Malware Analysis Report

2024-12-07 03:01

Sample ID 241113-xjlq1axdqe
Target BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
SHA256 51200ca054c090a9adb9371cab681a58a11298815cee417ec1f2d9d6eeb5b1f3
Tags
discovery evasion execution persistence phishing privilege_escalation spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

51200ca054c090a9adb9371cab681a58a11298815cee417ec1f2d9d6eeb5b1f3

Threat Level: Likely malicious

The file BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution persistence phishing privilege_escalation spyware stealer

Stops running service(s)

A potential corporate email address has been identified in the URL: [email protected]/20241113/auto/storage/goog4_request

Downloads MZ/PE file

Modifies Windows Firewall

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Launches sc.exe

Executes dropped EXE

Browser Information Discovery

Event Triggered Execution: Netsh Helper DLL

System Location Discovery: System Language Discovery

Reads user/profile data of web browsers

Enumerates physical storage devices

Suspicious behavior: RenamesItself

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

Modifies system certificate store

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 18:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 18:53

Reported

2024-11-13 18:59

Platform

win10v2004-20241007-en

Max time kernel

389s

Max time network

390s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"

Signatures

Stops running service(s)

evasion execution

A potential corporate email address has been identified in the URL: [email protected]/20241113/auto/storage/goog4_request

phishing

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\BlueStacks X\image\account\config.json C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\Gallery\next_hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\MyGames\pre_enable.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\tr.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Basic\impl\qmldir C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fi.pak C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ro.pak C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\family\arialbd.ttf C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-environment-l1-1-0.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fr.pak C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\imageformats\qicns.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\Qt5Multimedia.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\CloudMode\Icon_CloseTips.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\settings\warning.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\libGLESv2.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\access\libattachment_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libyuy2_i420_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\Qt5WebEngineCore.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\web3_on.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\iconengines\qsvgicon.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libhds_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\agora_rtc_sdk.dll C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\uk.pak C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\boot_logo.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\IconWarning2.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorForward_Disable.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\Search\mini_and.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\web3\logo.png C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\vi.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\codec\libcdg_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libcache_read_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\video_splitter\libwall_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\libEGL.dll C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\www\js\index.js C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libpsychedelic_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\ucrtbase.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\HD-Astcdecoder_AVX1.dll C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\account\to.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\LocalAPK\icon_upload_disabled.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\Search\Result_NoResult.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\codec\libschroedinger_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libcache_block_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ja.pak C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\account\Choose_img4.png C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\banner_default.jpg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarBack.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\Guide\Mask_BG.png C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libskiptags_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\el.pak C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\account\Choose_img3.png C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarRestore.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\Guide\Computer+Keyboard_BG.png C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\Search\GooglePlay.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Setting_hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qt_hu.qm C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Microsoft.WindowsAPICodePack.dll C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\account\logo.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\CloudMode\Icon_no_downloading.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hi.pak C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\it.pak C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\mr.pak C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\HD-CheckCpu.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-ForceGPU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS473AE999\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\"" C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\ C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\ C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{4606E5DB-7AEA-42F5-99D7-3C338E556225} C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler" C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0" C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4244 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe
PID 4244 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe
PID 968 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe
PID 968 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe
PID 968 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe
PID 968 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe
PID 968 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe
PID 968 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe
PID 968 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe
PID 968 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe
PID 968 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe
PID 3016 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe C:\Windows\SysWOW64\WScript.exe
PID 3016 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe C:\Windows\SysWOW64\WScript.exe
PID 3016 wrote to memory of 6944 N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe C:\Windows\SysWOW64\WScript.exe
PID 6944 wrote to memory of 6924 N/A C:\Windows\SysWOW64\WScript.exe C:\Windows\SysWOW64\cmd.exe
PID 6944 wrote to memory of 6924 N/A C:\Windows\SysWOW64\WScript.exe C:\Windows\SysWOW64\cmd.exe
PID 6944 wrote to memory of 6924 N/A C:\Windows\SysWOW64\WScript.exe C:\Windows\SysWOW64\cmd.exe
PID 6924 wrote to memory of 8692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 8692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 8692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 8748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 8748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 8748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 8876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 8876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 8876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 6684 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 6684 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 6924 wrote to memory of 6684 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 968 wrote to memory of 9076 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
PID 968 wrote to memory of 9076 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
PID 968 wrote to memory of 9076 N/A C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
PID 9076 wrote to memory of 6448 N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe
PID 9076 wrote to memory of 6448 N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe
PID 6448 wrote to memory of 6268 N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS473AE999\HD-CheckCpu.exe
PID 6448 wrote to memory of 6268 N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS473AE999\HD-CheckCpu.exe
PID 6448 wrote to memory of 6268 N/A C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS473AE999\HD-CheckCpu.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
PID 1480 wrote to memory of 5356 N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe

Processes

C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe" --cmd checkHypervEnabled

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe

"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.610.1003_nxt.exe" -s

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c green.bat

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="BlueStacksWeb"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Cloud Game"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"

C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -versionMachineID=bae94271-1def-4449-9624-56e60fe82163 -machineID=8ed88036-9c75-4ea6-8b33-7110366caf82 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.610.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled

C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS473AE999\BlueStacksInstaller.exe" -versionMachineID=bae94271-1def-4449-9624-56e60fe82163 -machineID=8ed88036-9c75-4ea6-8b33-7110366caf82 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.610.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled

C:\Users\Admin\AppData\Local\Temp\7zS473AE999\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS473AE999\HD-CheckCpu.exe" --cmd checkHypervEnabled

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

"C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe"

C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe

BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=4008 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4b4 0x4ac

C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe

"C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\BlueStacksInstaller.exe" -s -defaultImageName="Pie64" -imageToLaunch="Pie64" -skipBinaryShortcuts -appToLaunch="bsx" -parentpath="C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.610.1003_amd64_native.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC641473A\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC641473A\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-ForceGPU.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 1 2

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 4 2

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 2 2

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 1 1

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 4 1

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe" 2 1

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC641473A\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC641473A\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC641473A\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" x "C:\ProgramData\Pie64_5.21.610.1003.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\\HD-GLCheck.exe" 2

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\\HD-GLCheck.exe" 3

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\\HD-GLCheck.exe" 1

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\HD-CheckCpu.exe" --cmd checkSSE3

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"

C:\Windows\system32\sc.exe

sc.exe delete BlueStacksDrv_nxt

C:\Windows\SYSTEM32\reg.exe

"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\vayaax2l.iuz\RegHKLM.txt"

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC641473A\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\vayaax2l.iuz\*"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://now.gg/play/dvloper/4807/granny?source=launcher&utm_medium=bluestacksx&launcher_guid=a6e4c91f-f3dd-440a-b359-a81bec3db952&user_id=&utm_source=now.gg-partner&utm_campaign=BlueStacksXSysBrowser

