Analysis Overview
SHA256
51200ca054c090a9adb9371cab681a58a11298815cee417ec1f2d9d6eeb5b1f3
Threat Level: Likely malicious
The file BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe was found to be: Likely malicious.
Malicious Activity Summary
Stops running service(s)
A potential corporate email address has been identified in the URL: [email protected]/20241113/auto/storage/goog4_request
Downloads MZ/PE file
Modifies Windows Firewall
Checks computer location settings
Loads dropped DLL
Checks installed software on the system
Drops file in Program Files directory
Launches sc.exe
Executes dropped EXE
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
Reads user/profile data of web browsers
Enumerates physical storage devices
Suspicious behavior: RenamesItself
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Modifies system certificate store
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-13 18:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 18:53
Reported
2024-11-13 18:59
Platform
win10v2004-20241007-en
Max time kernel
389s
Max time network
390s
Command Line
Signatures
Stops running service(s)
A potential corporate email address has been identified in the URL: [email protected]/20241113/auto/storage/goog4_request
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\account\config.json | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\Gallery\next_hover.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\MyGames\pre_enable.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\tr.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Basic\impl\qmldir | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fi.pak | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ro.pak | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\family\arialbd.ttf | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-environment-l1-1-0.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fr.pak | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\imageformats\qicns.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\Qt5Multimedia.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\CloudMode\Icon_CloseTips.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\settings\warning.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\libGLESv2.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\access\libattachment_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libyuy2_i420_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\Qt5WebEngineCore.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\web3_on.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\iconengines\qsvgicon.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libhds_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\agora_rtc_sdk.dll | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\uk.pak | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\boot_logo.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\IconWarning2.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorForward_Disable.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\Search\mini_and.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\web3\logo.png | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\vi.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\codec\libcdg_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libcache_read_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\video_splitter\libwall_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\libEGL.dll | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\www\js\index.js | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libpsychedelic_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\ucrtbase.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\HD-Astcdecoder_AVX1.dll | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\account\to.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\LocalAPK\icon_upload_disabled.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\Search\Result_NoResult.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\codec\libschroedinger_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libcache_block_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ja.pak | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\account\Choose_img4.png | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\banner_default.jpg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarBack.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\Guide\Mask_BG.png | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libskiptags_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\el.pak | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\account\Choose_img3.png | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarRestore.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\Guide\Computer+Keyboard_BG.png | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\Search\GooglePlay.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Setting_hover.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\translations\qt_hu.qm | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\Microsoft.WindowsAPICodePack.dll | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\account\logo.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\CloudMode\Icon_no_downloading.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hi.pak | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\it.pak | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\mr.pak | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
Executes dropped EXE
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Loads dropped DLL
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS473AE999\HD-CheckCpu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\"" | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\ | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\ | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{4606E5DB-7AEA-42F5-99D7-3C338E556225} | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler" | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0" | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe" --cmd checkHypervEnabled
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe" --cmd checkSSE4
C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe
"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe" -s
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c green.bat
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="BlueStacksWeb"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Cloud Game"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -versionMachineID=bae94271-1def-4449-9624-56e60fe82163 -machineID=8ed88036-9c75-4ea6-8b33-7110366caf82 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.610.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled
C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe" -versionMachineID=bae94271-1def-4449-9624-56e60fe82163 -machineID=8ed88036-9c75-4ea6-8b33-7110366caf82 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.610.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled
C:\Users\Admin\AppData\Local\Temp\7zS473AE999\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS473AE999\HD-CheckCpu.exe" --cmd checkHypervEnabled
C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe
"C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe"
C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=4008 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x4ac
C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe
"C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe" -s -defaultImageName="Pie64" -imageToLaunch="Pie64" -skipBinaryShortcuts -appToLaunch="bsx" -parentpath="C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe"
