bb

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6QuickTemplates2.dll

MD5 ac8c3b6ea0500c236b1f78f7084bfa2e
SHA1 3d93090b8d5b4023287fad1834413cf9ea838ae8
SHA256 9ce15041acffb2a9c2967cfc8144f4353f26b70113ee7e0f12ce582fb6cf4a74
SHA512 269d7fabf3dd5819402a0dd7fb2b7ac81abeb775ffaf4995f00acade78cfca81613d89476638c110898e9e1522ef3c2a477f410efc33860ccd6907b27e1dac4a

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6WebChannelQuick.dll

MD5 ddfd4bea4e325844d083ca06be370a61
SHA1 85ac85fce3ed43db9cb8286b74a33e01b4b48b65
SHA256 e842737a7a88fd6e7822d85a93a8eb0b7873f09cf1c5ff7bef21b53d2c4dbf41
SHA512 e462089d9f01b93efb769bf75dc64fa8fb275aa3a37fe48e1a3d1bdd33a9f7ac9125f8fce538d39ec05f493a673611a69cc126d10e7e55212472d9a7c4c9e37d

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6WebChannel.dll

MD5 e1c366b3a51c734adecc49be9a0142ba
SHA1 342d3d3f03f3b56135b0f59a6f2b5191e3900b20
SHA256 52653500fd113610125240f5d18b64c5373eb0b75c8fdcb2718eb68ba02acb70
SHA512 b84b4e3c1335277f8e94e297ea827cc1ea787a6d4508435b77d7c93aa093ee3aa81b2e6b6b1d87058acca4adbc42b3182e08db5d9ffebc4e683e70cec106dbfb

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6Svg.dll

MD5 3b75cf39102e5152a34bab94edf82167
SHA1 ff99d035fba6f8e20e7ea5fecaa3435dec919cde
SHA256 cc8fefc7bff06fe18e7994039b0943a26b3fed4d5c9b09845e464bad3adf4f66
SHA512 ff46d4a54e4b4c7915ee5172dc8e6b176039fc6c180cd49aba2308fd7143f49529f96471d0c7e7a0f9abf101600d4414a765fd0b9b7b80c5698918b1a62cefae

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6RemoteObjects.dll

MD5 d1996fa4136cd8c2f643a3770ecf5f5c
SHA1 74cf4b91731a518ee3124ce649884a2757d9c615
SHA256 f3e3ae32eddd2290021c4e55ce3b519f2000d20e7e648102a1d0a3976e718e47
SHA512 a9f6af09fef0f94fe7cc50a2f98e28a8148d91dbbef081ca73011f8335bc9a746e74d55b7a94d879a10ce7a3cf50e69113a9296d29beb8f5366f5be8c9d788c4

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6WebEngineQuick.dll

MD5 97814a8961992936598f1b7683aca5cb
SHA1 6644cf3079595f1337116881e9cfcb2ef11c818f
SHA256 1585dda7eda1e6cca66d840257b23fc0b25b0f4b448b25c0896de790ec744cb4
SHA512 a6c2b88fca842a8aad3b3b1d878f50b90f573830009d0499248f3f1a38a8ceae42978cc106894855eda40708f09a215c77615960d06cdd1da634e280c94ea448

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6WebSockets.dll

MD5 04cc26f549ab23a726f5625d773f659a
SHA1 66f7b72558335121d676fdb276e3679fe4b5da17
SHA256 d955e7ffdf0f3ebae045796a242949f851db07ddfac9cf50df45f601e04b0e57
SHA512 b3f8f4012f683444f09e3a7a48586143e3401e5d165c6455af4bebc04c6e01d92bc3255c3dbe3fcfad08f7b55f6badb3216b342854d1870951cb153ea50c5640

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6WebEngineQuickDelegatesQml.dll

MD5 93c0440d85f375b171fd01c5b43ba85b
SHA1 f05aeb8c34aa2269a1622d1748c6702334774fef
SHA256 efabaf7879040b2ff01dc1db582f15ad1d28e04684eb67f3907e24c780c4e014
SHA512 b9b3c2af9678cd6610317fb7a64fdb2e1607980c515d213efc74851e8580301c9b9520bf6cc8a06d8abf8ceef47f169048dc7cf1bfd31ca268384c21752f4827

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6Widgets.dll

MD5 c3241a2e538115dbaddf3a8c283c7966
SHA1 0833370c511d9e44d6a9fd44eab950a77e6908e1
SHA256 6a97350bbfe5518c5e41453062548f493014f8037a70645246549de33e6cfc17
SHA512 3ee01be6b0f3f112cf0f64ea3d446bc819f310a9fa23b96e6839d4a4c007a70603a7cf595c25c107f04a65110639b3d617094c1b0d1240dbae9e54ee42e6b148

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt6Xml.dll

MD5 8169c439135d3453614e28466d0f3e8b
SHA1 14cfaba32e6f878e94ac2137852dae5dcc67e3b7
SHA256 fd6e3dfc8be003418f40aeedd90aef4296ce39aeac544a3f4c04bc86ba1b06f2
SHA512 6d2655020f76412a45adc3b6da7b0c5ea9e15031161f346ebb8b8875dd2356fbe0d66d9ef829292f5fe5bd6fb495e003413b4b6cefdd348188b8cb8892a66a34

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Controls\Basic\impl\qmldir

MD5 d6b02bd0093c8bb00347b387e01be80c
SHA1 06ad73d6ebf391957932c537f8b933ebc82d1bae
SHA256 89daa248ee0544aa92530173d3e969d4c5b05ac2122d836173cc50d069805cc8
SHA512 3b0813529bf0b1fa3541798a1c1b8a738f13d0a3f769b0d49aa242aca18b5ba8bd3e3e2746ab7ac0d5cd680d916777814fdda5420bd31bdeed270be8e4428fe7

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQml\WorkerScript\workerscriptplugin.dll

MD5 9db78074c4e988c40441b7f318d31a29
SHA1 b507f2a12d6698cc4acccc14423f8adcf6da5dae
SHA256 e478700ec9dd0f1de166f43eaa408a38b9bc2f8b994a80846649ff934d8c0e07
SHA512 917bc4a6f347b81e0b0bab1b6a9782d0a021771b98684cd9f9c2abedf155491006a01e3d56b5265a01ee7aea17965bdcee0ba290dcf92e782937aa816d2b041a

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Controls\Basic\qtquickcontrols2basicstyleplugin.dll

MD5 bbe4d4b6f282dcdf020edea17fa11234
SHA1 ea871074fb5abff1baa4087f1aaa6409f6a5f10f
SHA256 4907a1cd4ad812637b1c5f7359b12f1219c462962eadce8e6f8472fbea628104
SHA512 50ad4997a84da6c272c79d3dc820d83438d83512f5c35c8250e319577863903f4a8eb4a2e995b6c3d023c15aa5aa147f8345ebf573dd5083746bc25521a57524

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Dialogs\quickimpl\qmldir

MD5 a732e1b574ca5ab3590b8c6d6de8b2a4
SHA1 0bfcf7f7af86f82b196446e0542c367f88023f24
SHA256 947b7856d7f3ac5e731045d2627973df06744aab3ff392248ef2eda5d42a6279
SHA512 9dccaf5a9258c8907d58c0d72c9ba315e32d4878d3d31168a58e3e5c4cad234d34d668f6979d57e9e47bb5c5fbed538f4e4f7009ca3c17f614f7367addbda4b5

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Templates\qtquicktemplates2plugin.dll

