hxxp://google[.]com

Resubmissions

24/12/2024, 23:24

241224-3dqewszqfs 8

24/12/2024, 23:07

241224-24c2taznbx 8

Analysis

max time kernel
900s
max time network
900s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
24/12/2024, 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

steam defense_evasion discovery evasion execution persistence phishing privilege_escalation spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 8 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3252	netsh.exe
4632	netsh.exe
8520	netsh.exe
1176	netsh.exe
9120	netsh.exe
8908	netsh.exe
8176	netsh.exe
1204	netsh.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002
A potential corporate email address has been identified in the URL: [email protected]/20241224/auto/storage/goog4_request
phishing
A potential corporate email address has been identified in the URL: cdn@master
phishing
A potential corporate email address has been identified in the URL: swiper@9
phishing

Executes dropped EXE 38 IoCs

pid	Process
1864	BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
812	BlueStacksInstaller.exe
1804	HD-CheckCpu.exe
3584	HD-CheckCpu.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
8728	BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
5456	Bootstrapper.exe
5516	BlueStacksInstaller.exe
5624	7zr.exe
5812	7zr.exe
6288	BlueStacksServicesSetup.exe
10120	HD-ForceGPU.exe
9232	HD-GLCheck.exe
9512	HD-GLCheck.exe
9824	HD-GLCheck.exe
10220	HD-GLCheck.exe
7400	HD-GLCheck.exe
7460	HD-GLCheck.exe
7516	HD-CheckCpu.exe
7556	7zr.exe
7388	BlueStacksServices.exe
7848	BlueStacksServices.exe
4900	BlueStacksServices.exe
8660	BlueStacksServices.exe
3304	7zr.exe
9360	7zr.exe
4576	7zr.exe
8384	HD-GLCheck.exe
8460	HD-GLCheck.exe
1084	HD-GLCheck.exe
8984	HD-CheckCpu.exe
5308	7zr.exe
7104	BlueStacks X.exe
340	BlueStacksWeb.exe
9616	7z.exe
9252	7z.exe
9244	7z.exe
4576	BlueStacksServices.exe

Loads dropped DLL 64 IoCs

pid	Process
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	BlueStacksInstaller.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
218	discord.com
228	discord.com

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\storage.json	BlueStacksServices.exe
File opened for modification	C:\Windows\system32\storage.json	BlueStacksServices.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

discovery

Process Discovery

T1057

pid	Process
8624	tasklist.exe
9076	tasklist.exe
9496	tasklist.exe
6388	tasklist.exe
10124	tasklist.exe
7684	tasklist.exe
6300	tasklist.exe
6060	tasklist.exe
8424	tasklist.exe
7520	tasklist.exe
8964	tasklist.exe
812	tasklist.exe
6720	tasklist.exe
9280	tasklist.exe
6880	tasklist.exe
1356	tasklist.exe
8508	tasklist.exe
6356	tasklist.exe
9752	tasklist.exe
8420	tasklist.exe
8536	tasklist.exe
2812	tasklist.exe
4556	tasklist.exe
5444	tasklist.exe
8120	tasklist.exe
6072	tasklist.exe
5652	tasklist.exe
6420	tasklist.exe
7552	tasklist.exe
3052	tasklist.exe
8088	tasklist.exe
6824	tasklist.exe
5232	tasklist.exe
3052	tasklist.exe
6236	tasklist.exe
5656	tasklist.exe
8236	tasklist.exe
8536	tasklist.exe
8440	tasklist.exe
1620	tasklist.exe
7348	tasklist.exe
5644	tasklist.exe
6156	tasklist.exe
7420	tasklist.exe
9736	tasklist.exe
1244	tasklist.exe
2764	tasklist.exe
6772	tasklist.exe
9664	tasklist.exe
5996	tasklist.exe
5560	tasklist.exe
3448	tasklist.exe
2756	tasklist.exe
8532	tasklist.exe
6488	tasklist.exe
7876	tasklist.exe
9556	tasklist.exe
4040	tasklist.exe
2056	tasklist.exe
9272	tasklist.exe
8348	tasklist.exe
9344	tasklist.exe
9272	tasklist.exe
5388	tasklist.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\BlueStacks_nxt\HD-Hvutl.exe	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\libOpenglRender.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Qt5Compat\GraphicalEffects\private\qmldir	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_output	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarRestore.svg	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\msvcp140_codecvt_ids.dll	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\Qt5Network.dll	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\back.svg	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\settings\Jump.svg	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Gallery\close_hover.svg	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_ps_plugin.dll	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sr.pak	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\vi.pak	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\MyGames\pre_hover.svg	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\wallet\logo.svg	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\BstkTypeLib.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Templates\qmldir	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\playlistformats	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Marketplace_hover.svg	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libstereo_widen_plugin.dll	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_mp4_plugin.dll	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Dialogs\quickimpl\qmldir	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Gallery\pre_enable.svg	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\SideBar\add.svg	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\access\libhttp_plugin.dll	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\Qt6RemoteObjects.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Qt6Multimedia.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\Dialogs\qtquickdialogsplugin.dll	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-BR.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Optional	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\family\malgun.ttf	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-utility-l1-1-0.dll	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\codec\libschroedinger_plugin.dll	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\hr.pak	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\librecord_plugin.dll	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\LICENSE.txt	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Microsoft.Win32.TaskScheduler.dll	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\QtQuick\Shapes\qmldir	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\MyGame.svg	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\access\libtcp_plugin.dll	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_ogg_plugin.dll	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtQuick\qmldir	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\gu.pak	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\lua\liblua_plugin.dll	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\HD-MultiInstanceManager.exe	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\zlib1.dll	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\NOTICE.html	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\CloudMode\Icon_popular.svg	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\www\script\lang.json	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-process-l1-1-0.dll	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\imageformats\qgif.dll	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\dialog\min_hover.svg	BSX-Setup-5.21.631.1001_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\resources\icudtl.dat	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Qt5Compat\GraphicalEffects\private	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Qt6Qml.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\meta_engine	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\nowgg_logo.png	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\discord_game_sdk.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Microsoft.WindowsAPICodePack.Shell.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\aws\aws-cpp-sdk-core.dll	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nb.pak	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\SideBar\left_arrow_hover.svg	BSX-Setup-5.21.631.1001_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\language\en.qm	BSX-Setup-5.21.631.1001_nxt.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5196	sc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 24 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 29 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BSX-Setup-5.21.631.1001_nxt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksServicesSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksWeb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacks X.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacksInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacksInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacks X.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacks X.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	BlueStacks X.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacks X.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133795562808714502"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	BlueStacks X.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	BlueStacks X.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	BSX-Setup-5.21.631.1001_nxt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	BlueStacks X.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler"	BSX-Setup-5.21.631.1001_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon	BSX-Setup-5.21.631.1001_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	BlueStacks X.exe
Key created	\Registry\User\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\NotificationData	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	BlueStacks X.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\	BSX-Setup-5.21.631.1001_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open	BSX-Setup-5.21.631.1001_nxt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command	BSX-Setup-5.21.631.1001_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	BlueStacks X.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\""	BSX-Setup-5.21.631.1001_nxt.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	BlueStacks X.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	BlueStacks X.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\bstsrvs\shell	BlueStacksServices.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4248760313-3670024077-2384670640-1000\{BE5F69E0-C1DB-4938-AA07-0A4C79DD575F}	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	BlueStacks X.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX	BSX-Setup-5.21.631.1001_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\bstsrvs\shell\open	BlueStacksServices.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	BlueStacks X.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	BlueStacks X.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0"	BSX-Setup-5.21.631.1001_nxt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	BlueStacks X.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	BlueStacks X.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	BlueStacks X.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\	BSX-Setup-5.21.631.1001_nxt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	BlueStacks X.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\SystemCertificates\CA\Certificates\9E99A48A9960B14926BB7F3B02E22DA2B0AB7280\Blob = 0300000001000000140000009e99a48a9960b14926bb7f3b02e22da2b0ab72801400000001000000140000009c5f00dfaa01d7302b3888a2b86d4a9cf2119183040000000100000010000000c6150925cfea5941ddc7ff2a0a5066920f00000001000000200000008408d5e5010ab8da67eb33a7d79ace944dd0ac103ae6ead3ff30dec571066b0319000000010000001000000014d4b19434670e6dc091d154abb20edc5c000000010000000400000000080000180000000100000010000000fd960962ac6938e0d4b0769aa1a64e265900000001000000160000005200530041002f0053004800410032003500360000004b0000000100000044000000420036003600320034003000420030004600360043003800340042004400340038003500370041004200410036003000430046003500430045003400410030005f000000200000000100000079040000308204753082035da003020102020900a70e4a4c3482b77f300d06092a864886f70d01010b05003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3039303930323030303030305a170d3334303632383137333931365a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a381f03081ed300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183301f0603551d23041830168014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7304f06082b0601050507010104433041301c06082b060105050730018610687474703a2f2f6f2e7373322e75732f302106082b060105050730028615687474703a2f2f782e7373322e75732f782e63657230260603551d1f041f301d301ba019a0178615687474703a2f2f732e7373322e75732f722e63726c30110603551d20040a300830060604551d2000300d06092a864886f70d01010b05000382010100231de38a57ca7de917794cf11e55fdcc536e3e470fdfc655f2b20436ed801f53c45d34286bbec755fc67eacb3f7f90b233cd1b58108202f8f82ff51360d405cef18108c1dda775974f18b96ddef7939108ba7e402cedc1eabb769e3306771d0d087f53dd1b64ab8227f169d54d5eaef4a1c375a758442df23c7098acba69b695777f0f315e2cfca0873a4769f0795ff41454a4955e1178126027ce9fc277ff2353775dbaffea59e7dbcfaf9296ef249a35107a9c91c60e7d99f63f19dff57254e115a907597b83bf522e468cb20064761c48d3d879e86e56ccae2c0390d7193899e4ca09195bff0796b0a87f3449df56a9f7b05fed33ed8c47b730035df4038c	BlueStacks X.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacks X.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	BlueStacks X.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\SystemCertificates\CA\Certificates\9E99A48A9960B14926BB7F3B02E22DA2B0AB7280	BlueStacks X.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Wobbly Life_1.0_apkcombo.com.xapk:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
7104	BlueStacks X.exe