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC641473A\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\" -aoa
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC641473A\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\" -aoa
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-ForceGPU.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 1 2
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 4 2
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 2 2
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 1 1
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 4 1
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 2 1
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe" --cmd checkSSE4
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC641473A\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC641473A\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC641473A\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\ProgramData\Pie64_5.21.610.1003.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\\HD-GLCheck.exe" 2
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\\HD-GLCheck.exe" 3
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\\HD-GLCheck.exe" 1
C:\Windows\SYSTEM32\netsh.exe
"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
C:\Windows\SYSTEM32\netsh.exe
"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes
C:\Windows\SYSTEM32\netsh.exe
"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"
C:\Windows\SYSTEM32\netsh.exe
"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe" --cmd checkSSE3
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"
C:\Windows\system32\sc.exe
sc.exe delete BlueStacksDrv_nxt
C:\Windows\SYSTEM32\reg.exe
"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\vayaax2l.iuz\RegHKLM.txt"
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\vayaax2l.iuz\*"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://now.gg/play/dvloper/4807/granny?source=launcher&utm_medium=bluestacksx&launcher_guid=a6e4c91f-f3dd-440a-b359-a81bec3db952&user_id=&utm_source=now.gg-partner&utm_campaign=BlueStacksXSysBrowser
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x120,0x124,0xf8,0x128,0x7ffcb5df46f8,0x7ffcb5df4708,0x7ffcb5df4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5880 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloud.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.86.160.34.in-addr.arpa | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ak-build.bluestacks.com | udp |
| GB | 2.18.190.82:443 | ak-build.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 82.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| N/A | 127.0.0.1:57511 | tcp | |
| N/A | 127.0.0.1:57520 | tcp | |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:49825 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wallet.now.gg | udp |
| US | 34.96.124.47:443 | wallet.now.gg | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 47.124.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | cloud-api-cdn.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| GB | 2.18.190.82:443 | cloud-api-cdn.bluestacks.com | tcp |
| US | 8.8.8.8:53 | bsxplayer.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | ak-build.bluestacks.com | udp |
| GB | 2.18.190.82:443 | ak-build.bluestacks.com | tcp |
| US | 8.8.8.8:53 | bsxplayer.bluestacks.com | udp |
| GB | 163.181.154.240:443 | bsxplayer.bluestacks.com | tcp |
| GB | 2.18.190.82:443 | ak-build.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | x-api.bluestacks.com | udp |
| GB | 163.181.154.244:443 | x-api.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 240.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bst-launcher-sgp.bluestacks.cn | udp |
| GB | 163.181.154.143:443 | bst-launcher-sgp.bluestacks.cn | tcp |
| US | 8.8.8.8:53 | 244.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloud.bluestacks.com | udp |
| US | 8.8.8.8:53 | cloud-api-cdn.bluestacks.com | udp |
| US | 8.8.8.8:53 | now.gg | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| GB | 2.18.190.78:443 | cloud-api-cdn.bluestacks.com | tcp |
| FR | 18.244.28.21:443 | now.gg | tcp |
| US | 8.8.8.8:53 | 78.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-icon.bluestacks.com | udp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 134.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-bgp.bluestacks.com | udp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 74.190.18.2.in-addr.arpa | udp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| US | 8.8.8.8:53 | cdn.now.gg | udp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| GB | 2.18.190.81:443 | cdn.now.gg | tcp |
| GB | 2.18.190.82:443 | cloud-api-cdn.bluestacks.com | tcp |
| GB | 2.18.190.82:443 | cloud-api-cdn.bluestacks.com | tcp |
| US | 8.8.8.8:53 | cdn-bgp.bluestacks.com | udp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.18.190.78:443 | cloud-api-cdn.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 2.18.190.78:443 | cloud-api-cdn.bluestacks.com | tcp |
| GB | 2.18.190.78:443 | cloud-api-cdn.bluestacks.com | tcp |
| GB | 2.18.190.78:443 | cloud-api-cdn.bluestacks.com | tcp |
| GB | 2.18.190.78:443 | cloud-api-cdn.bluestacks.com | tcp |
| GB | 2.18.190.78:443 | cloud-api-cdn.bluestacks.com | tcp |
| US | 8.8.8.8:53 | cdn-icon.bluestacks.com | udp |
| GB | 2.18.190.74:443 | cdn-bgp.bluestacks.com | tcp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| GB | 2.18.190.78:443 | cloud-api-cdn.bluestacks.com | tcp |
| US | 8.8.8.8:53 | app-page-details-prod.bstkinternal.net | udp |
| US | 34.111.56.14:443 | app-page-details-prod.bstkinternal.net | tcp |
| US | 34.111.56.14:443 | app-page-details-prod.bstkinternal.net | tcp |
| US | 8.8.8.8:53 | 14.56.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-www.bluestacks.com | udp |
| GB | 2.18.190.73:443 | cdn-www.bluestacks.com | tcp |
| GB | 2.18.190.73:443 | cdn-www.bluestacks.com | tcp |
| GB | 2.18.190.73:443 | cdn-www.bluestacks.com | tcp |
| GB | 2.18.190.73:443 | cdn-www.bluestacks.com | tcp |
| GB | 2.18.190.73:443 | cdn-www.bluestacks.com | tcp |
| GB | 2.18.190.73:443 | cdn-www.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| GB | 2.19.252.134:443 | cdn-icon.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| GB | 2.18.190.82:443 | cloud-api-cdn.bluestacks.com | tcp |
| GB | 2.18.190.82:443 | cloud-api-cdn.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 142.250.200.27:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 27.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloud-api-cdn.bluestacks.com | udp |
| GB | 2.18.190.78:443 | cloud-api-cdn.bluestacks.com | tcp |
| US | 8.8.8.8:53 | now.gg | udp |
| FR | 18.244.28.98:443 | now.gg | tcp |
| FR | 18.244.28.98:443 | now.gg | tcp |
| US | 8.8.8.8:53 | 98.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.now.gg | udp |
| GB | 2.18.190.77:443 | cdn.now.gg | tcp |
| GB | 2.18.190.77:443 | cdn.now.gg | tcp |
| US | 8.8.8.8:53 | cdn.debugbear.com | udp |
| US | 35.201.96.38:443 | cdn.debugbear.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.96.201.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | now.us | udp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| FR | 18.245.175.102:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| FR | 18.244.28.98:443 | now.gg | tcp |
| GB | 2.18.190.77:443 | cdn.now.gg | udp |
| US | 8.8.8.8:53 | dn0qt3r0xannq.cloudfront.net | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| FR | 18.245.199.62:443 | dn0qt3r0xannq.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 102.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.88.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.199.245.18.in-addr.arpa | udp |