MD5 d804c42ee7783da45affec5016be7546
SHA1 7128d899253257f14829ca2f28fb9b7606f38d15
SHA256 e931944d5eb53bd373d2b4dc9e2562951a44e49c40e177670aea7735f3a3497e
SHA512 0508477329365f2bc49176d358df4c5718eeab85ccdd74a928e2f8df23eb75203115980c6f3b9ae948cc3b9f3cf434b27784933ba36f89f43cee9ea77cec4a02

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Templates\qmldir

MD5 d6238b74f2a445964a7f223b96bc6442
SHA1 a7fbbe96872ca73d293470ff50f4a0a7278c10a7
SHA256 60e185a2a878267d15f2b54f6088e1bcb3c7e66b67ac016b121b9e79b305a9ac
SHA512 5cbe2966e26f6ec1227fc36e3baa363fc9997e5e2322100d8f7dcb0faf520d18c210568a7682b85156d5d73c90465c4934e557de08d82a1ca95989eca1257d2e

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Shapes\qmlshapesplugin.dll

MD5 cf18f633aff01189246c1a2b257bd8e4
SHA1 e782db1781c57ebcae62b01d594ecc81022e6379
SHA256 6be600ee9189a6c84e35eae24e91534ee5eecfdae33797e15472c6ffc8ef039c
SHA512 78473cc3e4d2cde99759988e47d4387b44a5b34245d59d0b6f2dd9206f96ccf7aa2f06d841c546fcfadf239fe0a6d1cc8d775f74797328bc4bdf2746345b43a5

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Shapes\qmldir

MD5 29545ca5555980969d58494c03e810db
SHA1 b56a6150c8d39708e502b53d2c7535438aa02568
SHA256 de2dab12c07574207db93315ebf5bd6ec6656d1aa506df756328f73342b2a7f9
SHA512 6715f3b9f144ee65cb37cc200c1be14a827cc40b6fbc47e456a5ad04eeb751f69b1cdd8d4c3fb2a5ace30173c2d61b6633958e7b8753a2c6bd9c3d27275941fa

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\qtquick2plugin.dll

MD5 0c90675a28d95f6bb1050b69f6477de4
SHA1 bb8518a467430fc41322060361534ae73879f362
SHA256 e9f4fa73ea93efa6883c8256f74e4351c7cf808db721e0e1d49d4f5af97cdcac
SHA512 c338061443eca85503619b9b9e5397a480ad60b2478cfe3468db360c88d0d5f938fc577e5393d8dd4ae8c40c335000bda9a7fbe9490f112a5ed0d2346be0a605

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\qmldir

MD5 229c819d9d388357c948f58e96513964
SHA1 9580844569cb3de2d0f728695d9c83c6713d5c74
SHA256 137c386f9b2ba49fb3a3417b55096f6f1bd15a794a98613a862b490a6fe4fa79
SHA512 61fb9d95be728ea658b31b137216ca2db2a52ae4523ebac1f7bd7b20fdfde4442b6570b03c7defe9047a96905227cffd0160a6e3f42940e27ad58dbf3b3383ca

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Layouts\qquicklayoutsplugin.dll

MD5 fe46bb3ebb124f1a49f3b057f53fc117
SHA1 c0b2d468629ab2f517d8bf91916b3d1361526a2b
SHA256 8b25efda99d9978b84c99fb5c63b423ebdbea40061611a835cbfde745e6892f3
SHA512 74d428d7737f6d0ff723c92ef680f9807c8b5eafbc472a3ba021217e0d61e74847930c7a46e598b39bd8e792c205988da51b1776076a2be598dfe1d316798863

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Layouts\qmldir

MD5 59476cc514bb3c0e6d94b0450fde47bf
SHA1 ceddc40c1c97d5f88831e76460afb127b808fdde
SHA256 be7bc0d0defd3037fd4493987ade323210f191bad527255eb32d1df15b1b8edf
SHA512 3331f35f7c6c6e278192017b73ead6802ff1c394111c82c061120cfc7cffa365c407328a5b31d239f847fd3567ecc2afdb3f005062ab948c504bbbae21a381c9

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Dialogs\quickimpl\qtquickdialogs2quickimplplugin.dll

MD5 abfd86b2b24ad23f3aab3edd952ab053
SHA1 3f82656bff4f357ea40787d43f9610c9e4a2337d
SHA256 c5ee749b4f347a1e00b1f912ebf5e4a4e6c34ffcb8877b5db556742b0c46eedb
SHA512 9768741702df37fb2bccade5d0118c114cd6440bff1bd7e76801a51c34c86b82e681cb4b195cbfceb4cb2936c81eed0b40b14507084ffbbe653b1e0f68ee27e6

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Dialogs\qtquickdialogsplugin.dll

MD5 3d45a03c422d0604517d735180f32b65
SHA1 cdd53042670df5cbd2a94b595553658ce21ab2bd
SHA256 00edeaf6b5447c16654d1e8f010d882d909aa2766afe44f4b6e38b260a9928e8
SHA512 54e288db318376cbf782890bf46b51160122e69fe4a6a61cd6ca42b614c37ca74d38f85f24717ac78efafb6ee14d844a2240dd94a41597c09875d7d651ee3e6a

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Dialogs\qmldir

MD5 82ef8bdd05ae26b81ed33e11d06e28d7
SHA1 18fc845d32c1deca96d97d47a5a6900ab7f99747
SHA256 6b547b8e506fd70e034967fa4678368a515dc8e7cdbbdd0fd2b1f263b28fe46c
SHA512 4541c30ecd7178dd6c238a99eb3f0a9fa46029e2366ae3eb1ea9684619038832534e5a4b0658973d47597ae7bbd6e344c8cee2d74e1126c2657a6be8048cb393

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Controls\qtquickcontrols2plugin.dll

MD5 603a83e1eb93e0b4e1c7fe1b768fd105
SHA1 3f5d29c06475ec16b7436a121fc23ecd861f87e8
SHA256 932a269dd90d509b03f32abdd2d2008db697f4750df47bc25eb6b02e965f836d
SHA512 0f39d3091eb96348222a935f567509c7f5edfda74f7481453386c3e7053405517296d28cd264872fd1a50951d3bd417b4a40df24dfcd425d4077a3a78d4a0080

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Controls\impl\qmldir

MD5 10b88077e9248124cc7eb9a17b5d6906
SHA1 a519e508367c7e7002fa17fbf1be61a0c7242e5a
SHA256 d968aed9b217c5a95b8a0d3d3f48635302696b9b2f5f7e73ab16e8be6a9fc66b
SHA512 90c735b12bccfc14c8583450a7df0e0a8a0d56173e2ffcb377aaedf18e6d9960b5b52ad53494da8a53c69420175b56766a0cca29b096dcd2918c533f7cda5ab6

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Controls\Basic\qmldir

MD5 3329231d19c34ec08997356bd2df27a2
SHA1 9f7214d9f3b15263ee2fee5568a9940b3b023a06
SHA256 142346c196c2b2674fd0f0e7f8c1fa23fb9964bce47c02d5029041d6a9248c69
SHA512 ae9a06615a5037a46eaaca120b4ccb176466d8aa0472fefea59dfcd7d83e5d05a1773f941981f41d268d8fafa421cb0f1b21bbb28e3918a3f548603a1a939c67

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Controls\Basic\impl\qtquickcontrols2basicstyleimplplugin.dll

MD5 5bf2a01e2dd7ade5616ca79170a8d23f
SHA1 cee7440be25c58c73600a50cb11bb6fac7136a61
SHA256 554e784f16b2150058eaf4cd3003c018e980b4fc5cf93ce1e93f3eb14fbb74c9
SHA512 e42aea99eb87ea4a2bdd815c95c53b91b80a0df5603d7786e0d9b1c3fb0031a5670574f9360f17c5fe35582118e73595f4a6a5f2b830dcce32a6b8aeeb0329dd