Suspicious behavior: EnumeratesProcesses 55 IoCs

pid	Process
796	chrome.exe
796	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
812	BlueStacksInstaller.exe
812	BlueStacksInstaller.exe
812	BlueStacksInstaller.exe
812	BlueStacksInstaller.exe
812	BlueStacksInstaller.exe
812	BlueStacksInstaller.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
3780	BSX-Setup-5.21.631.1001_nxt.exe
5456	Bootstrapper.exe
5456	Bootstrapper.exe
5456	Bootstrapper.exe
5456	Bootstrapper.exe
5456	Bootstrapper.exe
5456	Bootstrapper.exe
5456	Bootstrapper.exe
5456	Bootstrapper.exe
5516	BlueStacksInstaller.exe
5516	BlueStacksInstaller.exe
6288	BlueStacksServicesSetup.exe
6288	BlueStacksServicesSetup.exe
6436	tasklist.exe
6436	tasklist.exe
5516	BlueStacksInstaller.exe
5516	BlueStacksInstaller.exe
5516	BlueStacksInstaller.exe
5516	BlueStacksInstaller.exe
5516	BlueStacksInstaller.exe
5516	BlueStacksInstaller.exe
7180	msedge.exe
7180	msedge.exe
7132	msedge.exe
7132	msedge.exe
340	BlueStacksWeb.exe
2672	msedge.exe
2672	msedge.exe
8184	identity_helper.exe
8184	identity_helper.exe
6396	msedge.exe
6396	msedge.exe
4576	BlueStacksServices.exe
4576	BlueStacksServices.exe
7424	msedge.exe
7424	msedge.exe
7424	msedge.exe
7424	msedge.exe
7104	BlueStacks X.exe
7104	BlueStacks X.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
7104	BlueStacks X.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
696	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe
Token: SeShutdownPrivilege	796	chrome.exe
Token: SeCreatePagefilePrivilege	796	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe
7132	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
7400	HD-GLCheck.exe
8460	HD-GLCheck.exe
7104	BlueStacks X.exe
7104	BlueStacks X.exe
7104	BlueStacks X.exe
7104	BlueStacks X.exe
7104	BlueStacks X.exe
7104	BlueStacks X.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 796 wrote to memory of 920	796	chrome.exe	77
PID 796 wrote to memory of 920	796	chrome.exe	77
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3084	796	chrome.exe	78
PID 796 wrote to memory of 3620	796	chrome.exe	79
PID 796 wrote to memory of 3620	796	chrome.exe	79
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80
PID 796 wrote to memory of 2188	796	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xe0,0xe4,0xa0,0xa4,0x108,0x7ffe5203cc40,0x7ffe5203cc4c,0x7ffe5203cc58
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2164 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3012,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3756,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4600,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4968,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4904,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4380,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=220 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5180,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4884,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4388 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5496,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=1040,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5716,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6016,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=736,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5752,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5740,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5964,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6120,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5488,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5540,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5196,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3016,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6572,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6764,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,552490145252106506,2033965325415915584,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  - NTFS ADS
  PID:852
- C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
  "C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1864
- - C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\BlueStacksInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\BlueStacksInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Suspicious behavior: EnumeratesProcesses
    PID:812
  - - C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\HD-CheckCpu.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\HD-CheckCpu.exe" --cmd checkHypervEnabled
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\HD-CheckCpu.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\HD-CheckCpu.exe" --cmd checkSSE4
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3584
  - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.631.1001_nxt.exe
      "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.631.1001_nxt.exe" -s
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:3780
    - - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8056
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c green.bat
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8120
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="BlueStacksWeb"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:8176
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="Cloud Game"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:1204
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:3252
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
      "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -versionMachineID=4f00e603-b13b-4e2d-9429-9b7161469525 -machineID=b283cc9d-f8b6-4e53-b2bd-b3fcbb49c044 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.631.1001 -country=GB -isWalletFeatureEnabled -discordUrl=https://discord.gg/UnXV7taVs4
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\7zS812187CF\Bootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\Bootstrapper.exe" -versionMachineID=4f00e603-b13b-4e2d-9429-9b7161469525 -machineID=b283cc9d-f8b6-4e53-b2bd-b3fcbb49c044 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.631.1001 -country=GB -isWalletFeatureEnabled -discordUrl=https://discord.gg/UnXV7taVs4
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\7zS812187CF\BlueStacksInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\BlueStacksInstaller.exe" -versionMachineID="4f00e603-b13b-4e2d-9429-9b7161469525" -machineID="b283cc9d-f8b6-4e53-b2bd-b3fcbb49c044" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bsx" -bsxVersion="10.41.631.1001" -country="GB" -isWalletFeatureEnabled -discordUrl="https://discord.gg/UnXV7taVs4" -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -md5=d72b26d2c48e67981df33e5b8971e128 -app64=
        6⤵
        Executes dropped EXE
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS812187CF\" -aoa
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS812187CF\" -aoa
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-ForceGPU.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"
        7⤵
        Executes dropped EXE
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe" 1 2
        7⤵
        Executes dropped EXE
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe" 4 2
        7⤵
        Executes dropped EXE
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe" 2 2
        7⤵
        Executes dropped EXE
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe" 1 1
        7⤵
        Executes dropped EXE
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe" 4 1
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe" 2 1
        7⤵
        Executes dropped EXE
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-CheckCpu.exe" --cmd checkSSE4
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        7⤵
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        7⤵
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe" x "C:\ProgramData\Pie64_5.21.631.1001.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\\HD-GLCheck.exe" 2
        7⤵
        Executes dropped EXE
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\\HD-GLCheck.exe" 3
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\\HD-GLCheck.exe" 1
        7⤵
        Executes dropped EXE
        
        PID:1084
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:8520
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:1176
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:9120
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\HD-CheckCpu.exe" --cmd checkSSE3
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:8984
        
        C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"
        7⤵
        
        PID:9180
        
        C:\Windows\system32\sc.exe
        
        sc.exe delete BlueStacksDrv_nxt
        8⤵
        Launches sc.exe
        
        PID:5196
        
        C:\Windows\SYSTEM32\reg.exe
        
        "reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\srtxsrh4.tqs\RegHKLM.txt"
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS812187CF\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\srtxsrh4.tqs\*"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/UnXV7taVs4
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:7132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffe367e3cb8,0x7ffe367e3cc8,0x7ffe367e3cd8
        5⤵
        
        PID:7096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
        5⤵
        
        PID:4088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:7180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
        5⤵
        
        PID:1608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
        5⤵
        
        PID:988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
        5⤵
        
        PID:4896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
        5⤵
        
        PID:7428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4880 /prefetch:8
        5⤵
        
        PID:8164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4872 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:8184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
        5⤵
        
        PID:7272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
        5⤵
        
        PID:7308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
        5⤵
        
        PID:4896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
        5⤵
        
        PID:9504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8410718454766997732,15599851899525896208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3040 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:7424

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F4
1⤵
PID:4912

C:\ProgramData\BlueStacksServicesSetup.exe
"C:\ProgramData\BlueStacksServicesSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:6288
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6392
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:6436
- - C:\Windows\SysWOW64\find.exe
    find "BlueStacksServices.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6444

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
PID:7388
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1712,i,9367282792106959079,3239427887327721486,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:7848
- C:\Windows\system32\cscript.exe
  cscript.exe
  2⤵
  PID:7940
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1968 --field-trial-handle=1712,i,9367282792106959079,3239427887327721486,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:8088
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:5160
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:5156
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:5032
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:8524
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2576 --field-trial-handle=1712,i,9367282792106959079,3239427887327721486,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:8660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6344
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6372
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6676
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:6384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6808
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6772
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:6728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6296
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5820
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7368
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9788
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3004
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8056
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8240
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:2796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2332
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8816
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5464
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5700
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5868
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5912
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5400
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6140
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6244
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6424
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6348
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6656
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2652
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9668
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4540
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3248
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5724
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6212
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4968
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6804
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1660
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3108
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4652
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:10140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10172
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2796
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1796
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9128
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:416
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5188
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5364
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5692
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:936
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9120
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6156
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6220
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8984
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6420
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1712,i,9367282792106959079,3239427887327721486,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3128
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6860
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5392
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9944
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9820
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9332
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10028
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9936
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7840
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3968
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3104
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1228
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1528
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9092
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8852
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5348
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2868
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9428
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7688
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6748
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6180
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6104
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6040
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6420
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6380
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6892
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6352
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6820
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6936
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5404
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1628
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3256
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9784
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9592
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:804
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7112
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7548
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4272
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1440
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8260
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8272
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8616
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9200
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5220
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1188
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1820
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7872
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5572
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7784
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6008
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8692
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6436
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5876
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:408
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6388
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9360
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10116
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5476
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6940
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5396
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:220
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:1356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9304
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9732
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9640
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2808
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9596
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10132
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8036
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4572
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3268
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1440
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8208
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:1544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3320
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5144
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9020
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5184
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7012
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5920
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7880
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5276
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7780
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7504
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6220
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5800
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6584
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6720
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6388
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6824
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5136
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8176
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4000
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5040
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1356
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6408
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9140
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9732
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7312
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7416
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9644
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4908
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3024
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5624
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3224
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8724
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6308
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5180
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5220
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5920
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5772
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7776
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8144
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6044
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5472
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6576
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5796
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6608
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6916
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6896
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6624
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:10116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5392
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2120
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7164
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9736
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9748
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9884
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7328
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4624
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6360
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10224
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7884
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6316
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8284
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8280
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6496
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:1620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8404
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5316
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9004
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9204
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5708
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8472
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7336
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8376
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8388
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6000
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9556
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8524
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6572
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:964
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6908
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9668
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2104
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1476
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5440
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:1244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7556
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1196
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10236
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3108
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4936
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:480
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:2760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9348
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8488
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2956
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7436
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7112
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7308
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8856
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9700
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6496
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8404
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5784
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9032
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7916
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5268
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9440
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3500
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7804
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2028
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6168
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5904
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8792
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5196
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8520
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7084
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6464
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8628
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9368
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:496
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:10116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5148
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6768
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1880
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8068
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7608
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1928
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:10220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8432
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4800
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4912
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:10128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10080
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1020
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10172
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:2344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2312
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8136
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8120

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe
"C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe" BlueStacksX:{}
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7104
- C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe
  BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:340
- C:\Program Files (x86)\BlueStacks X\7z.exe
  "C:\Program Files (x86)\BlueStacks X\7z.exe" l "C:/Users/Admin/Downloads/Wobbly Life_1.0_apkcombo.com.xapk"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:9616
- C:\Program Files (x86)\BlueStacks X\7z.exe
  "C:\Program Files (x86)\BlueStacks X\7z.exe" x "C:/Users/Admin/Downloads/Wobbly Life_1.0_apkcombo.com.xapk" com.wobbly.life.ragdoll.game.adventure.apk "-oC:/Users/Admin/AppData/Local/BlueStacks X/cache/ApkParser"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:9252
- C:\Program Files (x86)\BlueStacks X\7z.exe
  "C:\Program Files (x86)\BlueStacks X\7z.exe" x "C:/Users/Admin/AppData/Local/BlueStacks X/cache/ApkParser/com.wobbly.life.ragdoll.game.adventure.apk" AndroidManifest.xml "-oC:/Users/Admin/AppData/Local/BlueStacks X/cache/ApkParser"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:9244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Program Files\BlueStacks_nxt\7zr.exe

Filesize
812KB

MD5
fbaba140f30a11e5ff4f97d921de6d45

SHA1
d12360b79d9fe7ddc5380a22539dc7d4768ff5f3

SHA256
4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16

SHA512
cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\powered_by_bs.png

Filesize
9KB

MD5
7a2e5c21140aa8269c2aafd207f5dbaa

SHA1
4e0d9e7e1b09e67eba10100d73dc51623517821e

SHA256
3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35

SHA512
63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

Filesize
392B

MD5
ca0a329097316832e4a6ea5d870c9268

SHA1
4a36b93361d3dc9df9b00313f2c2b394be9e1e72

SHA256
4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2

SHA512
51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

Download Submit
C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

Filesize
169KB

MD5
8f59afac033703de09be078a15d11659

SHA1
d3e5a2ee25862c7c958d2515ebc60df61f6f0885

SHA256
a739911ec876a1e767772447fd6cec3c2b6ec73472f79c490ed724b5aae91d1a

SHA512
ce7e02a4f419cca97f5e3e4f6d306d5d24e7ce5f6697ac33ff2624e9151f156ac7dae4dfe5b85a03386265fe9ab844bd85e0d321693a83473563ed54dcaa2c23

Download Submit
C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

Filesize
223KB

MD5
e18ab6802022f2fd66114532560a91a1

SHA1
f253d844d0453b75b58954a50f33d8990cbb0bdd

SHA256
fb94fd4bd33dadc58ca7519459d20eecb50cf8d09e23fa1b6bbcc7351feaefb0

SHA512
589b3ade220600dddeb8fbc6e3f8cf043566bde31359246f89c43591e2fa0c454bc9f5f040b3ffb9a1790568b42b4f9d1dd860ba85b9e86c6fae9f75459192b4

Download Submit
C:\Program Files\BlueStacks_nxt\ProductLogo.ico

Filesize
131KB

MD5
169706218f98a42594a8c5c5a65771fe

SHA1
b8ded94180212578d86a031eb71ef93dcffe1a26

SHA256
3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697

SHA512
1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

Filesize
447B

MD5
b09525b48c0023f893d6b64d06add4b1

SHA1
10ecd439ea04e02eefe17f6c110d0c0a78a1db21

SHA256
caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e

SHA512
c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

Filesize
577B

MD5
47ff3e4cc15b8c4a07e3ceb6cb619b62

SHA1
0318e54c613b8ff00f54d843e90ef88310c1a96f

SHA256
4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a

SHA512
0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

Filesize
480B

MD5
22efccf38e15df945962ac85ac3aa3b7

SHA1
b94a8615dc92982e1637680446896080f97c2564

SHA256
0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92

SHA512
41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-EG.txt

Filesize
26KB

MD5
f94aad1ef649915c94911fd4ef73a278

SHA1
c5717223aa019f7bde75d286849f5bbf9bf1c6fa

SHA256
6765eb21f32dd5debf80204d98638949b2e2c95c544067c7a04ecc63237ec92b

SHA512
76e05c320a31958be01db5a0aec84119e60b9721f65600074becb2841189394bcf3bcd1e3ee970859d289af9803c7f0287eae986d729d7b5fd878891a5a242eb