| GB | 2.18.190.77:443 | cdn.now.gg | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | raven-edge.aditude.io | udp |
| US | 8.8.8.8:53 | edge.aditude.io | udp |
| US | 8.8.8.8:53 | geo-location.prebid.cloud | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | static.kueezrtb.com | udp |
| US | 8.8.8.8:53 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.vidazoo.com | udp |
| US | 104.22.60.119:443 | edge.aditude.io | tcp |
| US | 104.18.167.224:443 | pub.doubleverify.com | tcp |
| US | 104.22.34.123:443 | static.kueezrtb.com | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | tcp |
| FR | 52.222.201.126:443 | geo-location.prebid.cloud | tcp |
| US | 172.64.154.78:443 | static.vidazoo.com | tcp |
| US | 104.22.60.119:443 | edge.aditude.io | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.60.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.167.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.34.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.154.64.172.in-addr.arpa | udp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | track.kueezrtb.com | udp |
| US | 8.8.8.8:53 | gtrack.kueezrtb.com | udp |
| US | 8.8.8.8:53 | raven-static.aditude.io | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| FR | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | u.kueezrtb.com | udp |
| US | 8.8.8.8:53 | otrack.kueezrtb.com | udp |
| DE | 3.68.171.69:443 | api.cmp.inmobi.com | tcp |
| DE | 3.68.171.69:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | production-raven.infra.aditude.cloud | udp |
| FR | 13.32.145.19:443 | production-raven.infra.aditude.cloud | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| FR | 52.84.174.6:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | sync.kueezrtb.com | udp |
| US | 206.189.179.251:443 | sync.kueezrtb.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 104.22.60.119:443 | raven-static.aditude.io | tcp |
| US | 8.8.8.8:53 | 69.171.68.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.174.84.52.in-addr.arpa | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| FR | 18.155.129.34:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | cloud-api.bluestacks.cn | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 47.88.31.190:443 | cloud-api.bluestacks.cn | tcp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 251.179.189.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.175.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.31.88.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 172.64.154.78:443 | static.vidazoo.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| IE | 52.18.153.131:443 | bcp.crwdcntrl.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | wserver.vidazoo.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 104.248.60.169:443 | wserver.vidazoo.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.153.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.60.248.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bis5.vidazoo.com | udp |
| US | 192.241.132.52:443 | bis5.vidazoo.com | tcp |
| US | 8.8.8.8:53 | 52.132.241.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | event-ingestor.judy.pnap.aditude.cloud | udp |
| US | 131.153.232.245:443 | event-ingestor.judy.pnap.aditude.cloud | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 245.232.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | now.gg | udp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.170:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.193:443 | ag.gbc.criteo.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.39.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\change_hover.png
| MD5 | 57092634754fc26e5515e3ed5ca7d461 |
| SHA1 | 3ae4d01db9d6bba535f5292298502193dfc02710 |
| SHA256 | 8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1 |
| SHA512 | 553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a |
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe
| MD5 | d1dee55868a587c7ee830bd075a512da |
| SHA1 | eab3072e29989e9722cd8de11506086b96242a16 |
| SHA256 | 5dc821b5a227a4c606b050dad2fdad0d4ed3b9d9168a5c57e2959b4d3503ed03 |
| SHA512 | 47e2cd0088512222af67c124d2ffb410dd0a349477b0e2617d6e37b0f03b74f464d8b63841fe952053747ee7cf6ded4b10795f85c761af110f2ccec01b78d919 |
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe.config
| MD5 | 1b456d88546e29f4f007cd0bf1025703 |
| SHA1 | e5c444fcfe5baf2ef71c1813afc3f2c1100cab86 |
| SHA256 | d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb |
| SHA512 | c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6 |
memory/968-125-0x00007FFC9DCD3000-0x00007FFC9DCD5000-memory.dmp
memory/968-126-0x0000000000490000-0x0000000000530000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\JSON.dll
| MD5 | f5fd966e29f5c359f78cb61a571d1be4 |
| SHA1 | a55e7ed593b4bc7a77586da0f1223cfd9d51a233 |
| SHA256 | d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156 |
| SHA512 | d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be |
memory/968-128-0x00000000026B0000-0x0000000002718000-memory.dmp
memory/968-129-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Locales\i18n.en-US.txt
| MD5 | a1e3293265a273080e68501ffdb9c2fc |
| SHA1 | add264c4a560ce5803ca7b19263f8cd3ed6f68f0 |
| SHA256 | 1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f |
| SHA512 | cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece |
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe
| MD5 | 81234fd9895897b8d1f5e6772a1b38d0 |
| SHA1 | 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3 |
| SHA256 | 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c |
| SHA512 | 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16 |
memory/968-134-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\loader.png
| MD5 | 03903fd42ed2ee3cb014f0f3b410bcb4 |
| SHA1 | 762a95240607fe8a304867a46bc2d677f494f5c2 |
| SHA256 | 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1 |
| SHA512 | 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857 |
memory/968-137-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp
memory/968-138-0x000000001DFF0000-0x000000001E518000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\ThemeFile
| MD5 | c3e6bab4f92ee40b9453821136878993 |
| SHA1 | 94493a6b3dfb3135e5775b7d3be227659856fbc4 |
| SHA256 | de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6 |
| SHA512 | a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895 |
memory/968-140-0x0000000021520000-0x0000000021558000-memory.dmp
memory/968-141-0x000000001D5A0000-0x000000001D5AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\installer_minimize.png
| MD5 | 38b539a1e4229738e5c196eedb4eb225 |
| SHA1 | f027b08dce77c47aaed75a28a2fce218ff8c936c |
| SHA256 | a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2 |
| SHA512 | 2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc |
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\installer_logo.png
| MD5 | e33432b5d6dafb8b58f161cf38b8f177 |
| SHA1 | d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a |
| SHA256 | 9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183 |
| SHA512 | 520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf |
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\close_red.png
| MD5 | 93216b2f9d66d423b3e1311c0573332d |
| SHA1 | 5efaebec5f20f91f164f80d1e36f98c9ddaff805 |
| SHA256 | d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb |
| SHA512 | 922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32 |
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\setpath.png
| MD5 | b2e7f40179744c74fded932e829cb12a |
| SHA1 | a0059ab8158a497d2cf583a292b13f87326ec3f0 |
| SHA256 | 5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b |
| SHA512 | b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c |