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x120,0x124,0xf8,0x128,0x7ffcb5df46f8,0x7ffcb5df4708,0x7ffcb5df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14700206159286414680,4442854950488551998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5880 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 181.86.160.34.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 ak-build.bluestacks.com udp
GB 2.18.190.82:443 ak-build.bluestacks.com tcp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
N/A 127.0.0.1:57511 tcp
N/A 127.0.0.1:57520 tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
N/A 127.0.0.1:49825 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 wallet.now.gg udp
US 34.96.124.47:443 wallet.now.gg tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 47.124.96.34.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 cloud-api-cdn.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 2.18.190.82:443 cloud-api-cdn.bluestacks.com tcp
US 8.8.8.8:53 bsxplayer.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 ak-build.bluestacks.com udp
GB 2.18.190.82:443 ak-build.bluestacks.com tcp
US 8.8.8.8:53 bsxplayer.bluestacks.com udp
GB 163.181.154.240:443 bsxplayer.bluestacks.com tcp
GB 2.18.190.82:443 ak-build.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 x-api.bluestacks.com udp
GB 163.181.154.244:443 x-api.bluestacks.com tcp
US 8.8.8.8:53 240.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 bst-launcher-sgp.bluestacks.cn udp
GB 163.181.154.143:443 bst-launcher-sgp.bluestacks.cn tcp
US 8.8.8.8:53 244.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 143.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 8.8.8.8:53 cloud-api-cdn.bluestacks.com udp
US 8.8.8.8:53 now.gg udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 2.18.190.78:443 cloud-api-cdn.bluestacks.com tcp
FR 18.244.28.21:443 now.gg tcp
US 8.8.8.8:53 78.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 21.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 cdn-icon.bluestacks.com udp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 cdn-bgp.bluestacks.com udp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
US 8.8.8.8:53 74.190.18.2.in-addr.arpa udp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
US 8.8.8.8:53 cdn.now.gg udp
GB 2.18.190.81:443 cdn.now.gg tcp
GB 2.18.190.81:443 cdn.now.gg tcp
GB 2.18.190.81:443 cdn.now.gg tcp
GB 2.18.190.81:443 cdn.now.gg tcp
GB 2.18.190.81:443 cdn.now.gg tcp
GB 2.18.190.81:443 cdn.now.gg tcp
GB 2.18.190.81:443 cdn.now.gg tcp
GB 2.18.190.81:443 cdn.now.gg tcp
GB 2.18.190.81:443 cdn.now.gg tcp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
GB 2.18.190.81:443 cdn.now.gg tcp
GB 2.18.190.81:443 cdn.now.gg tcp
GB 2.18.190.82:443 cloud-api-cdn.bluestacks.com tcp
GB 2.18.190.82:443 cloud-api-cdn.bluestacks.com tcp
US 8.8.8.8:53 cdn-bgp.bluestacks.com udp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.18.190.78:443 cloud-api-cdn.bluestacks.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 2.18.190.78:443 cloud-api-cdn.bluestacks.com tcp
GB 2.18.190.78:443 cloud-api-cdn.bluestacks.com tcp
GB 2.18.190.78:443 cloud-api-cdn.bluestacks.com tcp
GB 2.18.190.78:443 cloud-api-cdn.bluestacks.com tcp
GB 2.18.190.78:443 cloud-api-cdn.bluestacks.com tcp
US 8.8.8.8:53 cdn-icon.bluestacks.com udp
GB 2.18.190.74:443 cdn-bgp.bluestacks.com tcp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
GB 2.18.190.78:443 cloud-api-cdn.bluestacks.com tcp
US 8.8.8.8:53 app-page-details-prod.bstkinternal.net udp
US 34.111.56.14:443 app-page-details-prod.bstkinternal.net tcp
US 34.111.56.14:443 app-page-details-prod.bstkinternal.net tcp
US 8.8.8.8:53 14.56.111.34.in-addr.arpa udp
US 8.8.8.8:53 cdn-www.bluestacks.com udp
GB 2.18.190.73:443 cdn-www.bluestacks.com tcp
GB 2.18.190.73:443 cdn-www.bluestacks.com tcp
GB 2.18.190.73:443 cdn-www.bluestacks.com tcp
GB 2.18.190.73:443 cdn-www.bluestacks.com tcp
GB 2.18.190.73:443 cdn-www.bluestacks.com tcp
GB 2.18.190.73:443 cdn-www.bluestacks.com tcp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
GB 2.19.252.134:443 cdn-icon.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 2.18.190.82:443 cloud-api-cdn.bluestacks.com tcp
GB 2.18.190.82:443 cloud-api-cdn.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.200.27:443 storage.googleapis.com tcp
US 8.8.8.8:53 27.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 cloud-api-cdn.bluestacks.com udp
GB 2.18.190.78:443 cloud-api-cdn.bluestacks.com tcp
US 8.8.8.8:53 now.gg udp
FR 18.244.28.98:443 now.gg tcp
FR 18.244.28.98:443 now.gg tcp
US 8.8.8.8:53 98.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 cdn.now.gg udp
GB 2.18.190.77:443 cdn.now.gg tcp
GB 2.18.190.77:443 cdn.now.gg tcp
US 8.8.8.8:53 cdn.debugbear.com udp
US 35.201.96.38:443 cdn.debugbear.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 38.96.201.35.in-addr.arpa udp
US 8.8.8.8:53 now.us udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 cmp.inmobi.com udp
FR 18.245.175.102:443 cmp.inmobi.com tcp
US 8.8.8.8:53 sessions.bugsnag.com udp
US 35.190.88.7:443 sessions.bugsnag.com tcp
US 35.190.88.7:443 sessions.bugsnag.com tcp
FR 18.244.28.98:443 now.gg tcp
GB 2.18.190.77:443 cdn.now.gg udp
US 8.8.8.8:53 dn0qt3r0xannq.cloudfront.net udp
US 35.190.88.7:443 sessions.bugsnag.com udp
FR 18.245.199.62:443 dn0qt3r0xannq.cloudfront.net tcp
US 8.8.8.8:53 102.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 7.88.190.35.in-addr.arpa udp
US 8.8.8.8:53 62.199.245.18.in-addr.arpa udp
GB 2.18.190.77:443 cdn.now.gg udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 raven-edge.aditude.io udp
US 8.8.8.8:53 edge.aditude.io udp
US 8.8.8.8:53 geo-location.prebid.cloud udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 static.kueezrtb.com udp
US 8.8.8.8:53 pub.doubleverify.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 static.vidazoo.com udp
US 104.22.60.119:443 edge.aditude.io tcp
US 104.18.167.224:443 pub.doubleverify.com tcp
US 104.22.34.123:443 static.kueezrtb.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net tcp
FR 52.222.201.126:443 geo-location.prebid.cloud tcp
US 172.64.154.78:443 static.vidazoo.com tcp
US 104.22.60.119:443 edge.aditude.io tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 119.60.22.104.in-addr.arpa udp
US 8.8.8.8:53 224.167.18.104.in-addr.arpa udp
US 8.8.8.8:53 123.34.22.104.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 126.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 78.154.64.172.in-addr.arpa udp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 track.kueezrtb.com udp
US 8.8.8.8:53 gtrack.kueezrtb.com udp
US 8.8.8.8:53 raven-static.aditude.io udp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
N/A 224.0.0.251:5353 udp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
US 8.8.8.8:53 u.kueezrtb.com udp
US 8.8.8.8:53 otrack.kueezrtb.com udp
DE 3.68.171.69:443 api.cmp.inmobi.com tcp
DE 3.68.171.69:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 production-raven.infra.aditude.cloud udp
FR 13.32.145.19:443 production-raven.infra.aditude.cloud tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
FR 52.84.174.6:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 sync.kueezrtb.com udp
US 206.189.179.251:443 sync.kueezrtb.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 104.22.60.119:443 raven-static.aditude.io tcp
US 8.8.8.8:53 69.171.68.3.in-addr.arpa udp
US 8.8.8.8:53 19.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 6.174.84.52.in-addr.arpa udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
FR 18.155.129.34:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 cloud-api.bluestacks.cn udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 47.88.31.190:443 cloud-api.bluestacks.cn tcp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 251.179.189.206.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 34.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 90.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 190.31.88.47.in-addr.arpa udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 172.64.154.78:443 static.vidazoo.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
IE 52.18.153.131:443 bcp.crwdcntrl.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 wserver.vidazoo.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 104.248.60.169:443 wserver.vidazoo.com tcp
US 8.8.8.8:53 dnacdn.net udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 131.153.18.52.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.60.248.104.in-addr.arpa udp
US 8.8.8.8:53 84.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 bis5.vidazoo.com udp
US 192.241.132.52:443 bis5.vidazoo.com tcp
US 8.8.8.8:53 52.132.241.192.in-addr.arpa udp
US 8.8.8.8:53 event-ingestor.judy.pnap.aditude.cloud udp
US 131.153.232.245:443 event-ingestor.judy.pnap.aditude.cloud tcp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:53 245.232.153.131.in-addr.arpa udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 static.criteo.net udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 oajs.openx.net udp
US 35.244.193.51:443 lexicon.33across.com udp
US 8.8.8.8:53 esp.rtbhouse.com udp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 now.gg udp
US 35.190.39.111:443 esp.rtbhouse.com tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.170:443 gem.gbc.criteo.com tcp
NL 185.235.87.193:443 ag.gbc.criteo.com tcp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 111.39.190.35.in-addr.arpa udp
US 8.8.8.8:53 193.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 170.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\change_hover.png