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-IL.txt

Filesize
14KB

MD5
9fb07e066cc2f213a64d35a97a8c2922

SHA1
a70db989f5c562bc69caad89a1402c8ad7c9b80e

SHA256
65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90

SHA512
81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.de-DE.txt

Filesize
23KB

MD5
15f99d6f59a5ee8009f9a1b5113eefba

SHA1
ea9559b6f5f15e2f2c648ed8192ef4ddcb56e8b0

SHA256
93e7861a59b21217265b09b152e5f84b053e158d26f224aa0d8ac00250766a4b

SHA512
1c477e92d1503b153bbf11af8ec1408e193abd623ddb8928e6bf08914ba725306b1d647d68d7ede8dd17f97a029670e7038343e35aaa46608d01cda0d0906e55

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.es-ES.txt

Filesize
22KB

MD5
f61279cc647f9fb627f5e74a1746994a

SHA1
932e13e954957413574c2e4a604626d89e2c137b

SHA256
a31030330c978e2188f74175f4a5021cf994f3604b38cc81f49b0dc1facde50f

SHA512
dfa906c5d06e14cdbb74ca728ce37c681c89b1dc728dde0c6c466fa9de507fe5037ff9937f226f995a17abd36573262979d21bce35d2864e97d40a931ee0e46c

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.fr-FR.txt

Filesize
23KB

MD5
d0b63612c807ee912bdbbbad9304c5e2

SHA1
69419e5a7104504edb1213ad95b2da961426b680

SHA256
2d3c7178f115bc37fd04ddca1f1b926bd54dfad19bd6dce9f12c0937c44661a5

SHA512
033a86746e52c4fdd820b26c6c9c84924bbee1135d7808c044c229492c8f3553cc482d15e57821215212ec4c57f4828e2e247d6d371bbadffc0222561ce6e6d6

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.id-ID.txt

Filesize
21KB

MD5
1b2d39e29fefc4df00a167254466f0dd

SHA1
44b3ca674da285691426ad1291e4ed5c28afe56d

SHA256
69c555fa2b4afb92278c2ce1f30f1501435aa6b9bace15784c922f2c60a8dc1f

SHA512
793b11030bd59ed16b2712b094d2672b1657e257a285bab21f77c9e94e36891b84698c8da118ec6ae2a214a42ba21503c3bd372e8ba64c84f40129ff07c566d2

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.it-IT.txt

Filesize
22KB

MD5
cd053ab0d29806f0b8a27114d6788775

SHA1
035a086aba62172a2f39c7d8e3c9295c87dac1c3

SHA256
da169d8aa5aa1c5c8741908ce116d10e0feeae23b79e2ff3832395092b7454d1

SHA512
5415aafa3bd91d34e3aa333d56045ccdabaf95c428e204e1933eccb7b38a5f7e8ef94d770f6b8843d8fcb4ca2b8f45ccf71dba45afbbb854a5e08ef57169f0ed

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ja-JP.txt

Filesize
26KB

MD5
3d84b963e7675744a906a415c413c8e2

SHA1
80388e44a9cfa9124641d0093c1ecb0986e9d1b6

SHA256
fff8ee40f8b1d60645094148d9dc41790fb592486b8c4e20d63421eae011fcd6

SHA512
e3f2fa44cdfc5078fca981f2a16b6823472bd71de519e2a52ef57e52b2148f800156a5f55b7ac6ba4dfa48648f7b363d07bc9ef835c2b8136b1c129d683e0caa

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ko-KR.txt

Filesize
23KB

MD5
5caeb9db0d03e1f6fa01e01df4a78a00

SHA1
178cb64b3f64aee1a3880db2511448aa75a134a7

SHA256
c9d812a673c7e058b2bdcc34e83f4b6c0f8d20c7aae4d9d97abbf9c7e91319ac

SHA512
daa3033f0fd0f84b48198a12d907623c4d696d11515c89abd4366790a287e1c1db6b0678bfc5fa65add38dbcff5e8e1862afe59744c56b72909f79378a92c1f0

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pl-PL.txt

Filesize
22KB

MD5
20cffe4dbb2970ad90fab1720acb1349

SHA1
c0791119cbe76c792b4c611f8aac042c5ead1a82

SHA256
18c5c8256d7d4ff9816d78375752e31a2a6a898e06c2b8eea92077200d4539e1

SHA512
a3605c0c0a1056ed481d5e4ee8a18e540acccae9d95bf0a6d4f006dc484a613efa876d84c924964e828dd5f465072561b4b0d4f115135e88dec0be1873d443dc

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pt-BR.txt

Filesize
22KB

MD5
beb200eddc7299488ac2368804986614

SHA1
77836cafeb8e9faa9cba8dbfdeb682e0225560d7

SHA256
86b88b962d78994bb4134dafa80fd4cc43049e6a6fc9cb57a0e0ffbbf290d332

SHA512
05c759185492f7ab8d944fa1efacc799795d5b1c608148507c124a3f3eb27df232b7633d7d056c82a4cc22d95c05cd93a887d310fc5906a7699987a7daa0b576

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ru-RU.txt

Filesize
30KB

MD5
e4670f618639fc086cad3b3c0f51285c

SHA1
3b478096e3d2189bcf6d263289595e04815dffcc

SHA256
84e2ecbdd2dcd30d39a219dafd6b22eb9fb79b5aa338df65a8a7d694f58731a8

SHA512
850cf57430aabd08f2005793d26e2b690e1c1e1da057cf91220f34075ab2df3f457154b38cc05665bada2634aa628f9bda3778eb14ba4ea71389ab4ef05cf16f

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.th-TH.txt

Filesize
36KB

MD5
43d5689ac68c2a26eee354ef7246c25c

SHA1
54fac4b96fb68283a48d4597bfcb1282003740dd

SHA256
73ec8db9446328516edf206dbe80ac94c98d7bb6ad08150b829ae4253053e95d

SHA512
e47f94be47d6f2feb5088ff563912c8565ee436c9b00bef2613a86fb1195ecd0d70c65767701cfa11e86f96b563fda6e8bff415a2497b1f7cbad4badd184d40f

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.tr-TR.txt

Filesize
22KB

MD5
edebf6fbba4068dbc1b3f0fc82ca405c

SHA1
569281a79e0a2b5dd7361175bad14f2a6e4206a4

SHA256
69188d8bc65d489393049d151dcf583d507011d2aee1928c1b0261a25d020053

SHA512
74d5dbfdb8c7ee1367d2088d3a72bc982e719c21a9421579075c558734afcfd5fbf793e8a32ef2e73cd380a9051b94fd9088faf2217336047fec667ecb7f2eb0

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.vi-VN.txt

Filesize
24KB

MD5
4f30ac54fab83177d018834203d6e5a4

SHA1
6ec365760f0cde1e57a78c98f726fbc7a52350f1

SHA256
1b2d0bc80444738576731e6c0f72c3333fa214fde7a8e000a407c448c4627333

SHA512
d0a4cd7122eb15e0ff014646587bc536b175f2529b22c2c345e49733616c6c85a2133a203824fa5310b88feedd364f5647c8c5e572c556188a127698ec314a72

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-CN.txt

Filesize
19KB

MD5
210c658ba61b87314244e01bce6a08e0

SHA1
c8db558249a6b6fb349d68d815ee0dfa9d447150

SHA256
bdc0eaf1e104fc2ca8bcb01fd0ef8ee5a15466e1aa5ac05beb83320cfaa2aab9

SHA512
1a09420450aed845a4cf7e3bff1379fcd5b5215da0338076d5c83e95a0bd51061a137999b1bf6edb2132130f95fe28eb90e78d61d630cd2f0039d179e1cd1743

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-TW.txt

Filesize
19KB

MD5
b66d1964e43dc45e0786f5f1e4d49957

SHA1
28ac33fb7de85638be560f753596452b16a476e8

SHA256
0b674687e1d184ba495feb84b5c95399a6f55f781b5e6ae3a8d8c993cb8b8886

SHA512
a45da4cfd150fbd336357a166bf4ffb1994e97bccd0fe2d04fa994fd7bee3267e51700b94e3b3cba434e6dba925df9c7a5c28f06c6405ad36060bf320cede4a4

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

Filesize
4KB

MD5
33b86df3374994f4a97fe904b6bffe02

SHA1
8ea6fa096b467fc3d86de577d0ac52f892fcb3d4

SHA256
0fa70fab22570e85b71b5a0a81c38c8abf072c5a129012096adc10f2e45d8231

SHA512
ba917a56d479ed160c2c30b0a7c20687fdc65c955ac89da9c03e550f109ca34fdb41f44054aae7343dd8d1d945be6f084b8c28e36bbe059d329574a41645246f

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State

Filesize
412B

MD5
0184f5fc30de40741a49af806e7f8662

SHA1
92ec053b33584477f4bae1286f4e7a74cc360583

SHA256
15c8ef98f31330401bf8811c895326a2797cf8246b2773f55cbf714d64cd2f6f

SHA512
66d6c1b9a60ac8538df35ea016668283a211f95d62fef3b09354f30ebd3b89e42b398871a0acb87249aa5215614d2c8741a0189e89017314d25e822d2a5005ac

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2f4e2bf7-2ab1-4cbd-a53e-4ee3b646f6cd.tmp

Filesize
11KB

MD5
0f4ad4846cb20851d9a8fe1757e88805

SHA1
e1cd79ad92c9deff4ff950edf7512eef51087278

SHA256
7239e0459adf99abb73d63ef2296ecc1d6a04f48a5a0b0f27d200a95f72065bd

SHA512
49d311dbd7e4f28c5cb0f2886d804ebb06e2f9965dccb08fb1eed076b73a946263f893440c7cc1bb37b2c5042258fd6ab1fd4c7674382cd600468105debd6cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\69f2da5c-3da6-42e8-896d-4b70df480ea1.tmp

Filesize
11KB

MD5
d7d6c2138627b433e06f1e613ebcf965

SHA1
9d48f16ff3505ae9850f1a0647c1da034f2410b0

SHA256
38ababbdace940dbc2fedda6bfcf7638198d47bceb4f9400d88baed7d142735d

SHA512
5f9b79c85f3427f20b048af3266b7543126e6a4b4e8932a3453c8a820c18954f082171a8463ee799ae05cc9dee65839c59e7697c496027c59bda3f8cfd9a970f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e25c2dd1b9e399b2a332ab95cbd941a4

SHA1
eeea47e673d1e912b42c97fcc56a518c66f87009

SHA256
daf2b2eea5f9d9d624e44fd8e98fad1adf4adff867c86c40aa4685d60b786d94

SHA512
5ebb8b28fb45332b40ab618c3df71e52e8608409be09f7b259f3517e89dc0f57dc4d25dd233f2710b4f1b5493c00048a3554fa8793cfa8bc0c00f699e0df1fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
918KB

MD5
8fd2764c05140f91a7a9545176eefe58

SHA1
a71ad57cee9030b1b9de662ff8a67545cd7cae89

SHA256
1a9c7d9f94b25fbb40b2026a36a3b9744968dcb6c5bca0cde833f02a7a92283b

SHA512
c08a54ded75ff5f4468758031239c470375ae0d977360d3fe1f3193c4f0c297ab37e3774c247b367d9943a476f7f25b84dd0c14c7710e3268a7dcbe7a548063f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
31KB

MD5
97dab2378edefdc73cb9240dd4ec53da

SHA1
fe589d7fac089b5cab6756f8c4d55981e8c7943a

SHA256
1f82b75c91d6ffaf206f12e6ab0c07f5604db7f3b846a0e75495040876112560

SHA512
1cd1c6d86a9452a4e3cc6257ef3e55700ab804d2f3dcdcbd7692537fe8209a646ec3cfd4b30af2c03d799638cd1ade4fb9a71abcc3e003fc7932504330d28f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
57KB