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\custom.png
| MD5 | 03b17f0b1c067826b0fcc6746cced2cb |
| SHA1 | e07e4434e10df4d6c81b55fceb6eca2281362477 |
| SHA256 | fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b |
| SHA512 | 67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2 |
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\backicon.png
| MD5 | 7ff5dc8270b5fa7ef6c4a1420bd67a7f |
| SHA1 | b224300372feaa97d882ca2552b227c0f2ef4e3e |
| SHA256 | fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1 |
| SHA512 | f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef |
memory/968-150-0x0000000021840000-0x0000000021848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\installer_bg.jpg
| MD5 | 3478e24ba1dd52c80a0ff0d43828b6b5 |
| SHA1 | b5b13bbf3fb645efb81d3562296599e76a2abac0 |
| SHA256 | 4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904 |
| SHA512 | 5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d |
memory/968-152-0x00007FFC9DCD3000-0x00007FFC9DCD5000-memory.dmp
memory/968-153-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp
memory/968-154-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsk11BF.tmp\nsDui.dll
| MD5 | 10b2fc53844ca93a9a585d3f08909357 |
| SHA1 | fa6e6cf6b55e393dd100e007dbe075a2450dd67b |
| SHA256 | 70104dc76b166a2cc3981c80352f0ee4b7fa8bb6180d1d06df5103aa968abba9 |
| SHA512 | 64c5e5f87fe60c93d3f4c65e4700acc7191587c754b7e25e24f328be745fd09f61761b64b2ee7fc43717caee510389c783c452281ebd1a204c030d10d9280f65 |
C:\Users\Admin\AppData\Local\Temp\nsk11BF.tmp\BgWorker.dll
| MD5 | 36c81676ada53ceb99e06693108d8cce |
| SHA1 | d31fa4aebd584238b3edc4768dd5414494610889 |
| SHA256 | a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38 |
| SHA512 | 1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c |
C:\Users\Admin\AppData\Local\Temp\nsk11BF.tmp\nsDialogs.dll
| MD5 | f7b92b78f1a00a872c8a38f40afa7d65 |
| SHA1 | 872522498f69ad49270190c74cf3af28862057f2 |
| SHA256 | 2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e |
| SHA512 | 3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79 |
C:\Users\Admin\AppData\Local\Temp\nsk11BF.tmp\nsis7z.dll
| MD5 | 95f6f6ab9509bc366ab9215defe4251a |
| SHA1 | e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b |
| SHA256 | a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50 |
| SHA512 | a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc |
C:\Users\Admin\AppData\Local\Temp\nsk11BF.tmp\System.dll
| MD5 | 959ea64598b9a3e494c00e8fa793be7e |
| SHA1 | 40f284a3b92c2f04b1038def79579d4b3d066ee0 |
| SHA256 | 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b |
| SHA512 | 5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64 |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg
| MD5 | dfddf8d0788988c3e48fcbfb2a76cd20 |
| SHA1 | 463bb61f0012289e860c32f1885a3a8f57467f2e |
| SHA256 | 9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d |
| SHA512 | e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg
| MD5 | 3221ac69d7facd8aa90ffa15aea991b0 |
| SHA1 | e0571f30f4708ec78addc726a743679ca0f05e45 |
| SHA256 | 92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537 |
| SHA512 | 5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328 |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg
| MD5 | 76166804e6ce35e8a0c92917b8abc071 |
| SHA1 | 8bd38726a11a9633ac937b9c6f205ce5d36348b0 |
| SHA256 | 1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90 |
| SHA512 | 93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005 |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg
| MD5 | e7fdf6a9c8cae1fc1108dc5a803a1905 |
| SHA1 | 2853f9ff5e63685ebb1449dcf693176b17e4ab60 |
| SHA256 | 8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e |
| SHA512 | a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9 |
C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe
| MD5 | 44ecaffec2c9fb702574e2bac050fa62 |
| SHA1 | 75f95fb73fd5b6d18d907f47031b24edf5208c84 |
| SHA256 | ac9cfa3f2290ae4c80bf42fd929cc9d46c45441adab51f79041510b3a2f26e29 |
| SHA512 | facb2b07128518518240ded1b114b1698230204c60f9d81aa05700abed487950ab55f1b7b0b895f8951d310408ddd16b4194bb6ac79d18558673516c339f9eb7 |
C:\Users\Admin\AppData\Local\Temp\7zS473AE999\Assets\exit_close.png
| MD5 | 26eb04b9e0105a7b121ea9c6601bbf2a |
| SHA1 | efc08370d90c8173df8d8c4b122d2bb64c07ccd8 |
| SHA256 | 7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157 |
| SHA512 | 9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68 |
C:\Users\Admin\AppData\Local\Temp\7zS473AE999\Assets\minimize_progress.png
| MD5 | 1504b80f2a6f2d3fefc305da54a2a6c2 |
| SHA1 | 432a9d89ebc2f693836d3c2f0743ea5d2077848d |
| SHA256 | 2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6 |
| SHA512 | 675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94 |
memory/968-9036-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp
memory/4244-9079-0x0000000000400000-0x000000000045D000-memory.dmp
C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt
| MD5 | e093c9772ef7c1ad8862b4230ac48700 |
| SHA1 | 145d5bce1eaa40d8f68213f5e2a4a6ccd4706601 |
| SHA256 | 28cfa7c94be9ffbf199f5616882cd67a449e0a3401a069c8c2bb7542bc6c7fc1 |
| SHA512 | d6a491120d9ecfc2e87e1d929a5fdb2c2843237e214afd05dfaf2d8a55c3e2abf5dbe27cceb8c8fcb8f0cf9247b33ac282b8b967232a1c49d014f1e40db3e560 |
C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt
| MD5 | f25c89560be3b15d94d7b1ce5fed1a9e |
| SHA1 | 4b3dddbe68da1d7d55dd6ba2bd0a2803a22d7fa2 |
| SHA256 | e8430fdb0f683223c0cf409402b065c32892b6d4c36625d07ead9b9053e26ec1 |
| SHA512 | 79bcc036aff086007ffdfb3ca29f2830dcee1d40ec6452e1dab6a8a5100d8252143a5362b8f11871c0f34949c2f2f9044a18fcc9df2fb8aca17ec4ad81dbc8ce |
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/1480-19142-0x00000000658A0000-0x00000000658BD000-memory.dmp
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00001e
| MD5 | 72b50e1a0d8eeb7107be5b44275b694b |
| SHA1 | a56c08e0d4f9ae21001fab3484e8534f0d2a6532 |
| SHA256 | f756b47760f5affb9fcd83fa5fb2fe2df0ee97b0773d899463cf4021ffa7ed21 |
| SHA512 | 49479165bcbfb776eafaced6981fa899e5529c68e402d8d40c59f443b1531f4f1a396c711db049fc1dc83b2ff18eacb2b2be429a003c1ebb3d27941ad6dfc434 |
C:\Users\Admin\AppData\Local\BlueStacks X\Banner\https___cdn.now.gg_apps-content_com.dvloper.granny_videos_desktop_granny.mp4
| MD5 | 3b5f01640a4c163f51140a1a1ad9f193 |
| SHA1 | 1082d024373b28c5826f41918b601777d9354d45 |
| SHA256 | eeceb0e6669be72646b0e9110530b0e817c5b6a8e19b1a7ad6e460f4d14a9c76 |
| SHA512 | 7f6f94620cfe95c17325620947c3ce9d738d4512c1d07ec34e72bdd0fd54ab31f9c24f9c9c182e366c62effdbb6651d8181651cfc77f472cbc35ac79b16331c5 |
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity
| MD5 | 52fd499fb3fa103526164b4d61e9d1a8 |
| SHA1 | 4f010e674215a5549fdde181c31cdb705e2447a1 |
| SHA256 | 5c1e35e4be8aaa2cae6c028d8656d06feaf168ad593a6ce8e316c47016c0c475 |
| SHA512 | 8abf6210c386e917df01c808aa243d53455951202d6070577b5bf3c220134b20d3b9d2d8d3ef65a1438fe938e6ab4bc6afa9047210f172460bc950a58a8b3701 |
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity~RFe59c4dd.TMP
| MD5 | c830b011a34f5648ac98c4958188e632 |
| SHA1 | 3fe74494cc4eba79a8c3493c9b45094ad9637409 |
| SHA256 | 455fbd3d80b7197a7ef7e7c7a2c462102b3271c9a6c08961e587407d560cbb7a |
| SHA512 | 58c73411fa2073a24bad8798e4fc0891a99ee4e56b3dcfcb605be75fa6ebcad56ecb87a43025e488bff3ccd6c3f95a9627c25a3509ae60bfd7053c45c35b394f |
C:\Users\Admin\AppData\Local\BlueStacks X\cache\icons\com.dvloper.granny
| MD5 | 4de3be853b204fcd118fcfb4573e27d1 |
| SHA1 | 255501783f7a0f544fcd32ba4979da1c438e3cc0 |
| SHA256 | 2d69c8f09d8ccd9179548744b79558f7a5bd202f8f60678c34823257fc777472 |
| SHA512 | 4aa4d7ff5a53fae94ecb0f1b0ddb9fde0b48a326b12b2a0eabf437df2f9f9cb49f9851fae91577bb97227c275a8f19c6290d772110078243d1b596516855b38a |