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Controls\qmldir

MD5 a098009511c5c0a59833180919453a5c
SHA1 90ecb87885d6fd7aa15cafd2c8d67a68c4d43f25
SHA256 9fd5547623ce4b95247351517534bc5b4b29d43f36f57b7f3378b24acb58ef0f
SHA512 63ce67b9f9285453f5263a6b1ed612b9434c804cd0097ce56ca31448a45ddb7befc592f2901b83e66211b33cea7ea46635d9213277eaeec8bfd683ab65e62c8d

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Controls\impl\qtquickcontrols2implplugin.dll

MD5 42cbd88fe9d6570f24b4b517e5f30694
SHA1 f7109c9ca08efbd9040d983b3f7b1f6bb6c4b1d0
SHA256 0736118554729f3a01528082c106c0717f92e728dd93b4f9761e7d39b050d64d
SHA512 0f6e8f4c1b1d23197608d1a35827665454e3cc439b2ad80c6b358a8238ffbe2128b5196635e2f78f0ffb0302958c1b7a54eb0e8d5309a91c1ba00ad123093101

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQml\WorkerScript\qmldir

MD5 2d775cb02542905e995fd826dda7c026
SHA1 64ecb2070786b0d83f8f01b4f0fc8b44fe0a191a
SHA256 516dd5663b9e122cdbb2d212509724ccbb826b0774b1eb08cb96c5f82fd38ac3
SHA512 3b2aa32bac27b3b384a518926d4e26d5655a4434a907b327cecd61a0c25ac5931f81fcc49d16d0b25cfc00f98d346bd269310829c6064a54df2664c60f43b718

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQml\qmlmetaplugin.dll

MD5 852714229daa6a278feb0d01f8e34375
SHA1 92e768efc89624434a610a7201721e74db49f0b5
SHA256 c02b6e8fa0a1b93c50096f56218d38e0d15099c7e1b58ddb31b24951d3e1bcb0
SHA512 81152863a5758f73ef72f852e4435d5b147fc130805272a676dfe3fa415eddffeea9193ae70e6834513d0bcf09cf2881bccf18a98404f27bb3b84a1b466d49f9

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQml\qmldir

MD5 d23134f3e810ba1311f1526c8e784685
SHA1 409d8050b045777b22529a814be8fc7daddda2db
SHA256 872dd0ad9c23701f8e551ca98f6b15b1551b3af0d4fafd2ceca61b328d45df60
SHA512 3b113ace75caee2268f196aef8c636482b3ec84de6055fccda50eb518bec03f9b4db2f4930177ee3d4e6ac896069a3bf27d596d9c45475428c2fcdb1e3f3afd8

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtMultimedia\quickmultimediaplugin.dll

MD5 006ce437705bb2b7b296dec8d971fe51
SHA1 e0f334a24c8710c044f5752b8d958885a49dbac4
SHA256 46af14e6e6873f6c878ee68def05934a30d1ae4328bdf1904cba00d354322c5d
SHA512 a0ea63d3bbc4f072449d9a5390f8a4e2394ec927ba390084c786446a72c8ba4cce94f50caa910a2ebca8b70d8ed5148542b08aac746db2f18f2902c4b2ddfcb2

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtMultimedia\qmldir

MD5 b7d5c74f4485b2550ad065e16252976a
SHA1 af8c4cf1a294e7efa6bffb00bf3a66ed9750f18c
SHA256 2a0f427a8594e31ed6b3fbc1b2242856976a02131cddd8c59b23858dd3d67cf5
SHA512 25581e90656d77023d91e2ec5797b6290e805caec2996ec58be98c618e2284c3657be93f5cc18dfabc6ecf662279a1854be08f888805b217628172ad040c47f7

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtWebSockets\qmlwebsocketsplugin.dll

MD5 6162f3f09fc11878e4850c1c0ca57d06
SHA1 c454f1985b65b8ff64ff133c559ed9528c8cbbc1
SHA256 0935f9f612bfd0fc905e86535193663cffeee560a8af83433bd67cd7291eed1f
SHA512 7b5ffa2d36938585565954b564abcabd15ea3dae56495b199f09d51bd92421e2f5da26e5e99e6a79dc24b5ab73a155fedc147a347aa4eec77a0d88114ae74f73

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtWebSockets\qmldir

MD5 b37b47dc81d0ddd5733d3c3df54a0ad4
SHA1 de3b51b3fe652e502ee44061552affcbfe6448c7
SHA256 4ee99fa9bbf2dc0c4526df9f10c54f7833fb503b508e6b2cccbe573b422128d8
SHA512 f3111cffb73bb28dc43afd5cb5ca6ba2ce68620ec363caeb7b86275def0f06236103f2d1753c731166d222918b0fb059b73fd5d6298a1a078b91a5ac038debb9

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtWebEngine\qtwebenginequickplugin.dll

MD5 fcc2017d74e088cbac65104c90474063
SHA1 2b4d32cb48be3cad1f2bef4c6786065f5fd0b733
SHA256 cdd3e9f9c1dc7cdd1f20b0d932064f69081e84aa32f1061322dd84d4136ffec5
SHA512 83a53d4cf8102131e2d400daeebe700da4964d80262848a72070931ed8046f2831f2bf9d37a53917ab36d25a31efc7f96e19a9495735d9985d32dee4a7afbbb0

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtWebEngine\qmldir

MD5 305905ee8126ed39d5f4b5312aa2c99d
SHA1 46a27e297e6fc3846f64d23b6b54512c70ebe1cf
SHA256 9ce4a1ac66b6a7dc6950b0abf7040117c107aecf0432ede1d015d45a8883bbc3
SHA512 2b2c9a56f77f5581ec3758622ae47adf28f790a68da61cb1759af3ba2c6c1906940d2cc9707b2ab4a2b564096dd144eb4eb453a864e36600a7ff8457be13becd

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtWebChannel\webchannelquickplugin.dll

MD5 42d0cc66b8adffd8db1c44d4c5ebc188
SHA1 092487413fe9e4cc7d65b7fa7e7540a4f5761055
SHA256 89e99655ed1de0d8daa34f7fd550509f0e64795ddbe4c866c66715adbdec97e0
SHA512 fdba365a2dbf7dc34bc67313ead8ed406f98412d87cec2f2c95656861c61e606929c15a834a9d8b8e339b11fb8db2deeec617a82bb4991b3f3cae268ac6b0786

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtWebChannel\qmldir

MD5 e0e05541afe2a4120f98b955aa43f663
SHA1 8ca6194e64beef2352bd3df18770eb7cc478744a
SHA256 0d728adee8ed1308524a8b3e5234781d8207a15dd6c738b74e62246f9679d21d
SHA512 0333def621780792272b2c9af8ffab76ada8ebbb4733ecdcc6353cbceea94b83b25c861f424b9d5e37d4d63f198da76f58ed6d77196ba29483aaf1dcee786a71

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Window\quickwindowplugin.dll

MD5 9703533f14281d6ddb3635ab0fac97f7
SHA1 bc26999f82b97e56aef84fff6b2adacfeccbfb49
SHA256 9aea4a0ab67426a0ca989e62e8a5cd8290cc169fedea5dc6912be3d32144ab0d
SHA512 3a4472f522924f3e9a930438e514d034141732d9c0df76961dfc8ff4d8059ddd89fb89ab85bfabd5ce7493b15d3ecd4ee4b61110be4ce9cc011aac1d7612c938

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Window\qmldir

MD5 94ebe16c3ede17a27d79716cf1b00d3c
SHA1 34f50446b26c05a86018c2fe587d0cecdeb7db29
SHA256 cf518c3574e25f91acaec7ad8831e28c18fccfe15411672ea56809b2eb94077c
SHA512 f19b2326600b902bb124a8c5b07d70ac2e6b6f65a02be9bf7f95b7641e9c44ca3faaf3a409b5e47b4203fcd1fa62eb49ca4f09eee0e95c7806428e58971ade6a