MD5 57092634754fc26e5515e3ed5ca7d461
SHA1 3ae4d01db9d6bba535f5292298502193dfc02710
SHA256 8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1
SHA512 553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe

MD5 d1dee55868a587c7ee830bd075a512da
SHA1 eab3072e29989e9722cd8de11506086b96242a16
SHA256 5dc821b5a227a4c606b050dad2fdad0d4ed3b9d9168a5c57e2959b4d3503ed03
SHA512 47e2cd0088512222af67c124d2ffb410dd0a349477b0e2617d6e37b0f03b74f464d8b63841fe952053747ee7cf6ded4b10795f85c761af110f2ccec01b78d919

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\BlueStacksInstaller.exe.config

MD5 1b456d88546e29f4f007cd0bf1025703
SHA1 e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256 d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512 c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

memory/968-125-0x00007FFC9DCD3000-0x00007FFC9DCD5000-memory.dmp

memory/968-126-0x0000000000490000-0x0000000000530000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\JSON.dll

MD5 f5fd966e29f5c359f78cb61a571d1be4
SHA1 a55e7ed593b4bc7a77586da0f1223cfd9d51a233
SHA256 d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156
SHA512 d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

memory/968-128-0x00000000026B0000-0x0000000002718000-memory.dmp

memory/968-129-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Locales\i18n.en-US.txt

MD5 a1e3293265a273080e68501ffdb9c2fc
SHA1 add264c4a560ce5803ca7b19263f8cd3ed6f68f0
SHA256 1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f
SHA512 cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\HD-CheckCpu.exe

MD5 81234fd9895897b8d1f5e6772a1b38d0
SHA1 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3
SHA256 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c
SHA512 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

memory/968-134-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\loader.png

MD5 03903fd42ed2ee3cb014f0f3b410bcb4
SHA1 762a95240607fe8a304867a46bc2d677f494f5c2
SHA256 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1
SHA512 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

memory/968-137-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp

memory/968-138-0x000000001DFF0000-0x000000001E518000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\ThemeFile

MD5 c3e6bab4f92ee40b9453821136878993
SHA1 94493a6b3dfb3135e5775b7d3be227659856fbc4
SHA256 de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6
SHA512 a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

memory/968-140-0x0000000021520000-0x0000000021558000-memory.dmp

memory/968-141-0x000000001D5A0000-0x000000001D5AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\installer_minimize.png

MD5 38b539a1e4229738e5c196eedb4eb225
SHA1 f027b08dce77c47aaed75a28a2fce218ff8c936c
SHA256 a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2
SHA512 2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\installer_logo.png

MD5 e33432b5d6dafb8b58f161cf38b8f177
SHA1 d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a
SHA256 9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183
SHA512 520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\close_red.png

MD5 93216b2f9d66d423b3e1311c0573332d
SHA1 5efaebec5f20f91f164f80d1e36f98c9ddaff805
SHA256 d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb
SHA512 922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\setpath.png

MD5 b2e7f40179744c74fded932e829cb12a
SHA1 a0059ab8158a497d2cf583a292b13f87326ec3f0
SHA256 5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b
SHA512 b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\custom.png

MD5 03b17f0b1c067826b0fcc6746cced2cb
SHA1 e07e4434e10df4d6c81b55fceb6eca2281362477
SHA256 fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b
SHA512 67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\backicon.png

MD5 7ff5dc8270b5fa7ef6c4a1420bd67a7f
SHA1 b224300372feaa97d882ca2552b227c0f2ef4e3e
SHA256 fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1
SHA512 f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

memory/968-150-0x0000000021840000-0x0000000021848000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS4901C087\Assets\installer_bg.jpg

MD5 3478e24ba1dd52c80a0ff0d43828b6b5
SHA1 b5b13bbf3fb645efb81d3562296599e76a2abac0
SHA256 4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904
SHA512 5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

memory/968-152-0x00007FFC9DCD3000-0x00007FFC9DCD5000-memory.dmp

memory/968-153-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp

memory/968-154-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsk11BF.tmp\nsDui.dll

MD5 10b2fc53844ca93a9a585d3f08909357
SHA1 fa6e6cf6b55e393dd100e007dbe075a2450dd67b
SHA256 70104dc76b166a2cc3981c80352f0ee4b7fa8bb6180d1d06df5103aa968abba9
SHA512 64c5e5f87fe60c93d3f4c65e4700acc7191587c754b7e25e24f328be745fd09f61761b64b2ee7fc43717caee510389c783c452281ebd1a204c030d10d9280f65

C:\Users\Admin\AppData\Local\Temp\nsk11BF.tmp\BgWorker.dll

MD5 36c81676ada53ceb99e06693108d8cce
SHA1 d31fa4aebd584238b3edc4768dd5414494610889
SHA256 a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38
SHA512 1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

C:\Users\Admin\AppData\Local\Temp\nsk11BF.tmp\nsDialogs.dll

MD5 f7b92b78f1a00a872c8a38f40afa7d65
SHA1 872522498f69ad49270190c74cf3af28862057f2
SHA256 2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
SHA512 3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

C:\Users\Admin\AppData\Local\Temp\nsk11BF.tmp\nsis7z.dll

MD5 95f6f6ab9509bc366ab9215defe4251a
SHA1 e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b
SHA256 a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50
SHA512 a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc

C:\Users\Admin\AppData\Local\Temp\nsk11BF.tmp\System.dll

MD5 959ea64598b9a3e494c00e8fa793be7e
SHA1 40f284a3b92c2f04b1038def79579d4b3d066ee0
SHA256 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA512 5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

MD5 dfddf8d0788988c3e48fcbfb2a76cd20
SHA1 463bb61f0012289e860c32f1885a3a8f57467f2e
SHA256 9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d
SHA512 e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

MD5 3221ac69d7facd8aa90ffa15aea991b0
SHA1 e0571f30f4708ec78addc726a743679ca0f05e45
SHA256 92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537
SHA512 5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

MD5 76166804e6ce35e8a0c92917b8abc071
SHA1 8bd38726a11a9633ac937b9c6f205ce5d36348b0
SHA256 1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90
SHA512 93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

MD5 e7fdf6a9c8cae1fc1108dc5a803a1905
SHA1 2853f9ff5e63685ebb1449dcf693176b17e4ab60
SHA256 8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e
SHA512 a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

MD5 44ecaffec2c9fb702574e2bac050fa62
SHA1 75f95fb73fd5b6d18d907f47031b24edf5208c84
SHA256 ac9cfa3f2290ae4c80bf42fd929cc9d46c45441adab51f79041510b3a2f26e29
SHA512 facb2b07128518518240ded1b114b1698230204c60f9d81aa05700abed487950ab55f1b7b0b895f8951d310408ddd16b4194bb6ac79d18558673516c339f9eb7

C:\Users\Admin\AppData\Local\Temp\7zS473AE999\Assets\exit_close.png

MD5 26eb04b9e0105a7b121ea9c6601bbf2a
SHA1 efc08370d90c8173df8d8c4b122d2bb64c07ccd8
SHA256 7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157
SHA512 9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