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State
| MD5 | afa72e0013a71edf262871eb1e47693e |
| SHA1 | 4fbc96b0902a0d62341f7a2d841a0a5c2b0fba6c |
| SHA256 | 84c5e02dbfa937439b00d9c652f8720d9b3b7db45be5b26035c81509e8247792 |
| SHA512 | d724fd1c4bd6b3298015a6df7466d7170f039b8b87da4ebc8a5d33eccca9c1c28faf945f3963b9fac2c1a86bc6d724cb8034eb0ff406c67d5d6ca85fc401d756 |
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State~RFe5a5342.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\exit_close_hover.png
| MD5 | 92c2bf222d6ab81fe7a0c072bf31c107 |
| SHA1 | 8853eb08a2aa3e99fae6dabb9cff6461704f2a2e |
| SHA256 | bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709 |
| SHA512 | 6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\error_icon_72.png
| MD5 | 4aaf83d2b3fd56ad806708e60474df39 |
| SHA1 | 144777a265879b69fadea3eb3ac6939458918578 |
| SHA256 | 84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f |
| SHA512 | 3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\error_icon.png
| MD5 | dab2c4538a83422b5deae0e0de9b7a30 |
| SHA1 | 78c2ab2271aa4020df1e0289bc3c1ba9a43fd424 |
| SHA256 | 666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89 |
| SHA512 | 24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\custom_hover.png
| MD5 | f3e05f142e742e25a98d4f5af3ae0623 |
| SHA1 | 88363e81ddef700803f4859d2f3f0b4af516bbf3 |
| SHA256 | d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424 |
| SHA512 | 5f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\custom_click.png
| MD5 | ced07c9db242115400e159d9a02bb7b7 |
| SHA1 | 6f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77 |
| SHA256 | 1318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90 |
| SHA512 | d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\close_red_hover.png
| MD5 | 5ceab43aa527bc146f9453a1586ddf03 |
| SHA1 | 88ffb3cadccb54d4be3aabf31cf4d64210b5f553 |
| SHA256 | 7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0 |
| SHA512 | 8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\close_red_click.png
| MD5 | 6db7460b73a6641c7621d0a6203a0a90 |
| SHA1 | d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3 |
| SHA256 | d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd |
| SHA512 | a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\checked_gray_hover.png
| MD5 | ea22933e94c7ab813b639627f2b38286 |
| SHA1 | c5358c5cb7fb1a0744c775f8148c2376928fb509 |
| SHA256 | d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20 |
| SHA512 | ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\checked_gray.png
| MD5 | ce144d2aab3bf213af693d4e18f87a59 |
| SHA1 | df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa |
| SHA256 | d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3 |
| SHA512 | 0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\unchecked_gray_hover.png
| MD5 | 62d7f14c26608f8392537d68f43dece1 |
| SHA1 | add4f30e7c3af4f7622e6bc55d960db612f3bb0a |
| SHA256 | a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d |
| SHA512 | e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\setpath_hover.png
| MD5 | b1e53a76b6ddb3ecff52bfc1a8e5b09d |
| SHA1 | 012b5879e879fa25bf48e4bb62c35ee829eea571 |
| SHA256 | 2da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0 |
| SHA512 | 4369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\setpath_click.png
| MD5 | 624e84e9b49bc150043aa9fb0eed2822 |
| SHA1 | f23f2a4ec609e3e9cff9319533e561968ccabb22 |
| SHA256 | c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1 |
| SHA512 | 288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\powered_by_bs.png
| MD5 | 7a2e5c21140aa8269c2aafd207f5dbaa |
| SHA1 | 4e0d9e7e1b09e67eba10100d73dc51623517821e |
| SHA256 | 3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35 |
| SHA512 | 63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\minimize_progress_hover.png
| MD5 | fc2a0361a751177d3aacdba9c31b2682 |
| SHA1 | 0a8f672d7a8777d1106e3b8ee36bd6e45bd322ab |
| SHA256 | 1a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd |
| SHA512 | a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\link.png
| MD5 | ae2c73ee43d722c327c7fb6fdbee905c |
| SHA1 | 96f238bf53ac80f5b7a9ad6ef2531e8e3f274628 |
| SHA256 | 28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf |
| SHA512 | 5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\installer_upgrade_image_bg.jpg
| MD5 | 3bb85d2c8cef28c89a2d07adf931e955 |
| SHA1 | 596d13e7742455afce8a534382b28cfd2f6aa185 |
| SHA256 | b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b |
| SHA512 | 7075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\installer_minimize_hover.png
| MD5 | 18fb6465b029206477d0222e8da6fdf9 |
| SHA1 | b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b |
| SHA256 | 57aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d |
| SHA512 | f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\installer_minimize_click.png
| MD5 | 08fc39a69fa17e0f529915919cea1633 |
| SHA1 | 2966a3f739698e2ce368585fb7f6ac4eae4497b1 |
| SHA256 | 2599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95 |
| SHA512 | f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\unchecked_gray.png
| MD5 | e50df2a0768f7fc4c3fe8d784564fea3 |
| SHA1 | d1fc4db50fe8e534019eb7ce70a61fd4c954621a |
| SHA256 | 671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396 |
| SHA512 | c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.ar-IL.txt
| MD5 | 9fb07e066cc2f213a64d35a97a8c2922 |
| SHA1 | a70db989f5c562bc69caad89a1402c8ad7c9b80e |
| SHA256 | 65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90 |
| SHA512 | 81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.ar-EG.txt
| MD5 | 7dc7a16b5e42818c9249db888ca17075 |
| SHA1 | 42f6b065b90017078fca7161cc4c26ae530dfbdd |
| SHA256 | e696f4f231acef534d62ec9d99a3f4fc7b74a1c1deb3f9bbbeb4e94194bd9747 |
| SHA512 | f2706e0bb348a691d3cdc9d05ff4f71979804628547a41386aab068b008fe4933b8689500b5e45abf6afa6b6f1db3024ade2846659b2664b37b724fac5416a74 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.de-DE.txt
| MD5 | defbcf66edf5e18b0b13c8062fdfeff8 |
| SHA1 | 8c807de19b131831b72325455f1bcc3ead0a09cb |
| SHA256 | a9d87275086fd2d700d588f45c3121eb6a75c64a2e6c4a8714a61032403cdb03 |
| SHA512 | a30e142679e942932d82fb8179a9f8ca2cd5882577de64e8e4c38eb84c99e359235346c35b6237133159288261b0f6e9032dc6b14f512e2a431f093187e1447a |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.es-ES.txt
| MD5 | 412ce0feb5a656c908775da52043c31d |
| SHA1 | 54a35431dc77d66fde2c828f10372142926b4c47 |
| SHA256 | 7db48c44d717c50011a2fe2d8f5eb0214c817c7eef5bf1f656feb70270a53458 |
| SHA512 | 2209d911c91d21ceb44a8e9375fefa9b5ea55cb800f49f709a7baaa56d52a94f5711fce850d880394f6ae78d23d0e3f1a5727514b970f940d0b670e2e978a997 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.ja-JP.txt
| MD5 | cb5797745966bfbded96d28cf53e2f93 |
| SHA1 | 1cdc380338f076c608a4143cb685e4cab2bee916 |
| SHA256 | 25fbeecfbeec0b2a8ad45f8b7da31c4eb6fdbe413f46e75f40cd22d874c8f7c3 |
| SHA512 | f42ef0a3566f02a4487daf50725c186a0cd8c03850c569eb0cf4134ad2c2004135730ff8f672207bf12837980fe722c4581bb0c6c1eea5dcc9014da5719901b7 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.ko-KR.txt
| MD5 | 299768cf839ca0926344233731549181 |
| SHA1 | 773aa661c5bbc1a92a41b2f02e59bf1d78b4b142 |
| SHA256 | 883cf4af6b2124bb70f51d683c7a1f4b3cecccc4ea61163b8c4ea967155ea839 |
| SHA512 | 0de4317aa9139b415d4d10aba7f64cbfe39f0417e2d19dd8e69ada7d0915a81f71be242caebf5e019a2638d6d0457c042493c80ea0d24c2dd43c18bfe76dd2c2 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.it-IT.txt
| MD5 | 444e991f12d84ad04baf6c8eeccc7a9d |
| SHA1 | f4bec5e01161d6f5cc9107f2cba325cc9b0ef325 |
| SHA256 | 4b1f6e0fbc834a783ab8230e678bfd1506ae6c18b0ac0a5bef1d8344b5b2531f |