MD5
e648bb776bf87feae3764d4f92a43d19

SHA1
895b4d39c31e26dd548f48915d2fa2380f8c1dcb

SHA256
e7355ac87ee441432fc75506a8c04ac93948fe4b93148729a2a0e8d9c9592e5a

SHA512
85a194fb9ea459c3aaf1f37fc5d109957664cc38d60666fd8ee8a0441ed6d802037b5005454cea5be7899be59facb92c494125b50517741ffeda4c3d503d75db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
68KB

MD5
86497e1bc05133e7ba8bc7a3c872036b

SHA1
01edc3cb109a756cbdc7ad236d616d8bd4e6de69

SHA256
65c688c1827e235a2596dbe46292704cc29cbdaa36b72e709fc925385cc8a877

SHA512
58a96f3763675dc5f2ae4c8722f07a348a922095ad8d5f4b3ea83a63032dee96e6b8f21146ab3d8020bb5f56214955cf0c26c9e070d859c8905e5a16703ef641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
29KB

MD5
4621f68bfb231fe6e18ed010ed94d63e

SHA1
a51fc7beff89f1ea6cbed9b8537996e9b95ba8e3

SHA256
000d54599a77be1036a527c8caa5b31d772029c588373d7e6fb20c4a874954ef

SHA512
f092de6b71913dee2a7033d11ff00e9a5771ad7b19cb44ee0041965366ee0cbec875c24693ce980bc932a73d9d63bfdca7bb9eab90db95772ae7460ca518da6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
17KB

MD5
aec72c799d898c98d0377a4b5094bbfa

SHA1
d1d3426bc7a52e591bc3b6f0e804bdc07973a558

SHA256
ada956d52b9417bb01796abd0fac55a338122c2667e4ee4c9a6f8e7684c94e7c

SHA512
d2e3f3220dcf653e625687313a1370a0b5eed10f489c2d1e758e8ff88716c4536801f3043c9de3160ff6f57577c1e93db1e0f291343f0e8db283c4990c036a4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
103KB

MD5
97bdeb6967cc004a4828e7ba4b924785

SHA1
056c8c3a3bad18cf65be6f2cdfac73f2f28a3168

SHA256
28a0e322dbcb1d87487e63f1ce20dbeca8b16b55a2abef0f7f417d9811df59b3

SHA512
cbf6dc31dbb9174538b8aaf87de6bb8f3a93f624ae3f4341db57b7e5c594ac941b833d59dbfc25ad1b8394178e75a8aada704c775b76533ec3becd36875ea1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
102KB

MD5
85d4b443a0ba2650c265a8ef0e388a6d

SHA1
6af3fcb455b47c4378f71c513d32596b0b3200c2

SHA256
d631eef0807c4403eb9ecbd8f756a35dad1b80a0e8e8f0d97df74dd1ef7acbae

SHA512
53145a37d621d8a622a3b9cd074ffdf3b5e5ab07cb0178fd98a9a2799994d2427349d3772d35e9435db70b13160e8f644de322563af55846e552bceccca15c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

Filesize
20KB

MD5
7b2d19e1234d3023b0e7693e298f5bf7

SHA1
c2ff5bcd56b71f54076ea5142f8ed920769922a5

SHA256
d2a5eedacc0958fa13767382a2e4d5dadaa57744a2381f77a745c930d3c283bb

SHA512
29395da6a51d1c3921b1441ecd8595871cd1404d1abe01fd3880097def2fd2fb2f1aa7a4d9da1483545965e8ccd6b73dba56c542214061b3b5ad107f7b7051ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
25KB

MD5
f4a13e421fa0a0d15209f76088f9d0f6

SHA1
3ba0cc50de59290dc90832804c559a6263ae0f5f

SHA256
727b3754a32ccceb080f3be31bba192d71a41152a5d35482738e1a2f84fbaba4

SHA512
2f64d1352fe57df55ad9c03ece73a28aac34caaab269286e3c7b2298f110e2cf16fe23e29ca9c34c6caafc5b5441560e4a705a66e0294879ec91381fde45dde2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
27KB

MD5
04484b3b8261c0f72a8c51101fb02fe3

SHA1
a03a0d363eb05ce9a047159fb115eb8813c9119d

SHA256
b9fec64b7b970d18a981b3cd23b68fccbae65b74b62a36fb4a515bb212059ab9

SHA512
c7324f88d8510c8a9f8550c51e20ddd700dbaee121ea183b4c51445445eca325e71e1402e22aaea94a5c9e32446a58469f5f1497d8476093cdbd2265a51fbd69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
33KB

MD5
f1f3a6e98e65cc82d334290edfebfcfc

SHA1
0f47c3034efd732140cd77ca0807ae954c68f0bc

SHA256
7fa9eae4f6cb18210cb946017e554b0ae2e58b3e319ef0f5b952ac36058a4e3b

SHA512
99eacc71fc8d17673cd5135ca4c75f303a23c928bdbdfc865181c17455450cf50f45b9e70c7611507e0d59ca728f1e4f08c658b7df98201b6a160676ba3e556b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
20KB

MD5
82eab18fc126f1b48f12b182669b80ac

SHA1
a912b6d55e3cb5fb410501b67537db302a17066d

SHA256
452717145eb7b11435dcf394bb62230f4795b402ca78b79f71b47212f742d445

SHA512
f0d0420291754782af8bc1acdf4e58d19bbc043a2d2a058d2f6f8ddf11946e81b1cc1f4322aa10530f9a14dcbb453c4f9373f3915fbee75d2681d69dd487f00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
662ce197a9ed26860a66ee87f648c62a

SHA1
1d952d8e78c4664c0de63c4aad7bd8b4932bb77a

SHA256
363677659b356ad43e2a277e28fef4031bfa0182d6effe6a98bedf487b9972a9

SHA512
76f77d5f4ca37c8ee7852c43309262084fd0655a10eb42c44f3497c2c82c919e91cac5c84f23ecfbb844fb415f0272228d56f2325e3bb53b9e6008cdb687d9f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
335908aa9b337581ef10b116bf96cd95

SHA1
e65f9ec16fa65341f2ffc7d8bd9822762e7586c2

SHA256
00941490ff0869b6a2ebce208ab40dc3e192a2f90ceae93124380ead9f7f2996

SHA512
1ae7f4ab8894bfcb077c454f5b5f53be45f906fed04e412aec317b16591222f95c735e61e2fb10d5e58f8b078ef8195646b5dad437b97e79b2b02b5091080f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
1154afe2528655de96e9b278f1f0e30b

SHA1
29d21f32d7a083be9efed95c64e466aed4a7faa0

SHA256
2cf79880cb8cda41946792b04f549904d01a207c06fdb8f97373c98f0fec7ff1

SHA512
0a9ec3cfb5e35673c5c084b61c56c5e7c9140a3d5502592d9013de457099bf55f4f42e3175c28393e8c2098b010aa16177bd436b7f494ee862b1163a0c383796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
28f45cc2e3cccc8beac67ccb2c7622a6

SHA1
8e7a14c5d8a000a21e1beb5f2408c73be7ff57f7

SHA256
1d31275e5a265a236cab062e75971c58b1a9bab801841758a0b0ef798108d7a9

SHA512
9c98c8c4876da8d9ae94f7de566363960f3f83f6eb99f3fb0e58b914a285154da8b40734023cd9741a2ede274a7831df5aa12896ab13764838fcf2038a479732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
fafdefa959398e2b3901b22dfc7b3192

SHA1
0cd645b869fa3e2eb544097e0c73a457dc5e8ec5

SHA256
cca991d560a71c7eceb2f4136d4092737b26e95b5e85e5b327ad03410fc46c51

SHA512
04cedbe5c94efd9da2facc6b952389472338f9c1e2bc2fa688d3bc219a9d813220353122de4a4e91c3a7a73813ffb7e7d0263c1dd26373a978bda175253b8358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e598130f0fce51e17d825e42cbcf7d81

SHA1
6f7cd3c2c685c3d99de8bbc102ec10ba634193b7

SHA256
f7d7a641778cba07f99c40068dabe50ea58663b4aa2f5d9062af88c925383713

SHA512
43819407d296bb3d757de084bb161d93b4128781096a670661502e62ae13c4aae31552eab1e3ff9f030ef64dfe67593ceb6a0bb48a8f487f7774e5e57557162d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
712617a0aee6ba1b4056a294b00ce721

SHA1
7b42c1b8843709d6d743e4557bfd99692d7b5a88

SHA256
e977696e67bd05b3a132d1b921f9a0bd599dd62f8a2378e96ed98a0d06623748

SHA512
e5fc96a7ec40f6857b3bc437bae054a65265dd5185a118a4ffa3c5eebd8e6c120d3c1e86d4f2bab6b279c08a008e1c0fa67616cc134d082d6cea9820acf2d9ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d4b0b1a0cdb0434f5b23513f5edc1abb

SHA1
65a5d5e44498e0a3e2e21822171fdfeac4d10eb1

SHA256
fa1f3ff64819f58bf01d731e3d3921e31e9f1ef2bfdc6957fc6b63467a8e01b0

SHA512
91119e0678faad927d847155c89aa0bd38792397c8ad43d96a50dbb01fe90c16c32d5b75e9fd540817ff00219c7984b5f3e6dd2d72d903d60b8034f042d29819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
37dccf279dbfa468731c02d8b833bb51

SHA1
69be08caf85a06031d78bce37c5878dcdc19cf66

SHA256
05da751c64bfb82c402d4869bb8b6fce8df6450d71d38d4efa21be13ff4419a0

SHA512
ee6eb3e427c48ffa189dfbf41e6cb369f17d213e6e334f9d4505a9f983f01e07c60ece4aab43460cdbbf1092d75c5059ad343a61c9d97b3cc7bcc1b753d20d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a48b71ad3d94e90ca492b9d5c0ff3e2b

SHA1
8cb6a47f8b147898365af8f0aebb650b2374e294

SHA256
e7260929d0c877a2687f7cdc87df5f92287bc07876473b448d13bf63b4702d71

SHA512
c09dc7f23b5b3b879445f6ab40589c550279a1eb96f59a89ba7ee44d41f55f2a996820e8d2152fafeeeff57e6687c94973eb0456f448af72138d8f0a81bca590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d3ab86ee6b26d7a62db30b0653df8ca3

SHA1
cef7974efb8e668dc7e48cd282a9a1d6fa7a06fe

SHA256
18969adf2c196f573615d33d057c29cfca215849e0d27b44c6dcc43b4e9cd917

SHA512
de9711227fe8f483aa1c38932e924783f797d4324aab27c5322e52861b83731fbb9d4a993c6253956961e3d84eb9db25444c2cb13edb2492c73eac7699060fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3c135f6456fdd76e803055e731d37b3b

SHA1
6a834c582c0e936d12362739dca3ecab9172bb7c

SHA256
2b9b2e3bdd4500e34773f1f5e41d89cbc2b4b470f29c50d9a7c80742ada9a444

SHA512
3a420d06adc304a7e0eb67169925840ad187c96f1e2c0babc7d0faf4279432e4c9a526724a5ec81fb5fe9773801a14dd668854d3125739b829a791261e4c0d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
072784bd80393d202749ada77b63a141

SHA1
a14d36315e1731a9ba4a8ccaccc58bba82bc508d

SHA256
8b418b659a3b9ab70d95b514220ed2e048d70d006c8e9c35e3defe8d4e198463

SHA512
12a19eec8008e2ec1a5fc941679ef54bb8aad85fda658ac20a2cfe01cf11212e825dde7f99e27668c49d3655c400ccf64b22eb51bff0f5d6d674608d334ae413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5f48937912dc223ff81d362321cd2659

SHA1
07e4de96805d794719a466448394384ad7a994d9

SHA256
542f8575001d800354d92f870f838e73888060e3e6be4365a7c8d915c11abcc4

SHA512
507d9f82e98eff98b20e246c6d963374daba1230bd70ce03f0c72a0a162d895291d41b1ce01b05d37fd78350fbe5cc95f50f87a5c31837abe55dd0dee6e7c906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c08ede7d96b729e11e985e5a712a2eb8

SHA1
ef099f84523761f547513de959101a4137e44010

SHA256
fdaf8c92704d133cef56fa36926a1b3ee6a3e3c11479f21c50e60505538d0ea1

SHA512
a0bb06e3280f9bc2a26a74645a221354bf0064d3c109cd65cce26828eaba8a020d21b24f496ebd919e856ccaaabb13b5c7f58cd5d62c42cd8f279e3e1aa11f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1c40591dd3b5284d98ab815e09b92de

SHA1
c56f9a16378d122cfd4f246fc9209b63f4988037

SHA256
df345bbd6f1772ce84f02e142c819ffe4463f37d2af22b5e1eb5d7b29be188f1

SHA512
4eb1950dd59f05d37f279817fe3394ebc3e9d2562563632439df3aff19323deed18146c2b676893ec23838d2d6b75d29fb5a1c1b72d6bce9c91bc5cf61d48ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
670cea4d097f3435e8c25e9b77cee6a2

SHA1
98c68432a8eca5c79e0644d0bafecbab5de4e1d0

SHA256
42691b1d759ce51f4cbf5dd3cdde22cb0fbae445b21ffae663873786f2ddee24

SHA512
7c5d52a06e686768636fe118278b90ad53313845bfefb420e028f97a11a330a89f4243f22948be6362cb920ddc4c526ac6a45746a24b2ac5bf0c639a462ba423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4af13e68b95eaadde4ea270801245c4a

SHA1
8995423f9a48d937cd3de5bc9ceb114db407e6c4

SHA256
a819b301110130f6c169290b6341e77548008603853b6605888d796adfb0623a

SHA512
3bec01c7b15c8845dbcbb7c2c4bf69e99bb0b90a00977ce455edcf1a1dd7c629164f4898b291c26bda0ba79b4cb907285e36fa58657d584e5d4a5dcd77712742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8699d7519c41fd850a5f34ba01b79e67

SHA1
a7b0c2db5b28a346ed553e5294d0288c3728e02e

SHA256
f85d71373f5e473863a73cbf5d2b9fa45c3878c4f29e26f5519a55e5bbc63601

SHA512
59a7b358f603798cb1f9757522315ef6e1d1fab09170d53a14042bf20811e46665137a4f1c7df3f50a34587dab6b0848a54ba08d3b932c3c92c8c70dd72bb148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ee08728e6e59b66162302e5269553e73

SHA1
3a83e564702e527da33582d3bdadaaa473c6fe22

SHA256
b1e8ba570eabf08d4e2ed802f17f10746319ee83c71881b402712bf9bd05b61d

SHA512
6c01840cb8d246b04c1d33ca10707f5bf68ef8fb080609923b2888ba9eda41a4dc83ed55ef02114b251a23057c8cccc7b25abc7e11ce561635ffca8282990568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ac748284052c8e35ad652f2f982cc7f3

SHA1
564d3792fb8172609828783e749770b9747f7f73

SHA256
38a67865d1dd1d4798d534da631903699d9692dfc43d7f153e9fb9b1f9741099

SHA512
81d0264bb250c3532f070aa38f06e575d74e80917ea9aaa9fe132e3827ed9f8b2dc4553c09718b4a076385a810fecf3f99519b57433b46c944baf14045bdac82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
060a6bd29c0bee2f0dcaff50df5e342d

SHA1
df7af99f99e38659294eedc8abbdf694a80d5e58

SHA256
034bce463e96e5a317ef1dbebdc019af1065d00e6ffae2965eb61db8dac3ee2b

SHA512
2cb4d1c96e6b90c7450958ab213e1e195893a75cc05ad26e5b05b747e1708f91d6b365759d3028fb4e4937fbe0fc1b0bc8e44015ff1126ca85066287574d9138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2a650f809c49ff2c69a2393449c7f5d

SHA1
b68d9bfe5187f78e2b568308e4175e5b1e8acb0b

SHA256
a48b2464457fb68631ef96cfeabd606861a4753a8d6ada11f3d5762292a92ae3

SHA512
7afb8c5e7fac1a577c151cad03d2ede83490cd5986bb594c4134a32d75f2cc0fab5ffb8c98a6bb188a81a5327cddf2623021576b854990d7f6210e1b8c38c3f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
94533828e29be51138e2b0624982c4aa

SHA1
c555dbdf70cce7c6b01a40abcfeef93c2893790b

SHA256
02980a534f9f4250646119ac0c22cf9cc23603875edf08c0e43c8e506b04c40c

SHA512
d336907ca7d92564a31c8ab86e0351f1a455f2bb3055f8f799cab69ffcd8f06095a31fbc18d8cfb772d0d72beea7cd66ff97149f5ee659a4234b0fa5a1e5a6ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5961e44c79f58f3695e9be9da308e19a

SHA1
2493cd70d6e47a6780ed3e318a04fc7276d67177

SHA256
b78738770953741aea7ec866dd9e42efa090404800f550bff4b1d9d68bacb2e1

SHA512
8be1faf205d11d6c8a9ae8d2a0fa8429be71e09e840aee166078b206a02cefefe002a9f48d84e7bc49924a3e4cf4c3113ed5f03ef472ae8ed6c8618802d8d820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
753eaa764f980bd6e59fb8bb9c7df091

SHA1
af52e27de24c9cf5394873d70797ddfe3f15f5c4

SHA256
13da4d980e1f77f0176d061cc16d82f5e57d6d8df40c4b4f24bd75fada55c643

SHA512
42eac76be13d63fc66fca6d992fd8979eb42f36316dbadd5247c77cd0362ec3364761448458edb7615324eb12d0f82dadc0e0c71eff7a73d6f92e77e84887a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
778e0043ce91ec07de79d5a3b5e0a4b4

SHA1
458d4cfba03a236655e28d4bfb124192e02d9553

SHA256
db32d851c6f30b74a2b18d5164a7a1b88ee8ff842c6328aaa88fd41f19ecaced

SHA512
991ef488969523f7c85f5fb3a2e899131d6d16784fe656e5cf4907dd0a3a39c7549c37c60f77c64244d193f7be4ca93657c974a3964ca5990df7bb16f17dcf3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e659ad7d4393ff67efc60bcde2a5716e

SHA1
b108dfef074dca31cf922b0d9ca84f5d61435e9d

SHA256
40f051107acbceddf8154a314255258c71cf688a1fe2056fd7cb91dcbe941b1a

SHA512
f13f2d6033da63d6801695f50b2d0571f9d38b33c5adab40d8695708698670f44aef09013baa9d1913c8eb2ba0b50cdfa56b289af4d79333f79a2120ecd45192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
432c77bf97ad358276b08aed6a36ee3b

SHA1
c37a0334de646d839d8e5ffdb490908282948183

SHA256
fbdde1a51e2744114691687b99e58aa9f898e238f47a0871241a35c89aece213

SHA512
1521b64648716dba1d8a2e37545dccf6c088fd02d7d0321260d4fed11934ab8a226548e2e988fed7d748109bd19e058a5b9411bac668cdb116a572d681c77139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
36afc1a821ac5d31f46d00f13116b88f

SHA1
d780b91ce17cb8a973b5566423b4f447cfa2558b

SHA256
9e009a834f37403c41e75acba73dacc037bb6b6497bf41e975b4c41cd2e50187

SHA512
9db61a0bc04bf884470f3accf44098c628a967e90042c26456742aaf87978884f33d310e3933b66078d5191f6a71f487f50b9b29cbcc61d4d8799b3fb2b88dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c0200a19d96a1851ca27a3855aba1fd4

SHA1
59b0cc9cdc46fd4d879d7614840aa41caeb859f6

SHA256
d73a755734552a71689ed12f1d2decef00c27e5ca9ea522900fbfa556a822559

SHA512
b642c615ee846c704f4c69e6c5f01bcc315f16b0f353a6627f235cb070097d68abecfa7b71fbc5810570e79d3ee2f562bfee18bc842ad5c754a133c439d0dd39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
42f6c96cc0545c3a17f83129710ba36c

SHA1
b2b758337b1fdaad93fc1741cda99751bfad7dfa

SHA256
bb5e63d59dcdd287acf28c27dc24bd74df5bf87c5a5c89e7a8c91e624c8e3b64

SHA512
f6bd89d78a086a8456a005b7fbced9be3dc419f7b9c2d39d000fefc79294615a1217e7ccfd0c47a132385525cb74ff16dc27f3a7bf50e71e6a06c370f0f63482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
23cfe9a6f4033c3e950eab745b19cf23

SHA1
b63c0398c3a5d317778720df53c909b23abfb5b7

SHA256
65984cc171f688b73f87c457db8781fa3c27bc5001c9385aac1ce0fd86791323

SHA512
7c10227789c8c80898a6330a5008e96c858ffb861ae13c188a4fcceb67d89addbbe0d603491ae543e76b3efd20131a6157ddc58869251694be62ed44f740a88c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a0455a35a97c19c8ab79bedb160ca635

SHA1
e6dbe1a68e96a02bf6c2117c5e6543f7d53347dd

SHA256
078243f0b8717794209f7d992ab00bcd4449832062c17e0c27eba1a9d005ef28

SHA512
453e0b215a24af4211b725329d0fd585f1bf92a3dd40b09a24ac19c04ac4ae971f94419cb190d51eb8a6ac506d137bebc155c9e7a761773e9e700975eb750b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7e0c9e0f9d9577399809a64e46a2a232

SHA1
b9f1d0dc2ce666fb448ef47d054a891c3a5156de

SHA256
3d2fdd435086405350b5393245288e23cba1608bbd9234d93b2f2a4515d82c2a

SHA512
5c81f87b4a4b579a372165589d3f8b61829ee7c71ebdf817757349df907af72234a0ad114476bc52c72b4a1589760ec6f53f5a69a697d9d511f14fbe13665200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0f1b07d7b5907d450487bcdc94c83ad2

SHA1
5e5de18b786de5221eab4a94ca1df7442f16263d

SHA256
c2a6acaf13c3b1305cf399311bd6ba67e68c704d6389214671c29e66fdeadfa6

SHA512
b7ffac48eb6023e9fd08a2c84eb8e6dfed38946e514e7295fd1a3288ad8cdf76cc2c3c99598b064c998fb266f7c928f27cea2cae9e86380fdfac39c08235028d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3535722ec3001bcd2caa3b2ec21b91cd

SHA1
752c52294ec24d6f4044f43fda3a2099b94ab72a

SHA256
cecefb1005e756c7a420f4f9b0c2f84759cd94e70c048ae29671e02dadc7e9e5

SHA512
232efae02a1ceb7c7021f44efb6df2a54a278544bc5cd32c07d4c71094f1d3b036f5be569b26775c265798b1408ebb8b7be0b117f0e3ad4718376999a94153a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
80787410bd8732bd3776908faef5b729

SHA1
bc36e9d6dd98746a31fe4d028203aa383832199d

SHA256
43af35c02bb9e5d03ea563a6a82835cbda9096d1561404796be6754989711726

SHA512
818524370dd404862021048a6008a6f77db3b576964717f947d383ae4489d8d6636ebfa9a37266d05983878cc0413be84137de15b123a7b30c6ba6b0f8ddc641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6d4c902179559e9a66c2e3e8ddcfd2df

SHA1
85cfce7989ce5d114da4256a21b2f142142e846c

SHA256
e9f7a20f118dcedcf8189bf69105204481649e7251701cc4c75f7f74da130ede

SHA512
ce45b673b13a54a1a7c325d7e1be9bb92bd0c0e9e1a169314e53297867bd7e26431291e0fa6d97c3630491b335f20006255b9d321ac013c4c1d5eac6b42e892f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a17abac74f0706c87fecf1689bba402a

SHA1
ad136a4799fa6fb5cd8f33e4ee8a05d67a2e68c7

SHA256
2e3753b16147c59163fea38dd58c52232238469af7aba452a0d9ef18ed381af4

SHA512
eb489d11eba0ebb1be591e0a84301f52f200d4bc403720b32f49e38e1a5fd693138afe66de66441ca5b484f38d894a6ded2296e154aef81176c186eba3db5f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d58698f38db9df5ae39f3b9956b0c719

SHA1
b03aa8e555d7203862a818218fd75149084c4b8d

SHA256
06d92a79f9f9a0c457f2962320915c1f4de62c4f952d06c77f1188916bb4c925

SHA512
a5a6c7d70bf6f2da82a66388688019eba6d526b50bbf437c85e5b0336d732aa00ec7ead0caa5bd13f28ef3484046f36e728e1d6fb8d49778b9ed90d1d0de616a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fe5d59ed9af7d48eba8d9ea6e7b23920

SHA1
949f3d42b7a55a9adf8afa93baa665d32e52df87

SHA256
11c2d87aa8e069513bd84c22f52b781059109baa2d7e982f2d88daf35e4a1cbe

SHA512
febe15d0facfbbe3acede31b8d2a5cc188598e81ef8cc2cdfc8621a81ff6ad9edf28d6bdd41c270cb66d6c85879f7b2adb320324a9584c3855a15faf9732239b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17dffe1cc8a829109a0b2ae70b13780f

SHA1
93f8312655bbabd0655911008f38bb6648a70249

SHA256
1e60af7fd04df903e015274c419298805d7dc2588095f7ce5c31c063e81048ce

SHA512
407b095f3507e9a0dbaed239038960fe8c73ac7aec9870bb383768f353b7be5c803d058ae6a4b6e135c67033c3a96f93b29a31f2f2b26db1f07ad71253b7d4cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
01c6cf33b068fd327a04c0952a43760d

SHA1
91cd8d6d395b4ba0f6941195cf556a2ce48b2068

SHA256
ce01b490c21d8084e27fd99bbea065b8435bc8e8818f1378cf9da8c71fa05e49

SHA512
4401e50c7b136b41b3bb131c935fd9e298efa9fca807a4bda43477b234c97ae5762f6fb2a08886413c41d58c5c0f7f3ccbd9d6f22232d61177a8cf73d0ece0ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
075d9fbd8ac2fdd3485ce259ace452d4

SHA1
adf5e1a47f9079e7710469e452b598fcc55aada3

SHA256
1d943ca88ef72ae6911c11bb0828b8068bc4c1edf87c54db99ac239544e7157c

SHA512
620fe4e0c93ffef0f89557414fd28103216f80ca46ea484822a683432c45d735ebc7c0a8c814a37ba3154272ec2ba11b7bf17a6ac0ee59883168ec871debacf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dd57ad35193a6d72c1e6b37a9322fe87

SHA1
9284fd473a68c05b7f67fee685b866836522d551

SHA256
afd3249fc01c0124141cb618d8039a8c4addd2753320a820e17cf989571707b3

SHA512
d5f47df2836fa92a17bd45dff145549c1e104750c1ddce64334dc3c8116dbe7c357e023f089756020dd4addacd17706cc76e2f98894dcf9fff0307beab9a8438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6f48d70913f2861907fc1a0894c008cd

SHA1
63f42d38a5817274fd24d23310d9d2ea75e94ecc

SHA256
eb8ce38bc6319c654d10ebe5da01ec1c2492b0fed5817c536c5df9fae0babe51

SHA512
1faa595e2c839f5a9b6f67086638c49cbd3947236676a57cfe244dc52ab00475a5026a409b74de41fd14c5f2887003c7960d2dfef09607a8bac3a7cc0946f2bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
59f621e9ef53c4b0447c88d5950f61ed

SHA1
a9b4b5564c3b2b7a75e0d96f5b99c83cd0e86c3b

SHA256
d8a9b1bd980e5b8b29aa6f1e369efc0c4da89bf07e572ba3f58f8b8b9ac9478d

SHA512
3fe8e28b06593fd522e2a459c02ddb567d37472a9c05f6b01228c77809b83202b884f1bacfb55a5e463ab0c71d0f464f781ef1adce55bf21b8b794e7d496aca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e21968fd1f3794c589a688cb8befa4d5

SHA1
37d2e52001d1ae3c3c63c0904a1453be58fec4e1

SHA256
7fe00767714ed0a5c0935f494d15bdd72ddd926db6f3139db6ce425275c25bb6

SHA512
78e60753987d49085a597776b9f1e2a45704857ef07b6a1590fa4ec8d999425d269e3c2a07f2c4c6274809a21c48c828509d171a4b546eb516e10cdf0ea1c45b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eb11758f82a588e9df77e823fc569ac5

SHA1
bbc8d17152d3fb64b1e0b04d3a3ecdf30da80c31

SHA256
1f5978d9b608eef6c3e43f18a2fe8e2e84cf6632b161b142c96ad48d30cc8bf7

SHA512
d8be3685cb282d9d69c75fb3f36d35e8772774880c96be2d59a85f4a506ddcc977c5b3f2a88eddab50d41e0b2bad4b3c8cc839e7353710d790055d6ddb02cb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
29b4ac59a9a95e91674da0e781b47b96

SHA1
c814bf08dc0361424be9def13ce7ce2223830021

SHA256
c1fc4740b1207c514d1e7bccee91bb4f454ac21988b1f1e5f1c25f600a3d82d1

SHA512
3f20bef2442fb282002d46568617d9e57461369c01fd33adda4ba95589d1c19f89d4c5633b2c7e2bb97a8df22c263aa503d96685b04699300cac56acca5ebce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
19b4abae97aa18dc197e31adafa7956c

SHA1
e59650f3118aa10a7813d2621ee3a135d6f4e720

SHA256
43c379f2b5e82fc44d47ca63a49aff5b84aed97dd751ae75c66a1c5e435b549c

SHA512
00b6ec49f69da16e1e893577d87e3ee730391979801745adbd11a242c5766bebf654bde28f159649a4f086fc01ecfc7fb05186a9c789ad516cedc9b3ad7c7a63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
95d94ae2887c9742e620005c60d243e8

SHA1
b2c2b940a83e2202d6491bdaec8a774a44f3838d

SHA256
15c8e10e9937715d5f409bf2c068a4131d0e3240155620eadabdc5f336422e60

SHA512
431b3b38b5b5bed61b70b0bca49b4d1d97b5725af4df7e0eebfc09ce26aeb4c7e1771bbc7274fa1da5608237771fbe6c3cd69c3ee882035969aabaf47d9e2db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5c44aa4fdb29fa40c0c833c033982eb8

SHA1
5d94690298c89bf483ef70a8c75d8de8590ec07f

SHA256
adf2854f12f679c07a8214a9ed2908f78a6c686f440eff866b448f594b8f37d6

SHA512
f87b38237900b493bdd5aa5ca854eb231acce4125af35e781c0b79e6e010cc8c38256f394d2f89fdb42aecd4ec4133140ece8eb00ed068df5a998237a78539f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dd13f01239ca98bb23c0fc840a3e3e6f

SHA1
874c9ccc1bf7528395f9810aab46a336680afc43

SHA256
4d5847be7a06701f3b7a952afecfda93df651739124d84ba7779d8994dea369c

SHA512
88e4e7a64c62e70dd13b57632d8c3fa671efe7e09d6b974c449790a7ece6c90c1fb857c6e07e5c98a4ec39819d0148c28b68abed68520de4110171f4b2ae7318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a74f47d5ee25df2f4499dae75c7a3188

SHA1
3765c6446e240cce495040cc3e059fbe4378beed

SHA256
a6f1ace04886d9519aeb8ecff3b15d50bcca7a5efe112cce5f76c94d750786be

SHA512
a075e6d2c130c1782e7c74858b5cafb067838c0003c90b063fc909aca8784fd116f57e8d135d099df36822606cffc09552ee16e3c1e4c6ad21b26782c45f4010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6dd10b11a1e52d477ec41d8b9d286b06

SHA1
dfcfe7971ae378094c256a97b623f8385c9caffa

SHA256
e8fa5c6a0c85f8a6a9806384b69cda52f5423c723b5fd8bdf31f670ef06eb4a5

SHA512
7c76fefeee751c9c103185680f295e51772ae17d7a5e25625d8c2f703e6380ae6bd08713bb95a9f6ed8f0b58297878bf0a3be5ed57dbd4b95cfedafc1b7d0cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6b955581672ec252f1e3c5d0bb322c3d

SHA1
227b2c98af56abfa00b3d68d8e58da994e392592

SHA256
033b51d09573f628f61483897a6294192d883bcfc68f6e5d346b2ac73fd7aefd

SHA512
c7b0b77adf98f3da4095c06626bd8ee31adb0c12b5c7c84e7945107cca29db4066e09ac8783e1cbcfe54c4eaf2ca6a5f088ea53db59f0cad32a140d7a75dc05e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f75863da105831561c237fa4920b43e9

SHA1
b64a2ac6ecba720286851b0809e4f0bd71cfdfbb

SHA256
6a0b60a6f83e1d7bb4b4cd3d1b75ff772998cc97dac56301d321fb5771baad92

SHA512
6930eb756115b3d10ed72c03846f3f5c903e8a5c3f1bc077b67ef4d70d201e5eba0b38253abdb59245c823469acf1afc1fcf59d5bd71b8b11dc4878c4cfa1e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
06af96335e87716ab21ca65556f64866

SHA1
ade7de32c3ceda3ab369fbb79935f972570b443c

SHA256
92a5ceb4a51e44c8c3d51097302fbb7e43af197ca9982801ca1ec9dad07b58a2

SHA512
f82e5252de608824ba7c368e3f211a65974132c55f6ab484560bf90263cd3b8e9a942d5f402ba929294c76c1be66ac9f9a74972b96dbfc3733d39c06bdfba064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d19f2d320646dce21237124726ce02e9

SHA1
40993efa483399c13270734d6f2a51a8ff5c567b

SHA256
9797c415e98cfc0c4f18d275c50c31ad0b8cd99b4d87cf35da228f7371662a06

SHA512
10ab48fef8548d0e81391b578fbc9e14f216ca97e3c05b963d4a34a908858e8dca6c688b5f80b7c1596eb0ee9ee1c55592a547b68176c010a84dfb7f04189ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
37a94596f4e90b1684b5f0207188b897

SHA1
b1a10b66da39049aeadd07f50091d9d565d8765d

SHA256
92d557edeec42cf065a7db9e5ba1cd5d4cea55dbc3aeee958284e6a423debcc2

SHA512
27d28df8afcbdf7def7d5535b35bff11c9727e9e1bd3b00c78c8e3ea9d5eae4a0a6bf55e7cff3e48e47592242b796e897e9b5bced711fbeeaa546444ed03039a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9cd1eda686fd36b8dcf71f1c03881de9

SHA1
99d298a1f1b83e91601f14546684e0c091de14aa

SHA256
b80cadfa40b407d59262698947f35232d2f2e1d3018f9a3f480f49627bc04b8d

SHA512
6217699e451f4cfde43f0221a9e98e42587c19d8a6aa9e30231ca19f92a172dcb36d04c3856f846082a5ab5de0ad92595d601912ea55577371973581e08830fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1782bfc5fc8f7e172e4930e9aaa0d3f7

SHA1
6335341cd2a6039cbb01b7fd89bf3969ca0c0d0a

SHA256
58e91916c1f18ebfd22272d367dbcad67933519927b590cfb85cb9dcac85cdbc

SHA512
c6a3828407ca8b26672cf572e3c3899cad41f63c770143f7382eee7f3e901eaa8405e1ff70e9a5c9584c2d9960f121a962383410025c9adaf1f26d822b5e66cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b2a452914a6e6e875d2512de541a21aa

SHA1
d746197cc726898c3563c034fe3d8effdb0e931f

SHA256
094124cf991b182af74154d7a05b3e50f807167d58712180befdd62214c35cb8

SHA512
312ba50edbe9c205a9ff7168c8ae8c9768c0f6e4a7fccde63d340a7905162775bac81a2b98a1bb15853e7dc7488d11000cafd319bcf26a202370d073077779b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bb85ff864d1d421ffd51000c2e0475ed

SHA1
8d640864da2f15044d2e6fa57588af01c7be6e9b

SHA256
fc9307c9d2f90c588e0884c7dfbed8c03162ccb8c83003871bd63d48efe21f73

SHA512
38b5cd96680beaabb519e3febb8fa98b6c85f966b1e031d611b261829de4859802a5973408c928804912988ee3d7705cc5bd36ce2c71e5f582a6de5af26771ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3f93207801149ad0a2fcf09b5a2255ea

SHA1
9bc1f48b77d4d5a9362c684dc2b02f600bf2bb15

SHA256
3b37074c49e50beedab56793a4fcd903e7ce782ef4f559a8729dd7d7f5206914

SHA512
bef70ce00e1a154a3063c08e4cc902664f8a4a1d8092595356ae97cb2e21b5040ae349ba21e528ffeb1b2845dd5a4a30c822aa771799e2a11407f0d4ee86c805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3abe171ffafeb1e7aade96bfb20684f7

SHA1
1e781585da1ae7143c6ab30c857aecbb925dc0da

SHA256
9f481821db47d9bb4663a20e3938b8119b34f36c6f4a30129f67d9cac7f9597a

SHA512
13875cebb0bec22cd92fc4cd1d8928e50d9298680f39116405f47ae0f6dce86b27667dc8ca5431943c5a05cc9c19bea7d30fc15769bb69696a2b8a60aa2ea9b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5cb899.TMP

Filesize
140B

MD5
a24c74a4489a882ad7fa34fad7a94856

SHA1
eeef77e41c0a970305b2bdc24b8b4bcddbecb227

SHA256
9b5c2e0261ab76d06584a133cb4023c66c1a0ab9296586e67b99bc7fa7b77eb1

SHA512
6c6fa786d5aa57d4dd827aea38b7d147e8968fa04fe56d2c688d6212ae783ea788eca68bfa01b07b95514c601046886b0eb191aad3e246e7628f0ba033e480b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
c8deb63962dbbc3fc4db617bcfef18cd

SHA1
162386bf0b702be4faf3ee3a217bda967b046a96

SHA256
cd7d5c14a28f3201ef757ea736f853cb794945d62aa04c2f08d0caefe21abef4

SHA512
38d7e994e2daceb80587260727da1a2e6a29aff0ed5f5b5d8690af7c41eb509d0339f7e17f0311f35720a7e26b4aaa877cc5b1b2ae4ba4bc151937d6e6c3f30a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
735142e773eb3ce2f3d434aa92ebfc9e

SHA1
6e61e01c52ef1513cc9f4513cdd17c64dc125ee8

SHA256
9f38a54de2b53e63171112de7b42b3542ef08703b8dfaac4bb135e812c85e045

SHA512
7fb62fef00f3e113bbbe9f7307c3bdf0ef48a39b19d5aae61f5d4ad855dd41c0fc49078edcf42ad8d6390d457064a9395527d0694226ac094973776c596fce4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
7342752a810c06846f89e4ee3228d7e5

SHA1
9607d0fcf02328501c4815d936e4c7e3ab5bc01f

SHA256
7577ec37b68527b4790031b81ca2605da81f956449be9e50eaa004d4ecf3c482

SHA512
5c3c394d3194ca62aef30bf55db45f13515b516fa595cad8dcf5d26a03108efb7cae08f51332059246d80b23a91cffc239a58fc040866f6f8071bfad9f14612b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\59fb8b92-3530-41ca-84f5-8a55455b82e2.tmp

Filesize
5KB

MD5
ea6e1e35667aa1fe4af3da9a7e685d38

SHA1
21e958b64336920503d613fe314b952206e067a4

SHA256
43156f10a4bf59a66410bf685d0d7713bad49065b17a86f91bdba5887fd41d40

SHA512
62ffb03bdf25b290a8dc1791519621a2fdde6e3ee08a96fd442553f2bc43f6ade1eb1d2cf7169645847a43c3a3c1ae63283d16683875e9de74054388797048c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
e376b31ce3121d436904075879e7fe02

SHA1
c6a9563850d822421e873ec12344368c0dc2cd5a

SHA256
d5175b8e4721194c61fe426588860730c5757d2431d3a2ec4e5f93e444e3afd6

SHA512
6a73330538838ecddc24f8b579221cae2493a4db2b52348f56c46ef4eb4f5c9bfb9532c98a49a32ac0bdf9348a8c70447450507794404d53386f7734a64bc6ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
323B

MD5
74c9e7193b0cb61e692095d8d9e01ae8

SHA1
2f60d0b754e400d545d5f3829ae3b0a0b990d821

SHA256
b51c6699b167d0179b11f965336dd9133829945e8992fb391043536d336d9baf

SHA512
e3abb8a66b88de18aa084934f2d481d7f10060d35b0426a12b7dc1e7a3a8199261be181e889a4054c5d108884a16eb304a7e1b575de21820bd97acb48c13d747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2d7a60156f71d3bdd74f8321b39ea74

SHA1
85b52942cc3c10f9b50e461edd31a943f54b31bd

SHA256
4b5b443b24b6564d64ffcd471aaecf54755450de64b2e4b6f34748e8d53cde84

SHA512
8fd3ad0613733b8137159153c9740ef70498894aa1062aea29d7da19d559aea20efa8b987023ff820ff51a916de86ab0b78b0edd8041bbcfc82902995c70b81a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2b84bb451e244d9cb9ec02ccf09f2b0b

SHA1
e9d3e147c40877f1cbb9a2a087af212b22763cd0

SHA256
8c806efe9c56ffc9016fffb7cacf86aa5ebd5dd60cadd1591a61182bf3292382

SHA512
a5f4b11a5c51bdedf57a85d7ec0d4b7203eae12114b9aab3c74d13d8f08a6ee865befbacd71dc1224c757008c988cce355ebed28e4ea00e3a8800829604e6459

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS812187CF\Assets\discord_icon_click.png

Filesize
512B

MD5
c11cc6a9edff1694a71584413dd47dfd

SHA1
3b84fbfab8b53db95e8fb1b409193624fc8359dd

SHA256
6b126c8a7015c2274e6a2ac969e0f31ecae421e1652b446b2aafd2b03d0dc3f5

SHA512
bdf3ff3a1b8022521cba870334b11bd9c877b84bf134fc4710f0c9e8fe3703a2604915a24ae6738a3099b7e80f0f5a8d9b161c74fc36ee217e05581d88d728ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS812187CF\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS812187CF\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS812187CF\Bootstrapper.exe

Filesize
153KB

MD5
96484bff2f427a7392198ca23fa73425

SHA1
48cc16ec67053cf92db14a454b43eee0b0d508f4

SHA256
a68debf91b73cfe3dac671857373c109237763ce72587200aba86987988d919e

SHA512
53579983c9074382c8f42e6a8a2bf9e02368a9868ff9392eb809eeea41f369fb88da2c4a43cd067475c7db9a2d04ef5b4510fc4a69791be32d0cb7215ee25d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Assets\change_hover.png

Filesize
310B

MD5
57092634754fc26e5515e3ed5ca7d461

SHA1
3ae4d01db9d6bba535f5292298502193dfc02710

SHA256
8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1

SHA512
553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Assets\discord_icon.png

Filesize
564B

MD5
9354bc445e979c2de9b9eedd9b7c8318

SHA1
8dc3e8fdcad0fcdad1fe19b0b94b676e8846affd

SHA256
c29b35c6be50f9e34f1120bd346ce01884f0c7ba1121c866d95b24e46e420b0c

SHA512
ad13f6bf46dd8cb48a030e720c1c577a22b0d3dec794ae807aa482474fe6c2bead7fc63dd45983fb3ab82034d74d4f10b6d9967d4ff677d2226c6c18ee03a4d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\BlueStacksInstaller.exe

Filesize
639KB

MD5
cf5a21c0339e2d187714c6a58d80c1ec

SHA1
b5d32bba4ad67e138724d17586ada27bc9a056e0

SHA256
e5307fb49393917d1de679943f6e1a3121c90c32741a67d538e165b343470dd8

SHA512
d3678cea48a1c50086995340e09bf210a09def04b2d4f7a65d4b28522513b658342cdcd8873f5888b42147b83145dbfed5db72561eda89f2e21634fe341c7e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\Locales\i18n.en-US.txt

Filesize
20KB

MD5
3b35eb1c3e81a889f39224cb59175f32

SHA1
3bafb3362f7da8d36c25729d479d8df62a31bf55

SHA256
37c010628ee16b5d847fcd0753488fc0873fc536e17f1f307d0f31591645f9a3

SHA512
334f0d87ee0dca07b4c2d90715437149790d3342e9fd9726c916e0624ceb224578313fe5c329eaaf1044d323c9c8dbaae35898f9f7360e91f60331499a71d3fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS847B4BFD\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_1.jpg

Filesize
79KB

MD5
0ec4075aa87b62bfe7935aadb374e01a

SHA1
894bdcabc151233b54d47666693d10bff372c887

SHA256
08485a73efabf4cb7d7f1bc11e5546d9ef6b3bb422bb814a0de688bac0babcdf

SHA512
acde13feb05ffec1bb2d8fd24f4e9208e5c2dc1dbac64f042a7bf5c9dbc8e72e11b5c4d709ec78920304af110f3544fcaee0e140f9d2af5c7086e754991e3e89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_2.jpg

Filesize
30KB

MD5
efb63876389c300433587a29ce85f258

SHA1
8eb00659e003a934c8538b6e5a2be65ea097e5c9

SHA256
873030e34515538dac3efb98edec519596439fa05b7aad37f6137ca954ba41a6

SHA512
3c4a935f949e70199333889ba54870930858e54bf2ee0ac2a27f814710264ae30c474c4cd9e59835cc9bdc9da8c7eb25b963f02ee34767b3738f43988084059d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb3BB0.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb3BB0.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb3BB0.tmp\nsDialogs.dll

Filesize
9KB

MD5
f7b92b78f1a00a872c8a38f40afa7d65

SHA1
872522498f69ad49270190c74cf3af28862057f2

SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb3BB0.tmp\nsDui.dll

Filesize
3.0MB

MD5
cb34b30fbf30e937d86eae2b77b1083a

SHA1
7cf2a31a5778391185aab4ee7950138288f40f94

SHA256
e99f12b93ac8a42c29e69aab34b7e60f7e23b87f3ceec69e1f7053e96ed8ca46

SHA512
b18e944f92bb77405f6bb768634f513461750df5973fd1940e76072f1c02b118977591421cda740832fe4c0a8efcf06372afa4119be7d4bc21c7db47b8e3a839

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb3BB0.tmp\nsis7z.dll

Filesize
434KB

MD5
95f6f6ab9509bc366ab9215defe4251a

SHA1
e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b

SHA256
a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50

SHA512
a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp682A.tmp\Registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp682A.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp682A.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp682A.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp682A.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp682A.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\srtxsrh4.tqs\BlueStacks-Installer_5.21.631.1001.log

Filesize
129KB

MD5
c66ca79567df0c4000417eaac3f0090d

SHA1
f060e927270cd9361fe5bc395831b95348840192

SHA256
ab1e12af7d0169046396821c89bcb4b4e941b7bbe7e4b3cfe6a9bae387b76fe9

SHA512
131c8051922cce59f0ad7ba9630ae614a1b48e451334bde322a4c7c966d36a76d09e6e741a87e0cc64f892a789d113469007b8a9dabc46594b399ad42dc2cfa6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
493B

MD5
73f36ee312c05791aa3bead40e839cc1

SHA1
d97425bebfb5e802e8e16cc0f99f36edab45298c

SHA256
6dac04802664f49f9fe25413ef4569115484c791a683f9a0849118c7d793ea41

SHA512
3e5e80ff117ed17b3e291f35a8c538097d6d882b1f1cf948c193cb1d9fde5061c3e168fa005bd42b7e2ac9c030302ece77dae39e2ad5ece6d5021c684a7de097

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
583B

MD5
9e86a3cc19937b3de6efa431e3d4c161

SHA1
b35ce622c1c236c1941418c03a2208ea6efe9c95

SHA256
81421db03dbe9897714ce3cfdeba10c1ec9229bbfe1e2bd26b6f0aa831aa52fd

SHA512
7c6589bbaa9513b37b73ab0486cb4789ab4700a9540c88d1338dc6971bc3789965e393c9c63217d92eb306d208ba94de1341ea69bc2bb4dca12d1b50962bc266

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\TransportSecurity

Filesize
188B

MD5
6b976fad5cba776fbe737240d17df5f3

SHA1
a56053a9afb366b1e1c8dee1027bd4f59d729b42

SHA256
7cfbc69634d51ca44c1f0156250b54b9f9355bcc812c17733674e957033472c4

SHA512
6af4728ee5a6e5a43b66c574e73f7cf0cc712cf3be9d9047546ef4dec54db607b9bfa42f6c1a7542908429f0251ab0ce4dea82eeb83dea2834ff74679345aed6

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\TransportSecurity~RFe60c0f3.TMP

Filesize
188B

MD5
fbccc47eb6a1322cf45def70c0ffdbe1

SHA1
492137480b57b19048d44a271887a150c758e60c

SHA256
ec36efea4fc12255eb6a0cc4b93e394f7878ba328377eb5e24076c73f71ed080

SHA512
b520bb624e8e02ceb25ef71e8b178a0d159c10228ed27c5d758ee5b741724f1026d01b9c01cf739b974246b14947cd6923cf60e5afb159a9059387efd85beb59

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
1KB

MD5
7e5ae78982734cc70c93b74012ac4660

SHA1
2f4a75af51db4abc963167762d510f9949819e85

SHA256
e796c45475ad7be0da7fb93e48e45298c41d19dc8ec09b93d7a1c848ef3b9d3b

SHA512
939fcaeac9f9aed21f8113bdaf626c8d6a76da8e608d44cb6eb3167036f0cbb9ac9dd9e95e7b43727d367a11eec7a7c3fe7ca803090e9e8c0e898d341ef7e884

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
57B

MD5
46689910e34c8449213c805b158fd5cd

SHA1
95c2e82429debe30875c3e4fa87bf0336cd3da1a

SHA256
5cea9d054ac9e9e1b8e47161df148eb293729c9488dfbaa4a9ed3fc4eea8b744

SHA512
63a9c8da5d0e8741c1e23b8e9c410ab83b1950a80f4093f735554b95fa3c2ce3fbb79951a2142129ec6e1fe681af4e81eb2bea902877b0d2aea43234c2af3a21

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
1KB

MD5
49de75719976951706280c890afb0a8f

SHA1
1854df69b7b845572eb1408e1aafc57f182aa02d

SHA256
f17e843ad297b973e591420ded88fd9db93e8fb0c68510e3a2ce0aceed7082ca

SHA512
88712632b24676149cc3c6407f4afb96c6d91967ca3f69c328a9cbdc5ee2bfae5472b50121ddaf8cfb5c8c05a6032c8408d278050c6142ccb8144f1ea8d35fcf

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-5082940445e4d456

Filesize
92B

MD5
336bf398c13967d21c39b6104c2f55f6

SHA1
60abbaab747f8bd1aae68ea9a191766239dfe187

SHA256
1928309fe2146702d7a97e5c9fc77d83cbcc4fa68b6b484e8a41d8115c9ae141

SHA512
98be36190fa73cf156565b462b6a640e572037914b8e2ab82c5be51ad1d576a1ac3ad49b6d75bce4f0bf7b0d63b3c708eacef6c7db634a15567b7d881d80adf7

Download Submit
C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.631.1001_native_d72b26d2c48e67981df33e5b8971e128_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier

Filesize
354B

MD5
8acac0e5df3454ca1951e5b0783a1c3d

SHA1
5d7626b3e42475585c5135cd264dd93b0f88cef3

SHA256
232da6b63a8314533932962be0f3033597459581571e91e93200003068157a0c

SHA512
bc555036b77f304c131b8da9196dd41fa5eceeb1bab9edec7e7943605e958077db22c6b4798cc7e3c049b8ccf70cbc203957bf5d7068565f9a8f078b91c86d60

Download Submit
C:\Users\Admin\Downloads\Wobbly Life_1.0_apkcombo.com.xapk:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/812-1501-0x0000000020770000-0x0000000020778000-memory.dmp

Filesize
32KB

Download
memory/812-1491-0x000000001CA00000-0x000000001CA0E000-memory.dmp

Filesize
56KB

Download
memory/812-1490-0x000000001CA30000-0x000000001CA68000-memory.dmp

Filesize
224KB

Download
memory/812-1479-0x0000000000FF0000-0x0000000001092000-memory.dmp

Filesize
648KB

Download
memory/812-1481-0x0000000003490000-0x00000000034F8000-memory.dmp

Filesize
416KB

Download
memory/812-1486-0x000000001D3D0000-0x000000001D8F8000-memory.dmp

Filesize
5.2MB

Download
memory/5456-10413-0x000000001B460000-0x000000001B546000-memory.dmp

Filesize
920KB

Download
memory/5456-10412-0x0000000000850000-0x0000000000878000-memory.dmp

Filesize
160KB

Download
memory/5516-10415-0x0000000020590000-0x0000000020610000-memory.dmp

Filesize
512KB

Download
memory/5516-10414-0x0000000000A60000-0x0000000000AB6000-memory.dmp

Filesize
344KB

Download
memory/5516-12230-0x0000000020110000-0x0000000020118000-memory.dmp

Filesize
32KB

Download
memory/5516-12231-0x0000000023B60000-0x0000000023B82000-memory.dmp

Filesize
136KB

Download
memory/7104-12805-0x0000000068710000-0x000000006873C000-memory.dmp

Filesize
176KB

Download
memory/7104-12796-0x00000000687E0000-0x00000000687F5000-memory.dmp

Filesize
84KB

Download
memory/7104-12781-0x0000000068A10000-0x0000000068A1E000-memory.dmp

Filesize
56KB

Download
memory/7104-12780-0x0000000068A20000-0x0000000068A36000-memory.dmp

Filesize
88KB

Download
memory/7104-12779-0x0000000068A40000-0x0000000068A6A000-memory.dmp

Filesize
168KB

Download
memory/7104-12778-0x0000000068A70000-0x0000000068A92000-memory.dmp

Filesize
136KB

Download
memory/7104-12777-0x0000000068AA0000-0x0000000068AB4000-memory.dmp

Filesize
80KB

Download
memory/7104-12776-0x0000000068AC0000-0x0000000068AEC000-memory.dmp

Filesize
176KB

Download
memory/7104-12775-0x0000000068AF0000-0x0000000068B2D000-memory.dmp

Filesize
244KB

Download
memory/7104-12774-0x0000000068B30000-0x0000000068B3E000-memory.dmp

Filesize
56KB

Download
memory/7104-12773-0x0000000068B40000-0x0000000068B52000-memory.dmp

Filesize
72KB

Download
memory/7104-12772-0x0000000068B60000-0x0000000068B87000-memory.dmp

Filesize
156KB

Download
memory/7104-12771-0x0000000068B90000-0x0000000068BAD000-memory.dmp

Filesize
116KB

Download
memory/7104-12770-0x0000000068BB0000-0x0000000068BC7000-memory.dmp

Filesize
92KB

Download
memory/7104-12769-0x0000000068BD0000-0x0000000068BDF000-memory.dmp

Filesize
60KB

Download
memory/7104-12783-0x00000000689B0000-0x00000000689F9000-memory.dmp

Filesize
292KB

Download
memory/7104-12784-0x0000000068980000-0x00000000689A1000-memory.dmp

Filesize
132KB

Download
memory/7104-12785-0x00000000688F0000-0x000000006897D000-memory.dmp

Filesize
564KB

Download
memory/7104-12786-0x00000000688D0000-0x00000000688E6000-memory.dmp

Filesize
88KB

Download
memory/7104-12813-0x0000000068520000-0x000000006852F000-memory.dmp

Filesize
60KB

Download
memory/7104-12787-0x00000000688C0000-0x00000000688D0000-memory.dmp

Filesize
64KB

Download
memory/7104-12788-0x00000000688B0000-0x00000000688BE000-memory.dmp

Filesize
56KB

Download
memory/7104-12789-0x00000000688A0000-0x00000000688AF000-memory.dmp

Filesize
60KB

Download
memory/7104-12790-0x0000000068880000-0x0000000068894000-memory.dmp

Filesize
80KB

Download
memory/7104-12791-0x0000000068870000-0x000000006887E000-memory.dmp

Filesize
56KB

Download
memory/7104-12792-0x0000000068850000-0x0000000068864000-memory.dmp

Filesize
80KB

Download
memory/7104-12793-0x0000000068840000-0x000000006884F000-memory.dmp

Filesize
60KB

Download
memory/7104-12794-0x0000000068820000-0x000000006883F000-memory.dmp

Filesize
124KB

Download
memory/7104-12795-0x0000000068800000-0x000000006881E000-memory.dmp

Filesize
120KB

Download
memory/7104-12782-0x0000000068A00000-0x0000000068A0E000-memory.dmp

Filesize
56KB

Download
memory/7104-12797-0x00000000687C0000-0x00000000687D1000-memory.dmp

Filesize
68KB

Download
memory/7104-12798-0x00000000687B0000-0x00000000687BF000-memory.dmp

Filesize
60KB

Download
memory/7104-12799-0x00000000687A0000-0x00000000687B0000-memory.dmp

Filesize
64KB

Download
memory/7104-12800-0x0000000068790000-0x000000006879E000-memory.dmp

Filesize
56KB

Download
memory/7104-12801-0x0000000068770000-0x0000000068787000-memory.dmp

Filesize
92KB

Download
memory/7104-12802-0x0000000068760000-0x000000006876E000-memory.dmp

Filesize
56KB

Download
memory/7104-12803-0x0000000068750000-0x0000000068760000-memory.dmp

Filesize
64KB

Download
memory/7104-12804-0x0000000068740000-0x000000006874E000-memory.dmp

Filesize
56KB

Download
memory/7104-12806-0x0000000068700000-0x0000000068710000-memory.dmp

Filesize
64KB

Download
memory/7104-12807-0x00000000686F0000-0x00000000686FF000-memory.dmp

Filesize
60KB

Download
memory/7104-12808-0x00000000686E0000-0x00000000686F0000-memory.dmp

Filesize
64KB

Download
memory/7104-12809-0x00000000686D0000-0x00000000686E0000-memory.dmp

Filesize
64KB

Download
memory/7104-12810-0x0000000068550000-0x00000000686C7000-memory.dmp

Filesize
1.5MB

Download
memory/7104-12811-0x0000000068540000-0x0000000068550000-memory.dmp

Filesize
64KB

Download
memory/7104-12812-0x0000000068530000-0x000000006853F000-memory.dmp

Filesize
60KB

Download
memory/7104-12814-0x0000000068410000-0x000000006851B000-memory.dmp

Filesize
1.0MB

Download
memory/7104-12815-0x00000000683F0000-0x000000006840F000-memory.dmp

Filesize
124KB

Download
memory/7104-12816-0x00000000683E0000-0x00000000683F0000-memory.dmp

Filesize
64KB

Download
memory/7104-12817-0x00000000683D0000-0x00000000683DF000-memory.dmp

Filesize
60KB

Download
memory/7104-12818-0x00000000683B0000-0x00000000683C1000-memory.dmp

Filesize
68KB

Download
memory/7104-12819-0x00000000683A0000-0x00000000683AF000-memory.dmp

Filesize
60KB

Download
memory/7104-12820-0x0000000068390000-0x000000006839E000-memory.dmp

Filesize
56KB

Download
memory/7104-12821-0x0000000068380000-0x000000006838E000-memory.dmp

Filesize
56KB

Download
memory/7104-12822-0x0000000068370000-0x000000006837E000-memory.dmp

Filesize
56KB

Download
memory/7104-12823-0x0000000068360000-0x000000006836E000-memory.dmp

Filesize
56KB

Download
memory/7104-12824-0x0000000068350000-0x000000006835F000-memory.dmp

Filesize
60KB

Download
memory/8660-11295-0x00007FFE602A0000-0x00007FFE602A1000-memory.dmp

Filesize
4KB

Download
memory/8660-11296-0x00000176597E0000-0x00000176597E1000-memory.dmp

Filesize
4KB

Download
memory/8660-12180-0x00000176597B0000-0x00000176597D9000-memory.dmp

Filesize
164KB

Download