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\resources\icudtl.dat

MD5 e0f1ad85c0933ecce2e003a2c59ae726
SHA1 a8539fc5a233558edfa264a34f7af6187c3f0d4f
SHA256 f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
SHA512 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\resources\qtwebengine_resources.pak

MD5 f249e5dd0eaf7ffbcc2843fccce85ef2
SHA1 ab7449a0d3fc68daa29f2cce08263fc290c4b046
SHA256 7e9c3c381c6a1bf31b4fc75c68a9c2f30ca34d9999291ada1d3eaf0b79618d4a
SHA512 be88d39e01828788e5a8b8c436cfc73d2863debf7251b92323d2ca3c02a8737d8edf1c70d24b98a9b11388cb3650129ed46e8134ce3b168a8564e37c3c67e215

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\resources\qtwebengine_resources_100p.pak

MD5 698db9c6537b8d9dec4869a11355af2a
SHA1 0d2450a12e0b3405ae30b3c7f5ad233fd6cbbef2
SHA256 c471280e5c2b50d0089c069954c84b121a70a7c50a2865b061e6c5eda329e634
SHA512 deb7faffb6e3c28616e200d10e18707df229a649c9d16e6db8921c3eec7381aeb977e1308dbd07bbf2c2a839b19de25bb6f8a9ba9d094f1243c3aa2d2ebb3f16

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\resources\v8_context_snapshot.bin

MD5 38a09bcf4160f5b345942462b63c1c7e
SHA1 c4de02fecac708d94096d6e3e16cfac3472781e0
SHA256 3202f8ca18e49da8be573afdfe3ada8b98b351f8c5f1ec08ee92e8f00cd8d9b2
SHA512 1dfc511b0b387db1876989d4faa74bdcfde66714af76379bf768f71252874a6743bb803035a137f87c530d120aa180009215e8ce1020dafbc6f531381e891995

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\swscale-7.dll

MD5 60ee6404315f42cfd111ffda6d30a1a4
SHA1 14aafa75e18202af1a4bf23d526d1738f96c4156
SHA256 331c66b7974abbd85639c63e9ebf63c62858d5b1d8a47ba52c7bc10715aeebe0
SHA512 8a4d858ef96a9cbe311bda94492d6759460f93751a79dfae826fb6b63748626134b11e3f30a37e19b6fff1567556d6a3f51d22211885bfad433f8a4451d2abea

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\tls\qcertonlybackend.dll

MD5 5240566cd1d97774f03c319606396659
SHA1 7715e321e912f413561e0e3e5f6316ba1ea77525
SHA256 9039e7af3cc64ff8d653b71f8bf9a90549ef5f35de6beed23cab336f4e3102fc
SHA512 4958b92c632253fd18c2816a3dc288285e92a96a265766679881efac284a8c49f9d49ad5596206ec374506e4341a9e10f5d66354fc8120f29375ed0feffcfb2e

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\swresample-4.dll

MD5 7eeba1942a05fe865cf997fc90430093
SHA1 b63c26c162b77f80bff2fad565d07b34c8051310
SHA256 baa987629e36f324a77a8922ddbdea7652a3ae8b5eb55a0f03b475facdda8293
SHA512 e466a02df89336002f2f2cabdc1b9f208c150702c5e1b1679d5012fa791631b99443e25867940e5d60e812c64874a5fb2847716e6712ea6743b6ff8a36cb8ea6

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\resources\qtwebengine_resources_200p.pak

MD5 09da93dd890313c6051e3eb31cab562e
SHA1 ca4281451381360393c0abac1029aa4c632b5ce1
SHA256 70418cc40f2078d59972bfd5d182b1169beceec2a828a5b81cf6e77933adf6f4
SHA512 ad00145b99f09ba25ef886ba89e3339c52d09c8080d0d9cf33707f23091e9bc8fde035ba99be291303f727b99cfd798ec3c77644e9ff46c0c6bf64c8d3e91856

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\tls\qopensslbackend.dll

MD5 2ce461340c36cefe018d18bcfa0bc943
SHA1 f4116728002c0d1e1667af27b359ac0d90fdf356
SHA256 d78806f6c92310172e095240b112bc966c60c7a34eaaf3aac8497ba31e6cd95a
SHA512 ca0822cec7e6f49a2d9f8ba889fe28d5309de4b6f25da585f1fb4d10420a815d2817f3e39cd82207fbe68e755ee98a9700c6053d5950e3442d865fe0eb487893

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\ar.pak

MD5 3368204e7ff3e30e61651b6872f7a6b7
SHA1 ef64940a8b0d955e4f2c441a967166fa55064137
SHA256 65266af2212453cc9cab96296a516070375924119ec55754f41c8053af3d8048
SHA512 2d0b4948e191a22837ef2dce2db59ccc12aa111ec378de6efa7281e875e98c9c160adb94b4b373e16744b65aad5c85eb1fef0fc7a12d2cb49ddcabdc95dc6d9d

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\am.pak

MD5 bc4c700b7c415ad4c92e3bef4ae7c4a8
SHA1 345931d353f78872bd3b516e2252acfd72c534da
SHA256 ee3bcc0a396a18e14e6ac1b4f2310cd6118c7fa9a317e67e273d5e2b8ca01d6d
SHA512 fd0ca4632c6a7c166c226c8f84f3a39448b3e21e7dc1404ba912470eaaafe2c891e435d5b2c3347a7017aa5bf34fb45cb74abaf1bcb8a2a02946681ec49070fc

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\tls\qschannelbackend.dll

MD5 a79fdae77d68c47599a2501224a1bb1a
SHA1 11d3bf27e0e54eab9c8cbba8639e37fd6c2cf647
SHA256 8a25fc4b8d29ee934fac2a26f85f98b82eaa4eb5b0ea924a98bfe597cbe7cd71
SHA512 5c2941da9cbe7973abe90d25b4e5e56a0bf94d67d43c0d5652859f032146461f9db5b0de5580e97abe0de067aa82bf213ae32b98c90ad1ea3cf25d5bef0743b5

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\bg.pak

MD5 fcae54e530f1c0b4cab64328c89e4128
SHA1 bc54613a70daac0cb08dc938ba830a3332bf5656
SHA256 bb6107701d4184539f914a33634ae0300d0a9e2deae979b88a3ece53605c5179
SHA512 00b32d37822a1bb74a8e7fa22157b5034655c4be523df9060961bc81637b554fa78b3033b51253c2be9312e0caf3a0e30d8794d3593e038b24f8adac87f64322

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\ca.pak

MD5 dd10c97f6c8153faec769dec63aeed67
SHA1 37fff3ede19be23bc01c4d297372ec2a4f4338bf
SHA256 beec5dbddc73c0d80faa6677298f002c52dad4991deb5f533da8f07cef775be2
SHA512 a387606c54404e2b07db9541d23124a3d8ccdfe6e3f6f27492f5bcaa0fb5be4de59b50b3fb288c5261d02b719e4ec05ec767e53469ae96e6d943a3bf2920f412

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\bn.pak

MD5 e5bfbba7a15e8d989257ab6f4cc65550
SHA1 40726da19598b58271c650311039ab6f7d7f2bb1
SHA256 9d9bd667d75539698c1e1febc4f0d9f37accca2cd0813314fde01df8d130a20a
SHA512 7b26b407d51d27c73e3337e8430ecd5e53f07293edbd3865774f0cd76efd615d4d699bfce6c05ab3d44ecab6fae13c80359f2ea94a08ffc1d822d10033b82ca3

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\da.pak

MD5 18300a43e13aa570e0ddad7205e4c528
SHA1 3a13f35888d22437055347ec0fd8b2e67cfbef28
SHA256 dcf563b44cf1bce09dfb017a8e51da2e5653e834e312e7d9c3a868c4b90b5a7e
SHA512 a1c4d8333461c723bf6ec51622759f9a7f3a89ffe03f63b3223d296ff99ed926d2836c819b5ac4da2cd33eddb8adcabcd15a18d5c9bf41d399da17c9bc65702d

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\de.pak

MD5 ef63e015c168179a884821c9db90bfe4
SHA1 2dcab43076d76cd723e6d01e99fc6ac30271eb99
SHA256 4fd6c23374b3bb860a705ab343bea2905cda824953cf2729f2da7c86ef314f99
SHA512 de21ce56b1f47fb42b671167265b8d493f6d0d27cde4bd97e1fe6d86f26ca07208a864b47b0d1ec7a3b2163447791c986e71fda255b1702f2f0f6bc7f50235f8

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\cs.pak

MD5 2fa44a92c2e2304f8180f703e2363d2c
SHA1 73ffa3b6999acba487a76b77e26d52d10a4ff69b
SHA256 6e6e158da321c3914399aabad1bb68f43d907e21c5568c182ac12539ed308672
SHA512 3377284037652bcd9a7cd1b9397e0c7acf084c42c7ef5170cdd92c8e1eb2005b6cdd818abe6b9f24c1cea2c10531c1571c351f331da42d68320267197b1d21d1

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\en-GB.pak

MD5 1d94e3d6893a9f8e54962482186ede36
SHA1 357a64334864a48d72b7d3ac8969c28fab065505
SHA256 525d94f828b967070b72e6043e0b9d1c55364b382be1f040b010b90a41b6a815
SHA512 3be8fc06e379df5d6389547a2d3ca122f367d8092c00e87089b23fffec60e6a4a8b1edc281bd96fbbaf3ff02b77548259d44edc93d7e5af46b0b32ce78f2efd1

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\el.pak

MD5 800026f5d9237f49835886db2c53b295
SHA1 8a957b90218585fefb8c11a7d7fbc1e0dab02cc1
SHA256 b5e5c07f0a8837eee32bdb0954c1bfd5ea48e069a7fb50a97610457bb2d96de8
SHA512 c75df40d4e5be9c56fc3c5d1b6a0c2accf08ff714c62091165ff892655fc8dcfa28f3ce5129adc004b270c04fa3f63188f40320f1f235e90cbc720651b730e3d

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\en-US.pak

MD5 f70ea9666c4b2d503da8e0237c46eca8
SHA1 f150561cbdfefb7327b9824fa3a291c792a44d26
SHA256 2ba506930a8da5c3389d0616ada76630dd7f41d5cb8ee850f2406028f015d3db
SHA512 e8e4b03c6b1e5b7c6ae082e372f903bc78f61fac0c2308e7c716b02ff2f8275eace5f541d7ada90b9fc6d33ede29008fdb3e6994fdcbc736a705244d360eab98

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\es.pak

MD5 7d3755aa3480aa469e6172b451ebd0d4
SHA1 f91b913cd06aac123678ccdaadcbb4f0cca4a5da
SHA256 97ed628a013d27736ab03547e5e68e25392e6b47d5b531d4fa8abbf1544a65c6
SHA512 8613d17f6234ab5cc96cbf870e63a6622994b10ab4d135255131ee57b1757b1abdcf26678b978faf49175db183300cbb09613eabac82c6691179479c1bf1bf4d

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\es-419.pak

MD5 41a4b6343b952185a4fada57ee9fcbc9
SHA1 e2475227c6f62da6f8a1467b2035f89d9741a132
SHA256 803dd9d993d27ee7ada530046f6933dc5eaf35af1e43cb678b1f82e41375c5a2
SHA512 66824110cff65417d12a46ca3d6c42030038dcf1032aa6dc6062323513eb781778851849f84f37dc0225f951be29bc94534a33f74647910bd4ecabe3edfc44c7

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\fa.pak

MD5 4003031412d00fd89eb2700e6be45b66
SHA1 e903cacbbcaeecf37773f1491db4be0c727462f9
SHA256 9915278c25a19420b400f28859c504e3f82fc8d44046d769e586d6b97deb44c0
SHA512 8e72aaa570652d3f95ec5b963a5fb534826c3b32b0ef88627bd099934ec849516bffa43e3e3cd074eefb53f63ae9c1a9fbc9df533da82f62dd099dea63cd10fa

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\et.pak

MD5 03aab03a3d067c79b8ad078af1aff9f6
SHA1 c5e402fa5b148f09895bfdce750033fe8e5c3e35
SHA256 7b301a55543e15c5255db083b7156a5cbb1bd7669c863376651e7c536a0d3c03
SHA512 3fbbf675a1b26e92625f30a245b92c80ab5cccbe3559e4d79bb81b6bde33f796e82e128bbfebfd29b324cb6a0718edaf4fc53be28648366288375fe615079538

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\fi.pak

MD5 1fe6aff5d58a2e9078125a3eba51310d
SHA1 bcd0b0afa94a51281558abe598ecd6916def3600
SHA256 55fcad7f30965e07a749a79d4e304cb8aff79afc367c6870738b8dbe78ae3ced
SHA512 f6dcaa2890347f05096de8f70e0c657b6c4c8bb1e428f3ed4d31c942f214949745afd5216c44a7f5cfa875825dd41c683f1156583646eeb1efab570ea3ae1dfa

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\fil.pak

MD5 3a9fe4cb75cbf95a747e4a98e9a5134b
SHA1 1a39f169d11ee06ef63c028a7708af81926d7918
SHA256 af5917413713e97363a62aef1909cf7a800f031ca68bbf211cb243032a68b461
SHA512 bd2da49b2b6425708206aa4607a1c40c4da68847becf59ed9092ccf16a79f967c58428d2bf7b198bec0441358ef05141a56549572e206355a3bec7ddc088038a

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\fr.pak

MD5 c63cb62bf919064b0b6326a0e598da50
SHA1 b3b09ede4892391fcfe51288e55d9503b8848aa6
SHA256 5b88cebd089e9bca4978cb9df076ed06f97fd5f6d496f6a47ef6d42441726566
SHA512 dd51706d7150367303dba7c99029d5468ecd1d57abdb28c1688b5937700547e14d707440b12f2040b4120cbd0f4c4dec67e99f175761b58c9f14581aa0e0923c

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\gu.pak

MD5 e3074b687e6a6deb35bf1400caffb425
SHA1 5e524e883b510a67e05b1ceb082f3661b5890341
SHA256 b558039d718858f3a15ceaf9c2ba5a89282bc5f6f15ede43a1e552fa458114ff
SHA512 489d922276ee9e7f42ca0d003caefd97e62abdb712d678d1cb8e8c756be707a1d07ce080201c6957b529c2b7a9eba26e7d0a5ffe7251051721ba1e44160f8fb0

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\hr.pak

MD5 b556be50b983d7d62a8f44dcb24efea5
SHA1 6c6840dfdf83a69dde3536e8236358c32b6a8535
SHA256 155a03a996003ae7cf7ba22894b0fa479f0fc6a04578baf6a888ff1b2e8473fd
SHA512 4dbe58000c5fe799be609597078535f321e62210dbfb6ec6e9613dfd569e04b16dc305e5a827c6706acafd250fe5c00eae2f24e9784ec304ff5d0446c194f847

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\hi.pak

MD5 248182b1fe577681f70dda64b046e120
SHA1 3c3f2726be0921121486f5dee10886b74cb37556
SHA256 eef6fc72fe85670200ca23656e69804d9d02d9ef3d0c1ccf7d129d71474ef400
SHA512 86365716669d960fb67e96e0ab903e1412a7c5387349b49cdbf8d0ebcaf118c0d99c93df0f166089f32aae2d0b5f2c2e34734506f6558c9a8819729abf7f55e8

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\he.pak

MD5 3d3d2134b30ef1d443e07250229e2678
SHA1 fba103c120d78c07f3000ac7709d3681688809a1
SHA256 4dad9b698b48ad90553bc3c82ce8faca6e4f8264ec6ac5b9e1bf2cd20f2ecce6
SHA512 c806b7f37d87957904c5f0097fa4951874a115f06392857a482ae50af6b19178acf478296a8859d031a71493960e7b807b6a772fac04bf56f88200d93073872a

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\hu.pak

MD5 10f85e5fede463e2486ed890a561bed5
SHA1 bd0113b5573d79119fbb15d053da17fdfb4e2d50
SHA256 2e6795aac09546926d93180082a3e4ef64b08a18ac513d79493ea8fa168e9cc4
SHA512 cac4858b1ba904d893250028afc8a10bd9ffa99c7301efa0448e316585a2a817db1936edfd325c1d6dbca5fa21af0f0a8f4b8ec0c6506df035d8d582688eaf08

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\id.pak

MD5 e1038c2d0ea1eebfd9e25dae192a868d
SHA1 6be7fe8751880e14ed8322f7d29794a8cdbc7467
SHA256 3134fa4e6e3745d206aaff3d8b4fbc289ca29b687ef1d8f16ff22012efb3dfef
SHA512 5dba90a2850b2851314620be62cff5d593a048338cd984731eb4d6e5e77d806296c6e1746b5a7c08be19beca1695ff418d5cc9e1b84fcf5dfbce5e7953a6bdd4

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\it.pak

MD5 84030ab6437d9279b2e93a4e83ab5d56
SHA1 7cde75bf29eeeb84c6226983130e7fad0442f777
SHA256 6f1cd9d09ec1be6033bcb0c2efba08a961214f1d6d7a9844b88e7d612e7a1860
SHA512 86aefece3ac2862144f997ab3e69b9aed98be5ba5e9941baa02600ef63ca7ab9099b6e083f3263d077e4cc014df308ee8231c0268c06ed846f6c59f6f2e6460c

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\ja.pak

MD5 286a4d7ee7e011a524e8f4c70592d1ff
SHA1 f62452ecbbc5633bca65c6485dbfe9467333c290
SHA256 87831c3227dad088afaf94a2dd03dc66fe14aee7c2e031c7b7798ff4b11b30d7
SHA512 86bc78f53175372dba41be8ac4867f45e2d962eb3dab5798d9a71a22e450f6876d335fe347d07a86621d1560aa0538aa3c2180452f72076983d57d9db48d4c1c

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\ko.pak

MD5 bd258202d84cb6cd398c38eb444d7c13
SHA1 4b03cd62fd99f107dbac2f600130ab070cdd7e64
SHA256 d1e47481b8775c11c7b4b42fd73c7fca614e16950581e892ea739def6cc9dcbb
SHA512 0a0ea62530b9e8486b8d081057174b0bb6211f5ca4e23f1db4ff7316d252f4c1ab09803c33368b1c068045341d35977b1fd8d6b18efd068928b170d7adfe34c1

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\lv.pak

MD5 84509c858c9da5347db91821960af8e8
SHA1 2e4edff02a0e429a9f4a633cbe3877e5ad7bb38f
SHA256 624c7917250b498c2e643421212989b7dfaec944d06a5a0954568f8e9e90b0b2
SHA512 9aecf65282432c8b7bdb327f373b715a48438fd1730bec5d2e27270810b5ec880b98d13e8f4a0586a420a42b700feed50abd844fa7e3d655bf9f723bebeb8365

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\nb.pak

MD5 bd58803d4cd991cc7b562da68428867b
SHA1 fe36b791388d2a1137ab2377b72272fc8dacec82
SHA256 43fbabc2a7b4ab2dddd00fb511aafa241a9905af40409b7c3f54210b6152302f
SHA512 6f546f39fd47f81e73bc1de8e105882c91b56d32d6517ac115401f173c4c7202d8db9de72bd131526ab54feb3aa3745d8550c2f993dac211b14ee99d71d4801f

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\pt-PT.pak

MD5 c21418f325ad1b9d86b7957b41ecbeef
SHA1 27fef99b33f81f53cbb63c326aa386957db177a8
SHA256 98e2b6e8c3e67da3a2069040330461f0a4b6feb05c6d3981d07b748ac191182e
SHA512 55c340510d92b938d2c696ed5c73ee3d54e9d931cc97ac2f425a83e4a25b2ebf48aadd8a06fd24902365da3ca2376f36c5339d8fd4c099aa3da8cd150a8328fb

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\pt-BR.pak

MD5 fc5c376e32878058c7fb3dd691de3338
SHA1 4791055d548d678c76fdbdd50c412273cf935630
SHA256 e2a95144584d124e754f20c743ea91ed31f96d375bd24df8b0df3c411c6e08b9
SHA512 ebd545258e4c4d1448bed9a94c5e0527df06527717b0f19edf83866673705859dcf13c53af8e5151bf50da024128da28f1d697a51ae4fc4293c9d9e55dae3004

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\pl.pak

MD5 1e6a60b03abd6dc4f8c869dbc774b680
SHA1 f3d02e9d34dd05bec55fb69846342282b32ab405
SHA256 cc4775d2d1a1751cd6ee4de5adc7d4a13b079e7b132898595cb2865e0a57c823
SHA512 54c2d9eabc73ca873314336df35e5c38302dcc78da5194b097cf16c0bcf3b64ef4a9bf7230ea7367b23fa9785d1a2b94bbccdaf0f38eb45b3b4226f32be5a2eb

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\ms.pak

MD5 7321194b6267c9cdd0bda30e4203b859
SHA1 86a4f9299ed0ddcf70b44aa65427a752af2dae35
SHA256 47f77f32d6f18d95c15c0e4c04df8ba1a05784c8c671360aaf2db487520ddcf8
SHA512 6a831e9afd3d50c698b1e6ddd18f6ec95bd07bb8d3f4d6cfa9a19b65371a430c5c63adb5276f44d3e9a7c2b4e1502f239ee793ee5035f60f57988685a918c110

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\mr.pak

MD5 69217e4bad9444e0b36b9dec6d13587a
SHA1 21d7c31c656add29346bf61cc5f01b99cac4c24a
SHA256 ec720a494da509c7f6d6581bf83a7194d20a4da8fd260c4cd5590399506fe89a
SHA512 7821f7291cd3fc1fcdd5a92cd189c5238fe2bd0806f58c2e6786b253d4f67924bfa63542511a40d88edc29418fc70db64206edbcaddd5bee0c0978200397123e

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\ml.pak

MD5 3f2d7238334e87c1dd28508ae42ce499
SHA1 f368408c86e61a2fd972876f659247dc4f1a2090
SHA256 c182a95c3b75b2bc5795bba0af6badcb2588ba2d84cd68925e75cf5ffc0168da
SHA512 5f0ac10d7fa2e6fdb0d9f8fded6f055febb1a3926013e28db108f8f8a8ab8c24216329f1d4b0e8bfea6da9220294cccdddfab810e60253455e99d52ae26bfd44

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\nl.pak

MD5 a17f9d1ecc10a7da391a2fa71220e123
SHA1 025d8fc0ee1eba270973fa2ad2f10701bbd708b9
SHA256 bf1b04e7fd896333e4e2ffbc411563d5de30e4c241e3f7e0c60548af1310bc1a
SHA512 47079ecc377e85e907ee779a332fe6dd8e66beb39c94dc0643a8b5baa400b97285b42d727ee32efe88fae26ff59e18671974766e9ed9b744bb7df11a3c5e74b9

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\kn.pak

MD5 3638bfec55b3e6146eaacff7edac9976
SHA1 0aac7b431980d1df51170c2ab5e5e960604364df
SHA256 77b514e529b8aba4da86653bbfae0fdf3fc4eee0d84caf40530a23bfa58d790f
SHA512 477410a6ab9db7b74e82e5de5101fcdc13a42fa8c9a9437419fbebe66cadb9b57d61930a3938b53135d90527419f30bcb5381997cfddc2cc51f65b121b5d5482

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\lt.pak

MD5 82c786051cc71dac807c37fca436a91e
SHA1 7c663b0225b90bfb1dac4cc10f950349c0281b89
SHA256 0050421881174da761b3177082de0862eeb1f20165169eb057ee74fcbdf95eee
SHA512 dc8887aeeb5d2f88f5ff01a2b417c7f8d471ec386adeb848f4af2af32c97152eb9bb50f7c78ee9cc216cf64821f761c2a25367e96eb2064e4ce2d00021c7fa4c

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\ro.pak

MD5 3f570679307286594588bcad66a13f8c
SHA1 dd3d0a1d51ed81e8620b9625ea5d43ad513d58e4
SHA256 f916fe52080eaccab979a8b527596e7196acde3aa90b1f836801d9f7b90df1fd
SHA512 11eac14c5a26810ecfe9130ddf96732dd567f222499ca4c7a5cc363ba4e29683569e9abf37f4fe695553fece3dd9a97c57a84376340f33ac7b463c03f14a3fa8

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\ru.pak

MD5 7cde65967d57746972a785d73223a7f0
SHA1 16bddf07f603fa4281335a9f6c60e543aeefc0de
SHA256 2d4583e3bbe119224a4dbd80ece065a978890d294d0bc1f3948a10c33ea7f06d
SHA512 c4e9a364bb1b36685d03ee7e5f1e847d99fb875151023c7ab2da446ad5d91bb73fe84622cb46da3b544854cda755912262260b445667da1d018f597f52653bf6

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\sk.pak

MD5 097248216acaad35198b979dd2bee4fb
SHA1 d8d51024575138afa55217960a623469a7e65cb4
SHA256 c7609346fc5d8cf34d3f6e6b5fe4366f6eac06731e14e6453b7820f02c21b635
SHA512 777aac33755b874e853f5f2189babd99d0d9408d182e4094f27af26f4d451d8ac3e6efa6892307f90c51df7008394f713d68efd76ef1963b8593c201031b8846

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\sl.pak

MD5 790d7c9113c73b8a0274a1b5a43fd7cb
SHA1 e1ed463fbd33e0731bd0c27acbe6a72841643e23
SHA256 d56f8cc78078bc7904203c078425d7e5ca943509e6ccc87947eb866671e5be7a
SHA512 177903a73763eca159cddd45a7b24b01f8a8867d4edc2befcdfbffc69af8191f6f476b8d6ebe0b0ff330343f005478fd375bb083288635c1849bee01ec12edb9

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\sw.pak

MD5 a76199fc5387610c34c10fe432de8ae6
SHA1 78beef278932682c53755d2ef2ec7bb702920fa5
SHA256 8e37295c46adc0afe92ca7f4a1a2ed52a97e14423d11eb05e8a14b543493195b
SHA512 68990913627bbe34292b65074f24f399c0172282cb6b55a631b2aac1c2b12109135192f8eec22be5e533ebb25a590a69d91caa4c8bf304a2c26e512515610eb2

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\ta.pak

MD5 984e4341b5b8077e4d0c76fdfd14785f
SHA1 2c41c6f0844c8e321120b8bd5808594ca686c03a
SHA256 3683217dba2149b98f418cbe50920561c6dc7d702a85dda98efe8981da669585
SHA512 29823eb9c37d7c26324536a50fc80ee985995be8f0e59b57794c965f3b06b3e8d1fef6253b9afb4c7b8ad89386ebdeceff5920288b8ff7d5a59e626e4c9ea889

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\sv.pak

MD5 bcaa22655669b60765b38521b21da875
SHA1 f34e37dfdb5521ebc332a52baeab8c568722ffc0
SHA256 9ba97cf45ed07f4b8b3304c55bade120fd01f6ef0c2d7685765151c40b2b3acb
SHA512 9e8d7d7d58ee7ef352d850ec14e22f5017c0059c66d7ae7ac7b3ae26a0c5cb7a11b90318e5cf189e2732928f658868fd5e13596369513ae45926e9dc1c0e8ae0

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\sr.pak

MD5 ff5e1f8f679fcf45ace4b095d23841d0
SHA1 dcb7cc4c3afe6a4c9baee3cf7e2c900f530ce3cc
SHA256 b8d0bb2ef02f21acd435e4e969bce77b7b3410263763d2ed76a2fa73120e5e1a
SHA512 fd4940cc1e3106eb73b35ce13a63556e5eae05fe03139dad255472d25d37a223f25fac85e5e45b468383edcb174e3d8bd342574b0a55ddd27bb530a1ca614a2d

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\te.pak

MD5 ca628239fb9568e6badcdb848bf764de
SHA1 c2d6324d2605a9e6186cc7e8dd7e341bd08010eb
SHA256 294f64705018a555ef7d76f82dfd783fd81d2bcd99d521841be0f2d887e4d3b9
SHA512 859d07b604081925f3277d49586af78299313ddda6abe280dcf3f7be4d10a1ac65ab23db61d9babb35850fa48ef27b9aec942b049701cb251bd7c0149dc655f9

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\uk.pak

MD5 42f48e833a462cacf030bb0a0e9f9439
SHA1 31f08d6fec67b2c296ebf2dd2193fb8d4ecaf7f4
SHA256 dee2afb40fa3b7c6788b6d8e3a775953b9b0589a131841ad9b520f580cf92881
SHA512 e24ece15476c9fd77aa84c7139823bce7216fe06e7f8040db94cf46220cbe431dfd634696165950621961bdd045c0365287693b807f54bdfe5f28d56b6365f64

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\zh-CN.pak

MD5 917ab791cb4d24be5f369956cd059e21
SHA1 433a3aeaa06d6066ed55718564f5980e8c6d3ce8
SHA256 331e9240251d1191c599b09230d7ca9f8b11e51e5d94ff8bd63108512c0ddc58
SHA512 969f4662eaec6e3788fcc5823446135657b6816cd2419d8a3839acb07bee629d3c9ef69b2bef48856e16975fe31b7ee5d0d390ce4fd121a700d096348500b2fc

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\vi.pak

MD5 844b68e44ccbaac773f36d442e59a339
SHA1 915354dc412fd0d2a60f99520462720e7796b6c6
SHA256 8b98769b3b97df10ebed4f25a0b115f2e0b059e9adedebb96c444a71e2eadf17
SHA512 2107bf5ee8317c7c7e9b279255df376e53eeba56185071168a8246bfc50aa738329b2886711164eacd877c7f0bc0fda7137f766be03e7fd5d3fc3e93f7df60bf

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\tr.pak

MD5 0b215cb173e45ca6b3c5b117380249c3
SHA1 54713fc7a589a39fa51b0b724e3b79f6af82846c
SHA256 c85fc7d5f699150c5643702e694ba82f94f0e630730441223a214a9d9437242d
SHA512 7a62fdc6e19613192d4d80f7e59aacd8250181f92766603eb92320a1b9391781a7ed4f058094ef5b91aa42cb92a802b37bbcce95ffd67f654d9ff690a513a497

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\th.pak

MD5 3c92d82202b5169d4de9dcee45708772
SHA1 4a7025840bcb20955c655528d23d41c155ba8fc3
SHA256 719d26daf93fb83bd66e97984cc907a55210e0cb0af3a226bec535451d38fdb7
SHA512 94c832de7b33e69ca8606d79ebc6a0b0b37bc61ea5e5be223bd639b9295300a9b1ba2b75860949fa7d452122bdc81f402bb8091035e79d5b2761566432ddeef7

C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\translations\qtwebengine_locales\zh-TW.pak

MD5 ba9709f6d6363aa06a4838ac8344e262
SHA1 3544dd9c7ec8720c3d135b5df32e71f4b1c88983
SHA256 b81e24415243f7470f714379363157f2bd7b2d22e203ec5966878ed4b68140d3
SHA512 9ceb5e9340a3a38507419972754563823f0b3f808b39e17d78d8a18a171231100ed2bc0c677a75da16237219071996702dd7fb8a6a6dec098e69bdad0b3dbf40

C:\Program Files\BlueStacks_nxt\Assets\installer_bg.png

MD5 08d091faf58df0ea8218d7e08140bbeb
SHA1 38ebf2763bd2082635a5971c4302021ecaddc0d1
SHA256 7e5f6998d34d56aeca87f676c12a42c6c4362ae16a753dc567aae00e253b0817
SHA512 5cfede2ea2ade7bbc4b63475af5eb52f78af567fa7096a2ead396056271b8745df4dc6e11e4328151ce59ab74c6c48fd49cd13e30f7f4b86c566757e310fd5e8

C:\ProgramData\BlueStacks_nxt\Client\Assets\menu_help.png

MD5 2e82bd45c7a8b2e216c27a24d42f12a8
SHA1 8ff552358b2d77090a54dad0c12c2757af2ec433
SHA256 e55ef002466578307998045edd5e10577161efd1cf8f1a71768a8046f4c2ee0d
SHA512 d8f44a110bc31d5834b337553baa599c9a127d7335aeddd7e139ba5c7851db006d36ef74d841f10f7fe69e25edffd89a6faea9d3c72eba27bbbade843af440f7

C:\ProgramData\BlueStacks_nxt\Client\Assets\minimize_progress.png

MD5 90d5c0e2977d65b21b430f486114521e
SHA1 cfb48cef2634d4be33210ba54e5b7c5c197530e4
SHA256 aa538477ded33f33e33cb9a21241dacaceaa0c3e5ad8eb1b6830a448262bc998
SHA512 9a3f6690a638a69232335b746a4512ed1c623baa984d87cf4127663c4f85e818a4220564c63b764570e2ade8302989482580af7d9032052335d44b9c98d2d37b

C:\ProgramData\BlueStacks_nxt\Engine\Manager\BstkGlobal.xml.in

MD5 8c11ed64e4cb4e992c891a1685f5e0bd
SHA1 1b125f8aa3f77ab5e23bcf18ff7fd9efa5232bc5
SHA256 4c64d4ad8897d3198cc69c27e54c9ad24aafd70ee2818a4eb3a970f24b7cd535
SHA512 c2eee227704f0940bd46db419e42f15ce0dff3b006753c94005ac4c063fe2a2f0f24833a6674e9bbe570adcb425277a78bbbf398d600017e05357f33661d7c7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 260bcf9fb5b40acb697fcb60d9ee36ec
SHA1 8b0da5c1c041ec062fc8549de60959b3dbe43a85
SHA256 974bfaeea391c21deb0a73e54e749e8c0e4d5340dd0c2229f351aea6e5b3a3e5
SHA512 86db0b5ecbbbf2179774cc3dc4e4bac2cca4113136ef6b202bbe05c5a1a56a9805a97f10e343e02440952ea0c0f456a09f14fdba8f507c8bfa31424d02d6b21a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38bac64cc5e0892ff2a66ea156a8556f
SHA1 a1f95fa5d7f7e7906983cdf8439eb2096f561a3a
SHA256 ea2b054fecb7ed167c5d1735c674479cb72475ac7ec256e5e36eeb2874597795
SHA512 340c5ae4dbf13bfe5d1c348b900ef54cd8b9a64f3119aa56f3f7807c4e6644e1c7f24434ef5e117e74bad42042542ea16750ca0463f3eced8899b19bc3cc023f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83c33a43e36f06ba0b305e101b08456f
SHA1 1702215c18175c5c39cbdadebade9285d275dfdd
SHA256 052d5345628fadd9dc05e032b74538f385e7045facbfe5e8bca3ee48655136e4
SHA512 9992ac6b023670f5a08ae98664957d8a2e9245a9db0323c2531194e0fbe44119481b936d1136c8dc7b4be54478237342ecb5249789076eb5cc87e7de3f8110a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3fc4f80bcb65e167bc384ac1e83d5cac
SHA1 0715314deceb7444fe6ce7413bd9db8864849bda
SHA256 376cd1b09088bf1dc55276bb1351554ff9cfde8b37b425e4bb128e06ba143105
SHA512 e300ea2ada3c0b535a54b62ac2b6cf2119a57ee74ca9bf541e3f53efc5f2ef1f1d58290a4835d4ad9254dad07e3d1d8b8ac0b28765af8942f444c121a013d97d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 126a0a8321c6cf96bdbe7284c99ae194
SHA1 0090fe5d12ff22a10571091c6fabd5bc733fee50
SHA256 2cfdf2f638e50bc0a8b109d6a56a3806b7e5544ce001ded1ca1167e3931cd88f
SHA512 1a356ff46d2e81b2b59c0a1ccf597ccc6c4f60873ad146d85e95f78d4015c45e68563741a7771d221c01d7e3ac4cb78072604564d16ffb7eccd9c6e60d10e643

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfd86157efdd4a9d23dd3208d0576d60
SHA1 1b915c63785aa0825b1ddf36a6f95a73605a12ec
SHA256 60d52bdb6ba3d3c44a256eeb1a4c280006484d6b2f4ec137ac556915e0376873
SHA512 ddb6763774a7a729997de3c7a2a0a5210e553ac053d8966de5b490fd14344bb76cdaf520f691fe6fbf2c652fa9104c8b4e58a8fad20c9b357c2b05020ffc5c7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c3b2ebea56f76f39b89c97ad10de1a4a
SHA1 ec90711d18273325c3b650f51bd7b25366e141c8
SHA256 2eca1e89caa968ed0add7be6af8e55d3a08b9f9830b2b09b3f81b501c9e86661
SHA512 ffb59d0507430f6bbe6719acb58727ad707c047f191e06ec35249905f1f9a73700660fd8f081694d105e7670489be88ed777d00c8607fb177f6e9631bb14b097

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c360ad0eb33d2ae2bad73ca67e69cfc9
SHA1 ed5dc776cd03fe47d72e81524e49172f1872b48a
SHA256 4fb330dbbda6d4fbb8b84a70f505f3a5bcae70cf4c835cf95dcdc3b2c60255ad
SHA512 88894670578af8b5a6663abba8ff2287675ef59806c5f8d5a9d9b3a7fc638422f0f78f2184ecfb9221cd54693d5adb5813ada6176924d0ec648224f9df0b1b40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 59f917d2f0b25f3ea0aa64d923ca3983
SHA1 b23e4719736f60bc19ab79d6bf1766e57ac85c5b
SHA256 668c5392ee0bb4da0106a3f0a3607ccff2de14f769a37252a7a61e7cd65e1837
SHA512 7f9729af5c583cd02887d459457d0495a9be3e06fe9001a2eafc11ef33feabaab204225a1133111bf851a6e3df6471ee9f1ee6f412e244c05db97c5babb23eba