| SHA512 | ff61397322d86f36a225e9be7444c643e2760a556311c97b230583b0b2788208d11f723e500c3d291d55d076b5cb0a52d92b50a8b1fdfe348fd61341b915f855 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.pt-BR.txt
| MD5 | f7ec10775c6fa5d5ab49531ec7910ed4 |
| SHA1 | 9d3b8f8474328725097de234a961b32b2e1dc9ba |
| SHA256 | 909f5b1bbfd2cc1779dda1bf4f481c1d6ae1e1af3d9902c1518a535962860668 |
| SHA512 | d7d8ea4c15d54d9e4a2b75e4962ac9b81a316d23803c64c8925ffe6348b200fe21d445c6a0b0bd1a5b0a7e413bd5f5ad8935ee15cc56485886a5f4b29e51963b |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.pl-PL.txt
| MD5 | c61810a689ad52145f3b644b3e4b01e9 |
| SHA1 | ee7f7229aeea4a0ec6e18805b69d0ff928afbf87 |
| SHA256 | c5cdf3696ccd6e3e600483836c81b290e5270984fd7ca12becafedea42cd64e4 |
| SHA512 | 79dcf55c6ac864764fa4c614667053c99cd37f408b2b573ce18077fd09ba70877b3cbbd1f57b680ba6e9b5ed5a4d257f11d12c67a0b56dc9a099bf2584e0c393 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.id-ID.txt
| MD5 | 08c0671314dc5408b6becb80cc5f1c74 |
| SHA1 | 415734d91ab34bba578acbfae85d5976090777c8 |
| SHA256 | 74d906f8e58094fad1006b44298a42fa1253e6b78634de5e53853e6f60869d79 |
| SHA512 | 1c35bef1a3918f2f2f4d996188490086c3fbf44ad8b7337c2f5a0007a7e5a4efea418b77faad118ae74659f96770c324a8a0f02b4e50d6605f823abab0558098 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.fr-FR.txt
| MD5 | 2625613573f48fa7eaa813d7fc16b63c |
| SHA1 | a57a1cd71dbf2dbabe8bc873839adb2005f54c7b |
| SHA256 | 08062a8ae430d89af04c9d090506dd6e380490387eb2909f356a47c01540b271 |
| SHA512 | 8a443771fbea7708479412c5d6c336e5e74745e097118712fbecc279277ecc2ff693ddc8e576f91c6b61ff658d7a576cd37c5b084d5116bc9606434fbfc4222b |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.ru-RU.txt
| MD5 | a7748f70870a0f2cf2e5804d05f433fb |
| SHA1 | ee74469bbfa6e5d04043dae2a2cdec1a777c5b28 |
| SHA256 | f74bceefe2a7e7d39650128096f9b97aca5e929fa67e451bfa8238d7b90cea34 |
| SHA512 | 122025652c05ba9336b339db79b925b781862a635cdb0c8d5db0adacfeb6e0e43ef85c283d417f119d8622640d0ed15cdc6d915749ee3cc1a4f89b062ae71075 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.th-TH.txt
| MD5 | bfb84603722e804e4697a52285b867b2 |
| SHA1 | 5840e5e93319f981dc0f6df4c7d7be23547f6655 |
| SHA256 | 98f156d8184c10d504189eab0077aeac8687e1d6714d0bb228704d660e01446d |
| SHA512 | e26cc6ab7087a252471cd6233e3baa9d9a66c0a7a0b3703987b31ff4f91f89d00854d8d970f3090b2d90155d5eb5f724a096badddbc6a4dca7dd1a53fad6ffd5 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.tr-TR.txt
| MD5 | 2ddee14b7986e234a208189d650a2e4d |
| SHA1 | ab60bc9393258e556c7ac20a8d68f632ad44ea6d |
| SHA256 | fd9c690e597fc7d8b3bbcba7e39816087c424227f89bf3107da7d16d444fb3dd |
| SHA512 | 116d06a37e836d4f48b59aa9cf4164e1ba4abc081e62adfc6f3c8d112f46b57c060381dd2fc361fb83a162ab12f915408df193bdac405490e3014bc0effecc9c |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.zh-TW.txt
| MD5 | 3ab7d825111b89950d8ca4b3da1c00c1 |
| SHA1 | cdf4ec4344598ca9593665465497d370a35aa178 |
| SHA256 | dd286cac4e14fe69877e4c2f35eab8352de125f7dc757f47e4fc8329572460ce |
| SHA512 | ac0c2dfc6a963a88657304c83d9f00cdadb5735f208571e72d43c410d767ff6c2cd05c4fcfeb5d4c7f8882e079608e8eeee8b1aea1e2cb6442f78cafaa8ffd09 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.zh-CN.txt
| MD5 | 1eee99faa98b0385fd8077acdf53e81e |
| SHA1 | 3191f6c03d6fd3b4db1944e3e7b3a8b85ef20dde |
| SHA256 | 7d245f9271426eb08f976a83e8b229e9a830f51674e47b6bfc2181716ec0ecf5 |
| SHA512 | d2c116c7c56d7fd6154c2ab856adccba5848ba1fe1ce5ae38fd740e388cae77f095feaf90d4161527a4b3c99c129374156f85033c18f3293defde33f78708691 |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.vi-VN.txt
| MD5 | 2ffe813470cfedf7384207e61dabf1df |
| SHA1 | 1673c446a89a41afff299acd0f74b4df65cc29c1 |
| SHA256 | e666975aa6894c7d5230eb44a6ee85564cac7a51188ed05b77059beb60545ac1 |
| SHA512 | 3288001e68c5533ae092460d7bcb20ca42c37c04fbdfd412c1046ba41f0582ca3a135f136303125f680165c401536b9bacf6d6435e10ec1477d7f9b45942c34c |
C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe
| MD5 | 3dc4cc51d67fb0ee1e0f87ec24a62709 |
| SHA1 | 9678e6d5828930f67e0d9f65430749217e0ffd95 |
| SHA256 | 780ec6bdaf88878686ef457fb784c436f118bff277a670efc42df2678288ac9c |
| SHA512 | d01e544e166e969caa3af691a4f9572dfc392ea34e10e09355f4e7a966b9c6f1bc2460b5b129495edb17ad59b90cbda710e10579e949c098d604b7bf72d19baf |
memory/7108-19534-0x0000000000B00000-0x0000000000B28000-memory.dmp
memory/7108-19535-0x000000001B6B0000-0x000000001B796000-memory.dmp
memory/5700-19536-0x0000000000D50000-0x0000000000DA6000-memory.dmp
memory/5700-19537-0x000000001B920000-0x000000001B9A0000-memory.dmp
C:\Program Files\BlueStacks_nxt\7zr.exe
| MD5 | fbaba140f30a11e5ff4f97d921de6d45 |
| SHA1 | d12360b79d9fe7ddc5380a22539dc7d4768ff5f3 |
| SHA256 | 4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16 |
| SHA512 | cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5 |
C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config
| MD5 | ca0a329097316832e4a6ea5d870c9268 |
| SHA1 | 4a36b93361d3dc9df9b00313f2c2b394be9e1e72 |
| SHA256 | 4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2 |
| SHA512 | 51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271 |
C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe
| MD5 | 13c2caed112b4c78229ac158db0ee768 |
| SHA1 | 893e99ca57af1f4f99bc70a6e7f83eeaebf603f2 |
| SHA256 | 355b138140647c1ae5875595c5ef19d3573bc089d9c86d502908083cf19634dd |
| SHA512 | 6ced67cd26240c62c0d0afec77eb73bc0e01f5487f8d992c2cc94060f7c9b0d147cac122a4ef5e50a4fc44918c291d0e222c447337bf49fc2f20fb7da90ff676 |
C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe
| MD5 | 1fae50b83498bfde8ce8b036c62b233f |
| SHA1 | 1476d035c4974d16912e5c594351a93b5b47cb01 |
| SHA256 | dd3306c3126a1c0cbf01c96bdc0efe98355b1541edaf1bea5f3b4bcce26bb629 |
| SHA512 | facc74460b942d6f36bd1355b55dff5c61d7e3809ad8870b49daa52ae50dd46abf2f54f8f20fc9db04d487c01dc378b21403bbaa921527ddf4d2f62a2e48ae85 |
C:\Program Files\BlueStacks_nxt\ProductLogo.ico
| MD5 | 169706218f98a42594a8c5c5a65771fe |
| SHA1 | b8ded94180212578d86a031eb71ef93dcffe1a26 |
| SHA256 | 3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697 |
| SHA512 | 1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448 |
C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png
| MD5 | b09525b48c0023f893d6b64d06add4b1 |
| SHA1 | 10ecd439ea04e02eefe17f6c110d0c0a78a1db21 |
| SHA256 | caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e |
| SHA512 | c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f |
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png
| MD5 | 47ff3e4cc15b8c4a07e3ceb6cb619b62 |
| SHA1 | 0318e54c613b8ff00f54d843e90ef88310c1a96f |
| SHA256 | 4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a |
| SHA512 | 0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e |
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png
| MD5 | 22efccf38e15df945962ac85ac3aa3b7 |
| SHA1 | b94a8615dc92982e1637680446896080f97c2564 |
| SHA256 | 0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92 |
| SHA512 | 41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee |
C:\Users\Admin\AppData\Local\Temp\vayaax2l.iuz\BlueStacks-Installer_5.21.610.1003.log
| MD5 | afb129bd0c904f57cf3f38de3f39863b |
| SHA1 | 1b6b1efdedcf65acab437fe5b5c1c945566d6b3b |
| SHA256 | 7420f6e3328a8d83cf4372137f4cccfecc03cefc8b870163a293429206a7e73a |
| SHA512 | 640d3ceeedbe12105da7d6fa8fff3c59fb30c8dd764dd4fae91890638d60666a6f40fcba9dadcfc294bbec7b903932c3661e5de424cc6d438b02b85e8feec194 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9450868e4dc4d97247c08f233438ba4d |
| SHA1 | 76a57ba2dd5837de2b1d90def961e8f3d7610639 |
| SHA256 | f76fe5de4a607eaed1c1743800bb39c2c95a9034ce51316caf402c0482634e61 |
| SHA512 | 868092586a08ef31028dc7f205747c21d71ee7c74d3dc46c946ba9b234b2256d9678d49c248c0340afca238d615bed3ff8184f14f5f1827387d76cabe95cd918 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt
| MD5 | d022774f6f7ae9820f900a5f96a485be |
| SHA1 | 1dc8e035f23a4f52f6d51d8d817fba08e06440e9 |
| SHA256 | 56fd55446d6ba3f30053d371c5e3987850d8cf2c87c56f48fdafb331a92b6af1 |
| SHA512 | 65109856879235e9717521a9381422c09093c77f0ec5174fd2ffb024e302153cc7eb92a248a0d712dbdf54ce66a105ae7b6c899927bbe946b49561b60eada68f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt~RFe5b3044.TMP
| MD5 | ff7069bb8ca2a8e88efcef6b1aa0a525 |
| SHA1 | e6d45fb48bdd8e3ff1d53d62ec4b5aa7763fe18f |
| SHA256 | 95840a31e46add8986ab6bd1899c727e7c27794de8baffacb68bb901b1e2d943 |
| SHA512 | fff4dd706261d2dcec2744fc21cf936b691cc02cc2f2511ee5c2f91bfe31018fd94e13f40b68f1c008530de81c3936604f8345393feaa9b8cba7c43341f6111c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt
| MD5 | bc8f11139ccccc3c03f236851da0f82d |
| SHA1 | 2298682aa0ad3125777842ce16b08ef5815e7bc2 |
| SHA256 | d50a552f51e3fd9a3410579027d2bc14a52082dfeb52b3267263a9471101ff8b |
| SHA512 | 2a93b6d05ed2e4a08c4cc69621c84286292b4930f3b66f1c91f5c12dcd9eb5f07b80b19f46144ffd91e6f79db37237e974eddac89bac705812f33c01d886dc24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 283b2f20ad476c0f9bb1c3bcc7d49829 |
| SHA1 | 709d6837d2fa735a0aa04bee3bc619e73466b234 |
| SHA256 | e66ff776e6d9a20f1054ff85c36891551b3f81c9d2864eb5c14c007b3fb2fa14 |
| SHA512 | c344cb83725ecd611fdc558b6c585727d844f44eeec87ec87b4d44647398734c76ca14d58d934ec1cb2a18e9c5093e0bb8909a439361edf6666de82b8dad0edb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 387fcb3e92d9844183f43af1a3ab8d3a |
| SHA1 | e921b4a4d36259c4cef32863b835cc3b0a2b719e |
| SHA256 | 9af7b8c5b503d7308dcff2efb9624b8f12862a4d9ead3b29deacfe52d3bacb5f |
| SHA512 | 4129fe46bd8fa8ab8f620d25242615cc88e683275384949771a267c83712c6c62c2fcf2e0de4c7df60120574a24354a2c829bd8e8f8680686a162f0637d1aca2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 85f66bd46a155acb6cbdc4adab81fe3c |
| SHA1 | ec1953ce22ecb11312b1d4ba1e11d5063591c905 |
| SHA256 | 100b8b4fc0c6cb1d151747925be6b98d0d24373d187b8537e6e5dda4f240a115 |
| SHA512 | c981a8978a579328368ba0416f85682207023e9f5537db9e9d65528217160017b9f90f43cebe4b670c9e5d91bd135626e4396f7ddd33b0d0bd0a739a1608fbdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 69d9edfe2b6273ea6caaed8a2cbf576b |
| SHA1 | c2f58e702899b6870c0cd3c8ae9fee25c9099c24 |
| SHA256 | b179ec4c922b5d961d2451130f5b0204c3b0175a2d2adfa855ccec8697f9d387 |
| SHA512 | b423316b1c4c169fb38e36eb34c795b8520c97e33f91aed7ad548e317c06c0cf032aa2781172f6c475b05ceaf15ce250a6409222f35700fa17836e92b191cae3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b78e6.TMP
| MD5 | c5247ca93ed30b8466b25d6f9de80896 |
| SHA1 | d624d1c935919828c0b7147d1dff8fe221b3624c |
| SHA256 | 325063ed0864742d3774d027c3709b67e21ab21081182e11c2754dac56924b9c |
| SHA512 | 3a6710528cd018287cb6a2bb13e6a8701bc2cb0b36b3174f8ce2627fa1c2d197c385ec2a0832b0a397fbdcf9268a53eaf147d724c8b3aea8ad7a6a19779e434b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f55450f388cbad8118e970d978c5b065 |
| SHA1 | 3909623d91a05023e5fb68623ff1a924c5aa51c7 |
| SHA256 | 8a41152f19bd3980c08546b492666c28279d5183927efb2ed153643da3f773b3 |
| SHA512 | e6a153c3b8c519fbd89efbef4c46434c8911839700c21ceab965ca85a18d7d85542b9b43c767132b66c273791b4c72638b3c2f66662f84b36fb6b6ae2478312c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 64e883c0faaa7f625c3e7df0995030a7 |
| SHA1 | 725be19fd12606ebddc79c790bff03341dcc2e5d |
| SHA256 | 0f79133a0f1a6704f1cb6c2bb4a760c16508a90ad1d6940243a09b6c69ac9122 |
| SHA512 | 7df26bdd5c580576db4647091d24423ae6b02aea1ecdcfceba2ef78233759868a04b2454e79f6f9867f1bc8663dd2b15d0448c0cc9daf4e666863c74d72020c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b7be3.TMP
| MD5 | b290a332c9af0a6afcbefc876d743da3 |
| SHA1 | 4a953e4334e1313d8ebea0fd74c0ce290ccbac7c |
| SHA256 | 9b9b11aaf420b80694194dae112526b52116df2d48891f8c6a0d12170bb72bc3 |
| SHA512 | 6b2ff7746df8a2692c69137496336bb4e5620623196f372483f0ba4aae2b75df1c602db361fab573096947c5fd2ec3a8328d54cbc1aa403d3a6d20fe8af979bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 22eac8c823432189c6365c8c64306dc5 |
| SHA1 | c2355577b14f19088d7c751f12980514bda225dd |
| SHA256 | ec5c0531801fdf0a79a9cd9c4393fc4445f947cc0603fdda3e02f3a638fefa8f |
| SHA512 | adc8bee8a40b7c59f6a3c7440191f590841a411e688f7315d923c750379caa7fdddbbfdbeb9152e61d242420c5369685e50784604c7f346c48cedfd2f96ab94f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\a970801d-52bd-4b19-930f-6a915408ebfa\index-dir\the-real-index~RFe5b8a0c.TMP
| MD5 | fd00bce571f882634e666e644f8574b2 |
| SHA1 | fc79db932ad83018f84d5bc3b7e22e2282b439fe |
| SHA256 | 6f2f6f36905040bc241054c8ad8d62a9a92061607fbb7b91961a3d880377ba67 |
| SHA512 | 7334b8cc58d2342116a67105f1b63e3017e12e96032aed8f0a793a788d5b24ea889f546a305864fd66457313fc6d03050bc02fe3502add622d90eacc4b0cf30a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\a970801d-52bd-4b19-930f-6a915408ebfa\index-dir\the-real-index
| MD5 | c8059f87c15c65f0f4386d1dc274baa3 |
| SHA1 | 90ccf42978a2be07d84b43bb6f68fa8039648b5a |
| SHA256 | 680047a486d57ae5b1c4cb78c98601ef9873bde2c013886619ce4ca33929cb1e |
| SHA512 | c022c4f8cc331bc8293fa26f83962a2094ba95ec5986caf4c712b7202a5edabaf8d02d3e1f795a3df094c34a24f1bb33b8f352edbf01b30a57126e0739c0a261 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\66dbe089-e20f-48ef-996b-74ae3f3020e1\index-dir\the-real-index
| MD5 | f3e0f87eefd867aec7beb2e7b6500207 |
| SHA1 | 6114b3173d7d7a5d2a8fa326120ab5446fdc24aa |
| SHA256 | 66380d6052249f872677e546b50e25e4d3525c9e0c625e9b958fec28181f1d5f |
| SHA512 | 6ed537a4aa2a182c6674ca1bfe0a8c995394d224607b9e83aff211ec18d2adbb0a9a922e5a92959418a584802a2913974fcd78b5425a8eb8e99925c37a168678 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\66dbe089-e20f-48ef-996b-74ae3f3020e1\index-dir\the-real-index~RFe5b8b64.TMP
| MD5 | 5d6a6612a9a2b638e873b7a08d22e693 |
| SHA1 | 0b6658a43889b258d6001f4795e9a99f93023418 |
| SHA256 | 84be89f269c2fa980bfeef07bf63ac6348510b51c7aae621e719e1aed88239aa |
| SHA512 | 5a501bb41fa966bfecac03b467fe6ab49863f557ae772e084fcbd29deba69c70e9db26c6455531f64ef9ac5100d623daa8683a8824543c5debe4c0eaea2d47af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\a3935f12-356e-4757-b6c3-0a6911681773\index-dir\the-real-index~RFe5b8c3f.TMP
| MD5 | 6b4b2cf1abd009a9401bf95a881ba77e |
| SHA1 | 7786d83657abae9562b47bd2190a747d8d5ea331 |
| SHA256 | ceaa4cfb494a35b81f911251419a8b4d6916ee205efa42f641c86446cd329667 |
| SHA512 | 4fad09448c744e6fcf28a263ceaa4f1067fdf1660bf5469931e6ac0a1a0fae3e9d2ca4cf8690aa7796ba07979059040cfddbb710834a308ccdd3ebf0eeb17740 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\a3935f12-356e-4757-b6c3-0a6911681773\index-dir\the-real-index
| MD5 | b75bdd2d9d8d384365b1124b0a0de038 |
| SHA1 | d6f05c0cb1f7f25c0a3bf88692e8cf57c0c7b2b8 |
| SHA256 | 2abd58fb68e0f7b0e69155f521e085a3726649ab8e9116747e7ea7f4ed0f481a |
| SHA512 | 5c729a7d128771c4f90fa94efbdddebb04eef807928adde7e5ef83b398fb8a6b8a34733e603174c3d08501c3a252b10110f413a76cd9f9e9608a15aae10022e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt
| MD5 | bf17a4d5f1c9597c5fe7bacf43812caa |
| SHA1 | e7acecbb026b22c0f1ca767d5097515a69bf9aaf |
| SHA256 | da78ce7109aabac0fab39704d30296a68a63ac33a2403829867e235148632ce0 |
| SHA512 | 23a9f5442efbf2200266b9050df3ba77b51dbe03ee42cf1c4e34af824bb50651207f595f9b6742c2c5f53beb8ee4d2c48bad714dd4616397857f65ebdccb3ca4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 50e8a0bf08882265e990da01d124f551 |
| SHA1 | da790f9747a6ea4d178ebd968ce359e0fd864b75 |
| SHA256 | dcddd5028a4d5c7c73bd890c77a58a1bf0174394fbfa3967d52512576f113fab |
| SHA512 | c9e2f9fe37e138392d88eb1f69c7bcbdb60888d35a7fa31eae4ef810fe67a815ef6334d14c95c9747704f6567ef4daba359664e13d84f60fece31b41b16209f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 759bb064edbe28d71e4c46cf5465152f |