C:\Users\Admin\AppData\Local\Temp\7zS473AE999\Assets\minimize_progress.png

MD5 1504b80f2a6f2d3fefc305da54a2a6c2
SHA1 432a9d89ebc2f693836d3c2f0743ea5d2077848d
SHA256 2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6
SHA512 675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

memory/968-9036-0x00007FFC9DCD0000-0x00007FFC9E791000-memory.dmp

memory/4244-9079-0x0000000000400000-0x000000000045D000-memory.dmp

C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

MD5 e093c9772ef7c1ad8862b4230ac48700
SHA1 145d5bce1eaa40d8f68213f5e2a4a6ccd4706601
SHA256 28cfa7c94be9ffbf199f5616882cd67a449e0a3401a069c8c2bb7542bc6c7fc1
SHA512 d6a491120d9ecfc2e87e1d929a5fdb2c2843237e214afd05dfaf2d8a55c3e2abf5dbe27cceb8c8fcb8f0cf9247b33ac282b8b967232a1c49d014f1e40db3e560

C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

MD5 f25c89560be3b15d94d7b1ce5fed1a9e
SHA1 4b3dddbe68da1d7d55dd6ba2bd0a2803a22d7fa2
SHA256 e8430fdb0f683223c0cf409402b065c32892b6d4c36625d07ead9b9053e26ec1
SHA512 79bcc036aff086007ffdfb3ca29f2830dcee1d40ec6452e1dab6a8a5100d8252143a5362b8f11871c0f34949c2f2f9044a18fcc9df2fb8aca17ec4ad81dbc8ce

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/1480-19142-0x00000000658A0000-0x00000000658BD000-memory.dmp

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00001e

MD5 72b50e1a0d8eeb7107be5b44275b694b
SHA1 a56c08e0d4f9ae21001fab3484e8534f0d2a6532
SHA256 f756b47760f5affb9fcd83fa5fb2fe2df0ee97b0773d899463cf4021ffa7ed21
SHA512 49479165bcbfb776eafaced6981fa899e5529c68e402d8d40c59f443b1531f4f1a396c711db049fc1dc83b2ff18eacb2b2be429a003c1ebb3d27941ad6dfc434

C:\Users\Admin\AppData\Local\BlueStacks X\Banner\https___cdn.now.gg_apps-content_com.dvloper.granny_videos_desktop_granny.mp4

MD5 3b5f01640a4c163f51140a1a1ad9f193
SHA1 1082d024373b28c5826f41918b601777d9354d45
SHA256 eeceb0e6669be72646b0e9110530b0e817c5b6a8e19b1a7ad6e460f4d14a9c76
SHA512 7f6f94620cfe95c17325620947c3ce9d738d4512c1d07ec34e72bdd0fd54ab31f9c24f9c9c182e366c62effdbb6651d8181651cfc77f472cbc35ac79b16331c5

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity

MD5 52fd499fb3fa103526164b4d61e9d1a8
SHA1 4f010e674215a5549fdde181c31cdb705e2447a1
SHA256 5c1e35e4be8aaa2cae6c028d8656d06feaf168ad593a6ce8e316c47016c0c475
SHA512 8abf6210c386e917df01c808aa243d53455951202d6070577b5bf3c220134b20d3b9d2d8d3ef65a1438fe938e6ab4bc6afa9047210f172460bc950a58a8b3701

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity~RFe59c4dd.TMP

MD5 c830b011a34f5648ac98c4958188e632
SHA1 3fe74494cc4eba79a8c3493c9b45094ad9637409
SHA256 455fbd3d80b7197a7ef7e7c7a2c462102b3271c9a6c08961e587407d560cbb7a
SHA512 58c73411fa2073a24bad8798e4fc0891a99ee4e56b3dcfcb605be75fa6ebcad56ecb87a43025e488bff3ccd6c3f95a9627c25a3509ae60bfd7053c45c35b394f

C:\Users\Admin\AppData\Local\BlueStacks X\cache\icons\com.dvloper.granny

MD5 4de3be853b204fcd118fcfb4573e27d1
SHA1 255501783f7a0f544fcd32ba4979da1c438e3cc0
SHA256 2d69c8f09d8ccd9179548744b79558f7a5bd202f8f60678c34823257fc777472
SHA512 4aa4d7ff5a53fae94ecb0f1b0ddb9fde0b48a326b12b2a0eabf437df2f9f9cb49f9851fae91577bb97227c275a8f19c6290d772110078243d1b596516855b38a

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State

MD5 afa72e0013a71edf262871eb1e47693e
SHA1 4fbc96b0902a0d62341f7a2d841a0a5c2b0fba6c
SHA256 84c5e02dbfa937439b00d9c652f8720d9b3b7db45be5b26035c81509e8247792
SHA512 d724fd1c4bd6b3298015a6df7466d7170f039b8b87da4ebc8a5d33eccca9c1c28faf945f3963b9fac2c1a86bc6d724cb8034eb0ff406c67d5d6ca85fc401d756

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State~RFe5a5342.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\exit_close_hover.png

MD5 92c2bf222d6ab81fe7a0c072bf31c107
SHA1 8853eb08a2aa3e99fae6dabb9cff6461704f2a2e
SHA256 bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709
SHA512 6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\error_icon_72.png

MD5 4aaf83d2b3fd56ad806708e60474df39
SHA1 144777a265879b69fadea3eb3ac6939458918578
SHA256 84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f
SHA512 3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\error_icon.png

MD5 dab2c4538a83422b5deae0e0de9b7a30
SHA1 78c2ab2271aa4020df1e0289bc3c1ba9a43fd424
SHA256 666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89
SHA512 24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\custom_hover.png

MD5 f3e05f142e742e25a98d4f5af3ae0623
SHA1 88363e81ddef700803f4859d2f3f0b4af516bbf3
SHA256 d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424
SHA512 5f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\custom_click.png

MD5 ced07c9db242115400e159d9a02bb7b7
SHA1 6f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77
SHA256 1318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90
SHA512 d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\close_red_hover.png

MD5 5ceab43aa527bc146f9453a1586ddf03
SHA1 88ffb3cadccb54d4be3aabf31cf4d64210b5f553
SHA256 7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0
SHA512 8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\close_red_click.png

MD5 6db7460b73a6641c7621d0a6203a0a90
SHA1 d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3
SHA256 d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd
SHA512 a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\checked_gray_hover.png

MD5 ea22933e94c7ab813b639627f2b38286
SHA1 c5358c5cb7fb1a0744c775f8148c2376928fb509
SHA256 d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20
SHA512 ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\checked_gray.png

MD5 ce144d2aab3bf213af693d4e18f87a59
SHA1 df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa
SHA256 d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3
SHA512 0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\unchecked_gray_hover.png

MD5 62d7f14c26608f8392537d68f43dece1
SHA1 add4f30e7c3af4f7622e6bc55d960db612f3bb0a
SHA256 a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d
SHA512 e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\setpath_hover.png

MD5 b1e53a76b6ddb3ecff52bfc1a8e5b09d
SHA1 012b5879e879fa25bf48e4bb62c35ee829eea571
SHA256 2da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0
SHA512 4369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\setpath_click.png

MD5 624e84e9b49bc150043aa9fb0eed2822
SHA1 f23f2a4ec609e3e9cff9319533e561968ccabb22
SHA256 c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1
SHA512 288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\powered_by_bs.png

MD5 7a2e5c21140aa8269c2aafd207f5dbaa
SHA1 4e0d9e7e1b09e67eba10100d73dc51623517821e
SHA256 3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35
SHA512 63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\minimize_progress_hover.png

MD5 fc2a0361a751177d3aacdba9c31b2682
SHA1 0a8f672d7a8777d1106e3b8ee36bd6e45bd322ab
SHA256 1a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd
SHA512 a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\link.png

MD5 ae2c73ee43d722c327c7fb6fdbee905c
SHA1 96f238bf53ac80f5b7a9ad6ef2531e8e3f274628
SHA256 28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf
SHA512 5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\installer_upgrade_image_bg.jpg

MD5 3bb85d2c8cef28c89a2d07adf931e955
SHA1 596d13e7742455afce8a534382b28cfd2f6aa185
SHA256 b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b
SHA512 7075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\installer_minimize_hover.png

MD5 18fb6465b029206477d0222e8da6fdf9
SHA1 b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b
SHA256 57aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d
SHA512 f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\installer_minimize_click.png

MD5 08fc39a69fa17e0f529915919cea1633
SHA1 2966a3f739698e2ce368585fb7f6ac4eae4497b1
SHA256 2599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95
SHA512 f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Assets\unchecked_gray.png

MD5 e50df2a0768f7fc4c3fe8d784564fea3
SHA1 d1fc4db50fe8e534019eb7ce70a61fd4c954621a
SHA256 671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396
SHA512 c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.ar-IL.txt

MD5 9fb07e066cc2f213a64d35a97a8c2922
SHA1 a70db989f5c562bc69caad89a1402c8ad7c9b80e
SHA256 65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90
SHA512 81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.ar-EG.txt

MD5 7dc7a16b5e42818c9249db888ca17075
SHA1 42f6b065b90017078fca7161cc4c26ae530dfbdd
SHA256 e696f4f231acef534d62ec9d99a3f4fc7b74a1c1deb3f9bbbeb4e94194bd9747
SHA512 f2706e0bb348a691d3cdc9d05ff4f71979804628547a41386aab068b008fe4933b8689500b5e45abf6afa6b6f1db3024ade2846659b2664b37b724fac5416a74

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.de-DE.txt

MD5 defbcf66edf5e18b0b13c8062fdfeff8
SHA1 8c807de19b131831b72325455f1bcc3ead0a09cb
SHA256 a9d87275086fd2d700d588f45c3121eb6a75c64a2e6c4a8714a61032403cdb03
SHA512 a30e142679e942932d82fb8179a9f8ca2cd5882577de64e8e4c38eb84c99e359235346c35b6237133159288261b0f6e9032dc6b14f512e2a431f093187e1447a

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.es-ES.txt

MD5 412ce0feb5a656c908775da52043c31d
SHA1 54a35431dc77d66fde2c828f10372142926b4c47
SHA256 7db48c44d717c50011a2fe2d8f5eb0214c817c7eef5bf1f656feb70270a53458
SHA512 2209d911c91d21ceb44a8e9375fefa9b5ea55cb800f49f709a7baaa56d52a94f5711fce850d880394f6ae78d23d0e3f1a5727514b970f940d0b670e2e978a997

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.ja-JP.txt

MD5 cb5797745966bfbded96d28cf53e2f93
SHA1 1cdc380338f076c608a4143cb685e4cab2bee916
SHA256 25fbeecfbeec0b2a8ad45f8b7da31c4eb6fdbe413f46e75f40cd22d874c8f7c3
SHA512 f42ef0a3566f02a4487daf50725c186a0cd8c03850c569eb0cf4134ad2c2004135730ff8f672207bf12837980fe722c4581bb0c6c1eea5dcc9014da5719901b7

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.ko-KR.txt

MD5 299768cf839ca0926344233731549181
SHA1 773aa661c5bbc1a92a41b2f02e59bf1d78b4b142
SHA256 883cf4af6b2124bb70f51d683c7a1f4b3cecccc4ea61163b8c4ea967155ea839
SHA512 0de4317aa9139b415d4d10aba7f64cbfe39f0417e2d19dd8e69ada7d0915a81f71be242caebf5e019a2638d6d0457c042493c80ea0d24c2dd43c18bfe76dd2c2

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.it-IT.txt

MD5 444e991f12d84ad04baf6c8eeccc7a9d
SHA1 f4bec5e01161d6f5cc9107f2cba325cc9b0ef325
SHA256 4b1f6e0fbc834a783ab8230e678bfd1506ae6c18b0ac0a5bef1d8344b5b2531f
SHA512 ff61397322d86f36a225e9be7444c643e2760a556311c97b230583b0b2788208d11f723e500c3d291d55d076b5cb0a52d92b50a8b1fdfe348fd61341b915f855

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.pt-BR.txt

MD5 f7ec10775c6fa5d5ab49531ec7910ed4
SHA1 9d3b8f8474328725097de234a961b32b2e1dc9ba
SHA256 909f5b1bbfd2cc1779dda1bf4f481c1d6ae1e1af3d9902c1518a535962860668
SHA512 d7d8ea4c15d54d9e4a2b75e4962ac9b81a316d23803c64c8925ffe6348b200fe21d445c6a0b0bd1a5b0a7e413bd5f5ad8935ee15cc56485886a5f4b29e51963b

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.pl-PL.txt

MD5 c61810a689ad52145f3b644b3e4b01e9
SHA1 ee7f7229aeea4a0ec6e18805b69d0ff928afbf87
SHA256 c5cdf3696ccd6e3e600483836c81b290e5270984fd7ca12becafedea42cd64e4
SHA512 79dcf55c6ac864764fa4c614667053c99cd37f408b2b573ce18077fd09ba70877b3cbbd1f57b680ba6e9b5ed5a4d257f11d12c67a0b56dc9a099bf2584e0c393

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.id-ID.txt

MD5 08c0671314dc5408b6becb80cc5f1c74
SHA1 415734d91ab34bba578acbfae85d5976090777c8
SHA256 74d906f8e58094fad1006b44298a42fa1253e6b78634de5e53853e6f60869d79
SHA512 1c35bef1a3918f2f2f4d996188490086c3fbf44ad8b7337c2f5a0007a7e5a4efea418b77faad118ae74659f96770c324a8a0f02b4e50d6605f823abab0558098

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.fr-FR.txt

MD5 2625613573f48fa7eaa813d7fc16b63c
SHA1 a57a1cd71dbf2dbabe8bc873839adb2005f54c7b
SHA256 08062a8ae430d89af04c9d090506dd6e380490387eb2909f356a47c01540b271
SHA512 8a443771fbea7708479412c5d6c336e5e74745e097118712fbecc279277ecc2ff693ddc8e576f91c6b61ff658d7a576cd37c5b084d5116bc9606434fbfc4222b

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.ru-RU.txt

MD5 a7748f70870a0f2cf2e5804d05f433fb
SHA1 ee74469bbfa6e5d04043dae2a2cdec1a777c5b28
SHA256 f74bceefe2a7e7d39650128096f9b97aca5e929fa67e451bfa8238d7b90cea34
SHA512 122025652c05ba9336b339db79b925b781862a635cdb0c8d5db0adacfeb6e0e43ef85c283d417f119d8622640d0ed15cdc6d915749ee3cc1a4f89b062ae71075

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.th-TH.txt

MD5 bfb84603722e804e4697a52285b867b2
SHA1 5840e5e93319f981dc0f6df4c7d7be23547f6655
SHA256 98f156d8184c10d504189eab0077aeac8687e1d6714d0bb228704d660e01446d
SHA512 e26cc6ab7087a252471cd6233e3baa9d9a66c0a7a0b3703987b31ff4f91f89d00854d8d970f3090b2d90155d5eb5f724a096badddbc6a4dca7dd1a53fad6ffd5

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.tr-TR.txt

MD5 2ddee14b7986e234a208189d650a2e4d
SHA1 ab60bc9393258e556c7ac20a8d68f632ad44ea6d
SHA256 fd9c690e597fc7d8b3bbcba7e39816087c424227f89bf3107da7d16d444fb3dd
SHA512 116d06a37e836d4f48b59aa9cf4164e1ba4abc081e62adfc6f3c8d112f46b57c060381dd2fc361fb83a162ab12f915408df193bdac405490e3014bc0effecc9c

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.zh-TW.txt

MD5 3ab7d825111b89950d8ca4b3da1c00c1
SHA1 cdf4ec4344598ca9593665465497d370a35aa178
SHA256 dd286cac4e14fe69877e4c2f35eab8352de125f7dc757f47e4fc8329572460ce
SHA512 ac0c2dfc6a963a88657304c83d9f00cdadb5735f208571e72d43c410d767ff6c2cd05c4fcfeb5d4c7f8882e079608e8eeee8b1aea1e2cb6442f78cafaa8ffd09

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.zh-CN.txt

MD5 1eee99faa98b0385fd8077acdf53e81e
SHA1 3191f6c03d6fd3b4db1944e3e7b3a8b85ef20dde
SHA256 7d245f9271426eb08f976a83e8b229e9a830f51674e47b6bfc2181716ec0ecf5
SHA512 d2c116c7c56d7fd6154c2ab856adccba5848ba1fe1ce5ae38fd740e388cae77f095feaf90d4161527a4b3c99c129374156f85033c18f3293defde33f78708691

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Locales\i18n.vi-VN.txt

MD5 2ffe813470cfedf7384207e61dabf1df
SHA1 1673c446a89a41afff299acd0f74b4df65cc29c1
SHA256 e666975aa6894c7d5230eb44a6ee85564cac7a51188ed05b77059beb60545ac1
SHA512 3288001e68c5533ae092460d7bcb20ca42c37c04fbdfd412c1046ba41f0582ca3a135f136303125f680165c401536b9bacf6d6435e10ec1477d7f9b45942c34c

C:\Users\Admin\AppData\Local\Temp\7zSC641473A\Bootstrapper.exe

MD5 3dc4cc51d67fb0ee1e0f87ec24a62709
SHA1 9678e6d5828930f67e0d9f65430749217e0ffd95
SHA256 780ec6bdaf88878686ef457fb784c436f118bff277a670efc42df2678288ac9c
SHA512 d01e544e166e969caa3af691a4f9572dfc392ea34e10e09355f4e7a966b9c6f1bc2460b5b129495edb17ad59b90cbda710e10579e949c098d604b7bf72d19baf

memory/7108-19534-0x0000000000B00000-0x0000000000B28000-memory.dmp

memory/7108-19535-0x000000001B6B0000-0x000000001B796000-memory.dmp

memory/5700-19536-0x0000000000D50000-0x0000000000DA6000-memory.dmp

memory/5700-19537-0x000000001B920000-0x000000001B9A0000-memory.dmp

C:\Program Files\BlueStacks_nxt\7zr.exe

MD5 fbaba140f30a11e5ff4f97d921de6d45
SHA1 d12360b79d9fe7ddc5380a22539dc7d4768ff5f3
SHA256 4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16
SHA512 cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

MD5 ca0a329097316832e4a6ea5d870c9268
SHA1 4a36b93361d3dc9df9b00313f2c2b394be9e1e72
SHA256 4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2
SHA512 51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

MD5 13c2caed112b4c78229ac158db0ee768
SHA1 893e99ca57af1f4f99bc70a6e7f83eeaebf603f2
SHA256 355b138140647c1ae5875595c5ef19d3573bc089d9c86d502908083cf19634dd
SHA512 6ced67cd26240c62c0d0afec77eb73bc0e01f5487f8d992c2cc94060f7c9b0d147cac122a4ef5e50a4fc44918c291d0e222c447337bf49fc2f20fb7da90ff676

C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

MD5 1fae50b83498bfde8ce8b036c62b233f
SHA1 1476d035c4974d16912e5c594351a93b5b47cb01
SHA256 dd3306c3126a1c0cbf01c96bdc0efe98355b1541edaf1bea5f3b4bcce26bb629
SHA512 facc74460b942d6f36bd1355b55dff5c61d7e3809ad8870b49daa52ae50dd46abf2f54f8f20fc9db04d487c01dc378b21403bbaa921527ddf4d2f62a2e48ae85

C:\Program Files\BlueStacks_nxt\ProductLogo.ico

MD5 169706218f98a42594a8c5c5a65771fe
SHA1 b8ded94180212578d86a031eb71ef93dcffe1a26
SHA256 3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697
SHA512 1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

MD5 b09525b48c0023f893d6b64d06add4b1
SHA1 10ecd439ea04e02eefe17f6c110d0c0a78a1db21
SHA256 caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e
SHA512 c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

MD5 47ff3e4cc15b8c4a07e3ceb6cb619b62
SHA1 0318e54c613b8ff00f54d843e90ef88310c1a96f
SHA256 4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a
SHA512 0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

MD5 22efccf38e15df945962ac85ac3aa3b7
SHA1 b94a8615dc92982e1637680446896080f97c2564
SHA256 0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92
SHA512 41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

C:\Users\Admin\AppData\Local\Temp\vayaax2l.iuz\BlueStacks-Installer_5.21.610.1003.log

MD5 afb129bd0c904f57cf3f38de3f39863b
SHA1 1b6b1efdedcf65acab437fe5b5c1c945566d6b3b
SHA256 7420f6e3328a8d83cf4372137f4cccfecc03cefc8b870163a293429206a7e73a
SHA512 640d3ceeedbe12105da7d6fa8fff3c59fb30c8dd764dd4fae91890638d60666a6f40fcba9dadcfc294bbec7b903932c3661e5de424cc6d438b02b85e8feec194

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d22073dea53e79d9b824f27ac5e9813e
SHA1 6d8a7281241248431a1571e6ddc55798b01fa961
SHA256 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA512 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bffcefacce25cd03f3d5c9446ddb903d
SHA1 8923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA256 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9450868e4dc4d97247c08f233438ba4d
SHA1 76a57ba2dd5837de2b1d90def961e8f3d7610639
SHA256 f76fe5de4a607eaed1c1743800bb39c2c95a9034ce51316caf402c0482634e61
SHA512 868092586a08ef31028dc7f205747c21d71ee7c74d3dc46c946ba9b234b2256d9678d49c248c0340afca238d615bed3ff8184f14f5f1827387d76cabe95cd918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt

MD5 d022774f6f7ae9820f900a5f96a485be
SHA1 1dc8e035f23a4f52f6d51d8d817fba08e06440e9
SHA256 56fd55446d6ba3f30053d371c5e3987850d8cf2c87c56f48fdafb331a92b6af1
SHA512 65109856879235e9717521a9381422c09093c77f0ec5174fd2ffb024e302153cc7eb92a248a0d712dbdf54ce66a105ae7b6c899927bbe946b49561b60eada68f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt~RFe5b3044.TMP

MD5 ff7069bb8ca2a8e88efcef6b1aa0a525
SHA1 e6d45fb48bdd8e3ff1d53d62ec4b5aa7763fe18f
SHA256 95840a31e46add8986ab6bd1899c727e7c27794de8baffacb68bb901b1e2d943
SHA512 fff4dd706261d2dcec2744fc21cf936b691cc02cc2f2511ee5c2f91bfe31018fd94e13f40b68f1c008530de81c3936604f8345393feaa9b8cba7c43341f6111c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt

MD5 bc8f11139ccccc3c03f236851da0f82d
SHA1 2298682aa0ad3125777842ce16b08ef5815e7bc2
SHA256 d50a552f51e3fd9a3410579027d2bc14a52082dfeb52b3267263a9471101ff8b
SHA512 2a93b6d05ed2e4a08c4cc69621c84286292b4930f3b66f1c91f5c12dcd9eb5f07b80b19f46144ffd91e6f79db37237e974eddac89bac705812f33c01d886dc24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 283b2f20ad476c0f9bb1c3bcc7d49829
SHA1 709d6837d2fa735a0aa04bee3bc619e73466b234
SHA256 e66ff776e6d9a20f1054ff85c36891551b3f81c9d2864eb5c14c007b3fb2fa14
SHA512 c344cb83725ecd611fdc558b6c585727d844f44eeec87ec87b4d44647398734c76ca14d58d934ec1cb2a18e9c5093e0bb8909a439361edf6666de82b8dad0edb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 387fcb3e92d9844183f43af1a3ab8d3a
SHA1 e921b4a4d36259c4cef32863b835cc3b0a2b719e
SHA256 9af7b8c5b503d7308dcff2efb9624b8f12862a4d9ead3b29deacfe52d3bacb5f
SHA512 4129fe46bd8fa8ab8f620d25242615cc88e683275384949771a267c83712c6c62c2fcf2e0de4c7df60120574a24354a2c829bd8e8f8680686a162f0637d1aca2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 85f66bd46a155acb6cbdc4adab81fe3c
SHA1 ec1953ce22ecb11312b1d4ba1e11d5063591c905
SHA256 100b8b4fc0c6cb1d151747925be6b98d0d24373d187b8537e6e5dda4f240a115
SHA512 c981a8978a579328368ba0416f85682207023e9f5537db9e9d65528217160017b9f90f43cebe4b670c9e5d91bd135626e4396f7ddd33b0d0bd0a739a1608fbdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69d9edfe2b6273ea6caaed8a2cbf576b
SHA1 c2f58e702899b6870c0cd3c8ae9fee25c9099c24
SHA256 b179ec4c922b5d961d2451130f5b0204c3b0175a2d2adfa855ccec8697f9d387
SHA512 b423316b1c4c169fb38e36eb34c795b8520c97e33f91aed7ad548e317c06c0cf032aa2781172f6c475b05ceaf15ce250a6409222f35700fa17836e92b191cae3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b78e6.TMP

MD5 c5247ca93ed30b8466b25d6f9de80896
SHA1 d624d1c935919828c0b7147d1dff8fe221b3624c
SHA256 325063ed0864742d3774d027c3709b67e21ab21081182e11c2754dac56924b9c
SHA512 3a6710528cd018287cb6a2bb13e6a8701bc2cb0b36b3174f8ce2627fa1c2d197c385ec2a0832b0a397fbdcf9268a53eaf147d724c8b3aea8ad7a6a19779e434b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f55450f388cbad8118e970d978c5b065
SHA1 3909623d91a05023e5fb68623ff1a924c5aa51c7
SHA256 8a41152f19bd3980c08546b492666c28279d5183927efb2ed153643da3f773b3
SHA512 e6a153c3b8c519fbd89efbef4c46434c8911839700c21ceab965ca85a18d7d85542b9b43c767132b66c273791b4c72638b3c2f66662f84b36fb6b6ae2478312c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 64e883c0faaa7f625c3e7df0995030a7
SHA1 725be19fd12606ebddc79c790bff03341dcc2e5d
SHA256 0f79133a0f1a6704f1cb6c2bb4a760c16508a90ad1d6940243a09b6c69ac9122
SHA512 7df26bdd5c580576db4647091d24423ae6b02aea1ecdcfceba2ef78233759868a04b2454e79f6f9867f1bc8663dd2b15d0448c0cc9daf4e666863c74d72020c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b7be3.TMP

MD5 b290a332c9af0a6afcbefc876d743da3
SHA1 4a953e4334e1313d8ebea0fd74c0ce290ccbac7c
SHA256 9b9b11aaf420b80694194dae112526b52116df2d48891f8c6a0d12170bb72bc3
SHA512 6b2ff7746df8a2692c69137496336bb4e5620623196f372483f0ba4aae2b75df1c602db361fab573096947c5fd2ec3a8328d54cbc1aa403d3a6d20fe8af979bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 22eac8c823432189c6365c8c64306dc5
SHA1 c2355577b14f19088d7c751f12980514bda225dd
SHA256 ec5c0531801fdf0a79a9cd9c4393fc4445f947cc0603fdda3e02f3a638fefa8f
SHA512 adc8bee8a40b7c59f6a3c7440191f590841a411e688f7315d923c750379caa7fdddbbfdbeb9152e61d242420c5369685e50784604c7f346c48cedfd2f96ab94f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\a970801d-52bd-4b19-930f-6a915408ebfa\index-dir\the-real-index~RFe5b8a0c.TMP

MD5 fd00bce571f882634e666e644f8574b2
SHA1 fc79db932ad83018f84d5bc3b7e22e2282b439fe
SHA256 6f2f6f36905040bc241054c8ad8d62a9a92061607fbb7b91961a3d880377ba67
SHA512 7334b8cc58d2342116a67105f1b63e3017e12e96032aed8f0a793a788d5b24ea889f546a305864fd66457313fc6d03050bc02fe3502add622d90eacc4b0cf30a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\a970801d-52bd-4b19-930f-6a915408ebfa\index-dir\the-real-index

MD5 c8059f87c15c65f0f4386d1dc274baa3
SHA1 90ccf42978a2be07d84b43bb6f68fa8039648b5a
SHA256 680047a486d57ae5b1c4cb78c98601ef9873bde2c013886619ce4ca33929cb1e
SHA512 c022c4f8cc331bc8293fa26f83962a2094ba95ec5986caf4c712b7202a5edabaf8d02d3e1f795a3df094c34a24f1bb33b8f352edbf01b30a57126e0739c0a261

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\66dbe089-e20f-48ef-996b-74ae3f3020e1\index-dir\the-real-index

MD5 f3e0f87eefd867aec7beb2e7b6500207
SHA1 6114b3173d7d7a5d2a8fa326120ab5446fdc24aa
SHA256 66380d6052249f872677e546b50e25e4d3525c9e0c625e9b958fec28181f1d5f
SHA512 6ed537a4aa2a182c6674ca1bfe0a8c995394d224607b9e83aff211ec18d2adbb0a9a922e5a92959418a584802a2913974fcd78b5425a8eb8e99925c37a168678

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\66dbe089-e20f-48ef-996b-74ae3f3020e1\index-dir\the-real-index~RFe5b8b64.TMP

MD5 5d6a6612a9a2b638e873b7a08d22e693
SHA1 0b6658a43889b258d6001f4795e9a99f93023418
SHA256 84be89f269c2fa980bfeef07bf63ac6348510b51c7aae621e719e1aed88239aa
SHA512 5a501bb41fa966bfecac03b467fe6ab49863f557ae772e084fcbd29deba69c70e9db26c6455531f64ef9ac5100d623daa8683a8824543c5debe4c0eaea2d47af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\a3935f12-356e-4757-b6c3-0a6911681773\index-dir\the-real-index~RFe5b8c3f.TMP

MD5 6b4b2cf1abd009a9401bf95a881ba77e
SHA1 7786d83657abae9562b47bd2190a747d8d5ea331
SHA256 ceaa4cfb494a35b81f911251419a8b4d6916ee205efa42f641c86446cd329667
SHA512 4fad09448c744e6fcf28a263ceaa4f1067fdf1660bf5469931e6ac0a1a0fae3e9d2ca4cf8690aa7796ba07979059040cfddbb710834a308ccdd3ebf0eeb17740

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\a3935f12-356e-4757-b6c3-0a6911681773\index-dir\the-real-index

MD5 b75bdd2d9d8d384365b1124b0a0de038
SHA1 d6f05c0cb1f7f25c0a3bf88692e8cf57c0c7b2b8
SHA256 2abd58fb68e0f7b0e69155f521e085a3726649ab8e9116747e7ea7f4ed0f481a
SHA512 5c729a7d128771c4f90fa94efbdddebb04eef807928adde7e5ef83b398fb8a6b8a34733e603174c3d08501c3a252b10110f413a76cd9f9e9608a15aae10022e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt

MD5 bf17a4d5f1c9597c5fe7bacf43812caa
SHA1 e7acecbb026b22c0f1ca767d5097515a69bf9aaf
SHA256 da78ce7109aabac0fab39704d30296a68a63ac33a2403829867e235148632ce0
SHA512 23a9f5442efbf2200266b9050df3ba77b51dbe03ee42cf1c4e34af824bb50651207f595f9b6742c2c5f53beb8ee4d2c48bad714dd4616397857f65ebdccb3ca4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 50e8a0bf08882265e990da01d124f551
SHA1 da790f9747a6ea4d178ebd968ce359e0fd864b75
SHA256 dcddd5028a4d5c7c73bd890c77a58a1bf0174394fbfa3967d52512576f113fab
SHA512 c9e2f9fe37e138392d88eb1f69c7bcbdb60888d35a7fa31eae4ef810fe67a815ef6334d14c95c9747704f6567ef4daba359664e13d84f60fece31b41b16209f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 759bb064edbe28d71e4c46cf5465152f
SHA1 b75dd42651c5f712efefa5fa9010e36c0f95a730
SHA256 7578b3ec047b16ab8882a728d32b73e2da48b681b0c23836f5091f122c7cd7d7
SHA512 219b80193525740ff492bc557f779a75d7c960eb026564a61ad53f66ee2923a29cfbdb9b9b53132bc2750b3e59fdf884a82b93395333f7f62978933046c8dec3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ba8f507dbb57b6305091fb6c1b612719
SHA1 770bd0c6be22c45ad00699d197033794f2ed9c47
SHA256 c8083d42542a1ee20e081ffa6e23eef3516c7b6ebdaab898deda844769dbb1f8
SHA512 76fdef2e49ac0b900a61d11dd2940adc694661a210468e588fc66495cfec8fe84d3942ef0d52b48cdf665403b9c1eedabadd10bb7585d56f39aa8b949c86ee1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 deb789fbb39ad62904bf223c85fdef27
SHA1 ca3e5252364c4834cfde3a42a1482f1e3a24707a
SHA256 21b108987fd1897a1381fa787a0b7476d30ddf93410e2caa9d994b05ca9ebc11
SHA512 ffa880dd8b29fe50f5912abb01e5d23653cd52728a3b0cabba1ba110b7e29b32e8f9b7a0dfc6c3456df2f530a37fa88134342f34a6b64b77ff2c1eb9d2021081

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fe839b9b31b8a55fafed433f4081e827
SHA1 bfbc743b550715a0b665f8b240efd30b260a643e
SHA256 3bb5e5cd4aa58525399eb9b52d2bdcd13dbbd60ec7b0feab8edaf019defe46d8
SHA512 00a909e4efaa7ac7c3b9f2e95ab0baa8d9f34a2caf90706cba48035116e0707ca9bc2186c58554a335f9c701460646b40bb16691ebe6cbcba6e55a0be2bef67d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9db5994-2cc7-4c31-a1ad-1cb1f775ed3f.tmp

MD5 535d229a5ccd0301dee3274791a3d737
SHA1 ebffd16cd7ba9d6574551ed1577488dad939a120
SHA256 af3189d4f35fdba677024ce75605185d896757f6a4790280630e67080b82afca
SHA512 d88d69c2b4ee51d47632adf3a1c1b8c08d43193b1ecbdf91c2eb9c3ab132aff7fb26f05969d0298d77cda6d9a4ce725815e7e4495ec0dddb81227ba010bf07e9

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 18:53

Reported

2024-11-13 18:55

Platform

win11-20241007-en

Max time kernel

104s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4148 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe
PID 4148 wrote to memory of 3248 N/A C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe
PID 3248 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe
PID 3248 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe
PID 3248 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe
PID 3248 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe
PID 3248 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe
PID 3248 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe

Processes

C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.41.610.1001_native_605187118d446b65e9fbb811ffab78dc_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"

C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe" --cmd checkHypervEnabled

C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe" --cmd checkSSE4

Network

Country Destination Domain Proto
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 181.86.160.34.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\change_hover.png

MD5 57092634754fc26e5515e3ed5ca7d461
SHA1 3ae4d01db9d6bba535f5292298502193dfc02710
SHA256 8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1
SHA512 553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe

MD5 d1dee55868a587c7ee830bd075a512da
SHA1 eab3072e29989e9722cd8de11506086b96242a16
SHA256 5dc821b5a227a4c606b050dad2fdad0d4ed3b9d9168a5c57e2959b4d3503ed03
SHA512 47e2cd0088512222af67c124d2ffb410dd0a349477b0e2617d6e37b0f03b74f464d8b63841fe952053747ee7cf6ded4b10795f85c761af110f2ccec01b78d919

C:\Users\Admin\AppData\Local\Temp\7zS43024087\BlueStacksInstaller.exe.config

MD5 1b456d88546e29f4f007cd0bf1025703
SHA1 e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256 d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512 c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

memory/3248-124-0x00007FFF4BCD3000-0x00007FFF4BCD5000-memory.dmp

memory/3248-126-0x0000000000960000-0x0000000000A00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS43024087\JSON.dll

MD5 f5fd966e29f5c359f78cb61a571d1be4
SHA1 a55e7ed593b4bc7a77586da0f1223cfd9d51a233
SHA256 d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156
SHA512 d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

memory/3248-128-0x00000000013F0000-0x0000000001458000-memory.dmp

memory/3248-129-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS43024087\Locales\i18n.en-US.txt

MD5 a1e3293265a273080e68501ffdb9c2fc
SHA1 add264c4a560ce5803ca7b19263f8cd3ed6f68f0
SHA256 1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f
SHA512 cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece

C:\Users\Admin\AppData\Local\Temp\7zS43024087\HD-CheckCpu.exe

MD5 81234fd9895897b8d1f5e6772a1b38d0
SHA1 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3
SHA256 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c
SHA512 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\loader.png

MD5 03903fd42ed2ee3cb014f0f3b410bcb4
SHA1 762a95240607fe8a304867a46bc2d677f494f5c2
SHA256 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1
SHA512 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

memory/3248-136-0x000000001CCB0000-0x000000001D1D8000-memory.dmp

memory/3248-135-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS43024087\ThemeFile

MD5 c3e6bab4f92ee40b9453821136878993
SHA1 94493a6b3dfb3135e5775b7d3be227659856fbc4
SHA256 de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6
SHA512 a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

memory/3248-138-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp

memory/3248-141-0x000000001CC00000-0x000000001CC0E000-memory.dmp

memory/3248-140-0x000000001CC30000-0x000000001CC68000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\installer_minimize.png

MD5 38b539a1e4229738e5c196eedb4eb225
SHA1 f027b08dce77c47aaed75a28a2fce218ff8c936c
SHA256 a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2
SHA512 2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\close_red.png

MD5 93216b2f9d66d423b3e1311c0573332d
SHA1 5efaebec5f20f91f164f80d1e36f98c9ddaff805
SHA256 d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb
SHA512 922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\installer_logo.png

MD5 e33432b5d6dafb8b58f161cf38b8f177
SHA1 d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a
SHA256 9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183
SHA512 520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\setpath.png

MD5 b2e7f40179744c74fded932e829cb12a
SHA1 a0059ab8158a497d2cf583a292b13f87326ec3f0
SHA256 5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b
SHA512 b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\backicon.png

MD5 7ff5dc8270b5fa7ef6c4a1420bd67a7f
SHA1 b224300372feaa97d882ca2552b227c0f2ef4e3e
SHA256 fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1
SHA512 f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\custom.png

MD5 03b17f0b1c067826b0fcc6746cced2cb
SHA1 e07e4434e10df4d6c81b55fceb6eca2281362477
SHA256 fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b
SHA512 67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

memory/3248-150-0x000000001B5F0000-0x000000001B5F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS43024087\Assets\installer_bg.jpg

MD5 3478e24ba1dd52c80a0ff0d43828b6b5
SHA1 b5b13bbf3fb645efb81d3562296599e76a2abac0
SHA256 4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904
SHA512 5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

memory/3248-152-0x00007FFF4BCD3000-0x00007FFF4BCD5000-memory.dmp

memory/3248-153-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp

memory/3248-154-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp

memory/3248-155-0x00007FFF4BCD0000-0x00007FFF4C792000-memory.dmp