| SHA1 | b75dd42651c5f712efefa5fa9010e36c0f95a730 |
| SHA256 | 7578b3ec047b16ab8882a728d32b73e2da48b681b0c23836f5091f122c7cd7d7 |
| SHA512 | 219b80193525740ff492bc557f779a75d7c960eb026564a61ad53f66ee2923a29cfbdb9b9b53132bc2750b3e59fdf884a82b93395333f7f62978933046c8dec3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ba8f507dbb57b6305091fb6c1b612719 |
| SHA1 | 770bd0c6be22c45ad00699d197033794f2ed9c47 |
| SHA256 | c8083d42542a1ee20e081ffa6e23eef3516c7b6ebdaab898deda844769dbb1f8 |
| SHA512 | 76fdef2e49ac0b900a61d11dd2940adc694661a210468e588fc66495cfec8fe84d3942ef0d52b48cdf665403b9c1eedabadd10bb7585d56f39aa8b949c86ee1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | deb789fbb39ad62904bf223c85fdef27 |
| SHA1 | ca3e5252364c4834cfde3a42a1482f1e3a24707a |
| SHA256 | 21b108987fd1897a1381fa787a0b7476d30ddf93410e2caa9d994b05ca9ebc11 |
| SHA512 | ffa880dd8b29fe50f5912abb01e5d23653cd52728a3b0cabba1ba110b7e29b32e8f9b7a0dfc6c3456df2f530a37fa88134342f34a6b64b77ff2c1eb9d2021081 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fe839b9b31b8a55fafed433f4081e827 |
| SHA1 | bfbc743b550715a0b665f8b240efd30b260a643e |
| SHA256 | 3bb5e5cd4aa58525399eb9b52d2bdcd13dbbd60ec7b0feab8edaf019defe46d8 |
| SHA512 | 00a909e4efaa7ac7c3b9f2e95ab0baa8d9f34a2caf90706cba48035116e0707ca9bc2186c58554a335f9c701460646b40bb16691ebe6cbcba6e55a0be2bef67d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9db5994-2cc7-4c31-a1ad-1cb1f775ed3f.tmp
| MD5 | 535d229a5ccd0301dee3274791a3d737 |
| SHA1 | ebffd16cd7ba9d6574551ed1577488dad939a120 |
| SHA256 | af3189d4f35fdba677024ce75605185d896757f6a4790280630e67080b82afca |
| SHA512 | d88d69c2b4ee51d47632adf3a1c1b8c08d43193b1ecbdf91c2eb9c3ab132aff7fb26f05969d0298d77cda6d9a4ce725815e7e4495ec0dddb81227ba010bf07e9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 18:53
Reported
2024-11-13 18:55
Platform
win11-20241007-en
Max time kernel
104s
Max time network
106s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"
C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe" --cmd checkHypervEnabled
C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe" --cmd checkSSE4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cloud.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 181.86.160.34.in-addr.arpa | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\change_hover.png
| MD5 | 57092634754fc26e5515e3ed5ca7d461 |
| SHA1 | 3ae4d01db9d6bba535f5292298502193dfc02710 |
| SHA256 | 8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1 |
| SHA512 | 553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a |
C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe
| MD5 | d1dee55868a587c7ee830bd075a512da |
| SHA1 | eab3072e29989e9722cd8de11506086b96242a16 |
| SHA256 | 5dc821b5a227a4c606b050dad2fdad0d4ed3b9d9168a5c57e2959b4d3503ed03 |
| SHA512 | 47e2cd0088512222af67c124d2ffb410dd0a349477b0e2617d6e37b0f03b74f464d8b63841fe952053747ee7cf6ded4b10795f85c761af110f2ccec01b78d919 |
C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe.config
| MD5 | 1b456d88546e29f4f007cd0bf1025703 |
| SHA1 | e5c444fcfe5baf2ef71c1813afc3f2c1100cab86 |
| SHA256 | d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb |
| SHA512 | c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6 |
memory/3248-124-0x00007FFF4BCD3000-0x00007FFF4BCD5000-memory.dmp
memory/3248-126-0x0000000000960000-0x0000000000A00000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS43024087\JSON.dll
| MD5 | f5fd966e29f5c359f78cb61a571d1be4 |
| SHA1 | a55e7ed593b4bc7a77586da0f1223cfd9d51a233 |
| SHA256 | d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156 |
| SHA512 | d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be |
memory/3248-128-0x00000000013F0000-0x0000000001458000-memory.dmp
memory/3248-129-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS43024087\Locales\i18n.en-US.txt
| MD5 | a1e3293265a273080e68501ffdb9c2fc |
| SHA1 | add264c4a560ce5803ca7b19263f8cd3ed6f68f0 |
| SHA256 | 1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f |
| SHA512 | cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece |
C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe
| MD5 | 81234fd9895897b8d1f5e6772a1b38d0 |
| SHA1 | 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3 |
| SHA256 | 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c |
| SHA512 | 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16 |
C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\loader.png
| MD5 | 03903fd42ed2ee3cb014f0f3b410bcb4 |
| SHA1 | 762a95240607fe8a304867a46bc2d677f494f5c2 |
| SHA256 | 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1 |
| SHA512 | 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857 |
memory/3248-136-0x000000001CCB0000-0x000000001D1D8000-memory.dmp
memory/3248-135-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS43024087\ThemeFile
| MD5 | c3e6bab4f92ee40b9453821136878993 |
| SHA1 | 94493a6b3dfb3135e5775b7d3be227659856fbc4 |
| SHA256 | de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6 |
| SHA512 | a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895 |
memory/3248-138-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp
memory/3248-141-0x000000001CC00000-0x000000001CC0E000-memory.dmp
memory/3248-140-0x000000001CC30000-0x000000001CC68000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\installer_minimize.png
| MD5 | 38b539a1e4229738e5c196eedb4eb225 |
| SHA1 | f027b08dce77c47aaed75a28a2fce218ff8c936c |
| SHA256 | a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2 |
| SHA512 | 2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc |
C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\close_red.png
| MD5 | 93216b2f9d66d423b3e1311c0573332d |
| SHA1 | 5efaebec5f20f91f164f80d1e36f98c9ddaff805 |
| SHA256 | d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb |
| SHA512 | 922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32 |
C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\installer_logo.png
| MD5 | e33432b5d6dafb8b58f161cf38b8f177 |
| SHA1 | d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a |
| SHA256 | 9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183 |
| SHA512 | 520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf |
C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\setpath.png
| MD5 | b2e7f40179744c74fded932e829cb12a |
| SHA1 | a0059ab8158a497d2cf583a292b13f87326ec3f0 |
| SHA256 | 5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b |
| SHA512 | b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c |
C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\backicon.png
| MD5 | 7ff5dc8270b5fa7ef6c4a1420bd67a7f |
| SHA1 | b224300372feaa97d882ca2552b227c0f2ef4e3e |
| SHA256 | fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1 |
| SHA512 | f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef |
C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\custom.png
| MD5 | 03b17f0b1c067826b0fcc6746cced2cb |
| SHA1 | e07e4434e10df4d6c81b55fceb6eca2281362477 |
| SHA256 | fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b |
| SHA512 | 67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2 |
memory/3248-150-0x000000001B5F0000-0x000000001B5F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\installer_bg.jpg
| MD5 | 3478e24ba1dd52c80a0ff0d43828b6b5 |
| SHA1 | b5b13bbf3fb645efb81d3562296599e76a2abac0 |
| SHA256 | 4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904 |
| SHA512 | 5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d |
memory/3248-152-0x00007FFF4BCD3000-0x00007FFF4BCD5000-memory.dmp
memory/3248-153-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp
memory/3248-154-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp
memory/3248-155-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp