f6d7f4df4b244e1bffe2f48e232776abe54bd4e8d1d765d865975b393e22c171

Analysis

max time kernel
227s
max time network
277s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe
Size

918KB
MD5

116edcc32f9b833cd8bd5dedfb05f6f3
SHA1

dec2245c1cc66dc79362a5ee366d4de0995295c7
SHA256

f6d7f4df4b244e1bffe2f48e232776abe54bd4e8d1d765d865975b393e22c171
SHA512

6f6a3e87bb9280b3647c24ee8211d95bcb769201be53b826d8e42306b9dc8d0e5eb68fa6cbe810c58883dfac34f73e3b0d36aa976adf01bfa16e3e1cdaf4d59f
SSDEEP

24576:8ivtCXWeGKKGQNHdtynELf05sOO1YwumcO9zA/4lr4NyF:ZtCXWPTGQVbrpZGwuNYA/G4NyF

Score

9^/10

defense_evasion discovery persistence privilege_escalation ransomware

Malware Config

Signatures

Renames multiple (193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
4	5340	BlueStacksInstaller.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	BlueStacksInstaller.exe

Modifies Windows Firewall 2 TTPs 4 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
9212	netsh.exe
8956	netsh.exe
9012	netsh.exe
9140	netsh.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\storage.json	BlueStacksServices.exe
File opened for modification	C:\Windows\system32\storage.json	BlueStacksServices.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

discovery

Process Discovery

T1057

pid	Process
3912	tasklist.exe
7780	tasklist.exe
3000	tasklist.exe
7632	Process not Found
1768	tasklist.exe
8248	tasklist.exe
8556	tasklist.exe
4540	tasklist.exe
6700	tasklist.exe
7884	tasklist.exe
1676	tasklist.exe
8444	Process not Found
2412	Process not Found
8772	Process not Found
3368	Process not Found
7020	tasklist.exe
8624	Process not Found
3032	tasklist.exe
8024	tasklist.exe
7760	tasklist.exe
1772	tasklist.exe
6836	tasklist.exe
8168	Process not Found
6424	Process not Found
8056	Process not Found
8056	Process not Found
5384	tasklist.exe
7820	tasklist.exe
2840	tasklist.exe
6924	tasklist.exe
3752	Process not Found
7704	Process not Found
8368	tasklist.exe
2360	Process not Found
1716	Process not Found
1072	Process not Found
6200	tasklist.exe
8748	tasklist.exe
8544	tasklist.exe
5936	tasklist.exe
7280	tasklist.exe
3908	tasklist.exe
4264	Process not Found
2428	tasklist.exe
6444	tasklist.exe
6008	tasklist.exe
8276	Process not Found
8936	tasklist.exe
5296	tasklist.exe
7668	tasklist.exe
940	Process not Found
5564	Process not Found
7544	Process not Found
2404	tasklist.exe
8968	tasklist.exe
1876	tasklist.exe
7132	tasklist.exe
8580	tasklist.exe
8804	tasklist.exe
4268	tasklist.exe
8020	tasklist.exe
8536	tasklist.exe
2920	tasklist.exe
2108	tasklist.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\BlueStacks X\image\Guide\GoldCoins_Left.gif	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Search\Promotes_Title.svg	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\platforms\qwindows.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Tutorial\PremiumGames\Icon_tip2.svg	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\sr.pak	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\imageformats\qicns.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libdolby_surround_decoder_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\nl.pak	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qt_it.qm	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libsamplerate_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\liberase_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\librotate_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\xplugins\PcGamesPlugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\settings\setting_logo.svg	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libpsychedelic_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libtransform_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\wallet	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\mgr.svg	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\imageformats\qicns.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\misc\libstats_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\services_discovery\libpodcast_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\fil.pak	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libremap_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_output\libafile_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_output\libdirectsound_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libinflate_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\vcruntime140.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\settings\remove_disabled.svg	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\language\de.qm	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\imageformats\qtiff.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libscaletempo_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\codec\liba52_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\checkBox	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\apk_app.png	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Search\SearchHistory.svg	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Tutorial\PremiumGames\Icon_title.svg	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\imageformats\qico.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\LocalAPK	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\checkBox\checked_normal.svg	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\wallet\logo.svg	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\access\libtcp_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libgain_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libsharpen_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Guide\Step3_img.png	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\de.pak	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\Qt5Quick.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\Shadow_under_those_cards.png	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\settings\Icon_Close.svg	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_wav_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\boot_logo.svg	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\dialog\min_pressed.svg	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Guide\BG.png	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libcompressor_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\aws\aws-cpp-sdk-s3.dll	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\family\Rubik-Medium.ttf	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\NowBuxUser\Now.gg LOGO.svg	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Search\Search.svg	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Search\SearchClose.svg	BSX-Setup-5.22.0.1102_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\access\libsatip_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\aws\aws-c-cal.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\codec\libaraw_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll	BSX-Setup-5.22.0.1102_nxt.exe

Executes dropped EXE 64 IoCs

pid	Process
5340	BlueStacksInstaller.exe
5300	HD-CheckCpu.exe
5208	HD-CheckCpu.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
940	BlueStacksInstaller.exe
2984	HD-CheckCpu.exe
5868	BlueStacksServicesSetup.exe
6252	BlueStacksServices.exe
6416	BlueStacksServices.exe
6404	BlueStacksServices.exe
6600	BlueStacksServices.exe
7140	BlueStacksServices.exe
7116	BlueStacksServices.exe
2744	BlueStacksServices.exe
7428	BlueStacksServices.exe
7936	BlueStacksServices.exe
2944	BlueStacksServices.exe
5668	BlueStacksServices.exe
1588	BlueStacksServices.exe
3936	BlueStacksServices.exe
3296	BlueStacksServices.exe
2828	BlueStacksServices.exe
3864	BlueStacksServices.exe
6744	BlueStacksServices.exe
2328	BlueStacksServices.exe
5092	BlueStacksServices.exe
1712	BlueStacksServices.exe
7384	BlueStacksServices.exe
8220	BlueStacksServices.exe
8252	BlueStacksServices.exe
8268	BlueStacksServices.exe
8616	BlueStacksServices.exe
8036	BlueStacksServices.exe
8140	BlueStacksServices.exe
8120	BlueStacksServices.exe
8992	BlueStacksServices.exe
1788	BlueStacksServices.exe
2996	BlueStacksServices.exe
6872	BlueStacksServices.exe
2032	BlueStacksServices.exe
5848	BlueStacksServices.exe
3844	BlueStacksServices.exe
9112	BlueStacksServices.exe
1508	BlueStacksServices.exe
4160	BlueStacksServices.exe
5140	BlueStacksServices.exe
1112	BlueStacksServices.exe
7216	BlueStacksServices.exe
4256	BlueStacksServices.exe
7080	BlueStacksServices.exe
6540	BlueStacksServices.exe
7364	BlueStacksServices.exe
7484	BlueStacksServices.exe
7392	BlueStacksServices.exe
7752	BlueStacksServices.exe
7124	BlueStacksServices.exe
8468	BlueStacksServices.exe
8472	BlueStacksServices.exe
8544	BlueStacksServices.exe
8932	BlueStacksServices.exe
8908	BlueStacksServices.exe
1976	BlueStacksServices.exe
880	BlueStacksServices.exe
6932	BlueStacksServices.exe

Loads dropped DLL 64 IoCs

pid	Process
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BSX-Setup-5.22.0.1102_nxt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksServicesSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	Process not Found

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\Local Settings\MuiCache	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
5340	BlueStacksInstaller.exe
5340	BlueStacksInstaller.exe
5340	BlueStacksInstaller.exe
5340	BlueStacksInstaller.exe
5340	BlueStacksInstaller.exe
5340	BlueStacksInstaller.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
5612	BSX-Setup-5.22.0.1102_nxt.exe
940	BlueStacksInstaller.exe
940	BlueStacksInstaller.exe
940	BlueStacksInstaller.exe
940	BlueStacksInstaller.exe
940	BlueStacksInstaller.exe
940	BlueStacksInstaller.exe
5868	BlueStacksServicesSetup.exe
5868	BlueStacksServicesSetup.exe
3032	tasklist.exe
3032	tasklist.exe
6196	BlueStacksServices.exe
6196	BlueStacksServices.exe
6196	BlueStacksServices.exe
6196	BlueStacksServices.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5340	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5340	BlueStacksInstaller.exe
Token: SeSecurityPrivilege	5612	BSX-Setup-5.22.0.1102_nxt.exe
Token: SeDebugPrivilege	940	BlueStacksInstaller.exe
Token: SeDebugPrivilege	3032	tasklist.exe
Token: SeSecurityPrivilege	5868	BlueStacksServicesSetup.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6404	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6404	BlueStacksServices.exe
Token: SeDebugPrivilege	4268	tasklist.exe
Token: SeDebugPrivilege	2404	tasklist.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeDebugPrivilege	4996	tasklist.exe
Token: SeDebugPrivilege	5384	tasklist.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeDebugPrivilege	2428	tasklist.exe
Token: SeDebugPrivilege	2840	tasklist.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	8744	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	8744	BlueStacksServices.exe
Token: SeDebugPrivilege	1768	tasklist.exe
Token: SeDebugPrivilege	8968	tasklist.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeDebugPrivilege	1876	tasklist.exe
Token: SeDebugPrivilege	6200	tasklist.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeShutdownPrivilege	6252	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	6252	BlueStacksServices.exe
Token: SeDebugPrivilege	7780	tasklist.exe

Suspicious use of FindShellTrayWindow 17 IoCs

pid	Process
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found
5232	Process not Found

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5472	Process not Found
5232	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5540 wrote to memory of 5340	5540	BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe	80
PID 5540 wrote to memory of 5340	5540	BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe	80
PID 5340 wrote to memory of 5300	5340	BlueStacksInstaller.exe	83
PID 5340 wrote to memory of 5300	5340	BlueStacksInstaller.exe	83
PID 5340 wrote to memory of 5300	5340	BlueStacksInstaller.exe	83
PID 5340 wrote to memory of 5208	5340	BlueStacksInstaller.exe	85
PID 5340 wrote to memory of 5208	5340	BlueStacksInstaller.exe	85
PID 5340 wrote to memory of 5208	5340	BlueStacksInstaller.exe	85
PID 5340 wrote to memory of 5612	5340	BlueStacksInstaller.exe	89
PID 5340 wrote to memory of 5612	5340	BlueStacksInstaller.exe	89
PID 5340 wrote to memory of 5612	5340	BlueStacksInstaller.exe	89
PID 5612 wrote to memory of 8832	5612	BSX-Setup-5.22.0.1102_nxt.exe	90
PID 5612 wrote to memory of 8832	5612	BSX-Setup-5.22.0.1102_nxt.exe	90
PID 5612 wrote to memory of 8832	5612	BSX-Setup-5.22.0.1102_nxt.exe	90
PID 8832 wrote to memory of 8912	8832	WScript.exe	91
PID 8832 wrote to memory of 8912	8832	WScript.exe	91
PID 8832 wrote to memory of 8912	8832	WScript.exe	91
PID 8912 wrote to memory of 8956	8912	cmd.exe	93
PID 8912 wrote to memory of 8956	8912	cmd.exe	93
PID 8912 wrote to memory of 8956	8912	cmd.exe	93
PID 8912 wrote to memory of 9012	8912	cmd.exe	94
PID 8912 wrote to memory of 9012	8912	cmd.exe	94
PID 8912 wrote to memory of 9012	8912	cmd.exe	94
PID 8912 wrote to memory of 9140	8912	cmd.exe	96
PID 8912 wrote to memory of 9140	8912	cmd.exe	96
PID 8912 wrote to memory of 9140	8912	cmd.exe	96
PID 8912 wrote to memory of 9212	8912	cmd.exe	97
PID 8912 wrote to memory of 9212	8912	cmd.exe	97
PID 8912 wrote to memory of 9212	8912	cmd.exe	97
PID 5340 wrote to memory of 4424	5340	BlueStacksInstaller.exe	98
PID 5340 wrote to memory of 4424	5340	BlueStacksInstaller.exe	98
PID 5340 wrote to memory of 4424	5340	BlueStacksInstaller.exe	98
PID 4424 wrote to memory of 940	4424	BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe	99
PID 4424 wrote to memory of 940	4424	BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe	99
PID 940 wrote to memory of 2984	940	BlueStacksInstaller.exe	100
PID 940 wrote to memory of 2984	940	BlueStacksInstaller.exe	100
PID 940 wrote to memory of 2984	940	BlueStacksInstaller.exe	100
PID 5868 wrote to memory of 2060	5868	BlueStacksServicesSetup.exe	103
PID 5868 wrote to memory of 2060	5868	BlueStacksServicesSetup.exe	103
PID 5868 wrote to memory of 2060	5868	BlueStacksServicesSetup.exe	103
PID 2060 wrote to memory of 3032	2060	cmd.exe	105
PID 2060 wrote to memory of 3032	2060	cmd.exe	105
PID 2060 wrote to memory of 3032	2060	cmd.exe	105
PID 2060 wrote to memory of 2164	2060	cmd.exe	106
PID 2060 wrote to memory of 2164	2060	cmd.exe	106
PID 2060 wrote to memory of 2164	2060	cmd.exe	106
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111
PID 6252 wrote to memory of 6416	6252	BlueStacksServices.exe	111

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5540
- C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\BlueStacksInstaller.exe"
  2⤵
  - Downloads MZ/PE file
  - Enumerates connected drives
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: RenamesItself
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5340
- - C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5300
- - C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\HD-CheckCpu.exe" --cmd checkSSE4
    3⤵
    - Executes dropped EXE
    PID:5208
- - C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.22.0.1102_nxt.exe
    "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.22.0.1102_nxt.exe" -s
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:5612
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:8832
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c green.bat
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:8912
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="BlueStacksWeb"
        6⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:8956
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="Cloud Game"
        6⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:9012
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
        6⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:9140
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
        6⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:9212
- - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe
    "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.22.0.1102_native_c149362582bde7dfb3b23feb768aa4c3_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe" -versionMachineID=f9222408-6390-44f2-bc3c-933158b0ae69 -machineID=d67fec90-1aef-41f6-b68d-2abf4988c628 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.42.0.1016 -country=GB -isWalletFeatureEnabled -discordUrl=https://discord.gg/UnXV7taVs4
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\7zS84191DF8\BlueStacksInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS84191DF8\BlueStacksInstaller.exe" -versionMachineID=f9222408-6390-44f2-bc3c-933158b0ae69 -machineID=d67fec90-1aef-41f6-b68d-2abf4988c628 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.42.0.1016 -country=GB -isWalletFeatureEnabled -discordUrl=https://discord.gg/UnXV7taVs4
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\7zS84191DF8\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS84191DF8\HD-CheckCpu.exe" --cmd checkHypervEnabled
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2984

C:\ProgramData\BlueStacksServicesSetup.exe
"C:\ProgramData\BlueStacksServicesSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5868
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2060
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3032
- - C:\Windows\SysWOW64\find.exe
    find "BlueStacksServices.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2164

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch
1⤵
- Drops file in System32 directory
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:6252
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1708,i,190621911894471939,3978502329639938010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:6416
- C:\Windows\system32\cscript.exe
  cscript.exe
  2⤵
  PID:6456
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1940 --field-trial-handle=1708,i,190621911894471939,3978502329639938010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6600
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:6704
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:6884
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:6992
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:7644
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:7796
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2572 --field-trial-handle=1708,i,190621911894471939,3978502329639938010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:7936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5972
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:4268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2008
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2404
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:4004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1520
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5716
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:5384
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:4648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7268
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5532
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5996
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7592
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:8968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7988
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:6200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7332
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8856
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:7780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3116
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8224
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2856
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4676
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5180
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7248
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:8224
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2172
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3572
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4568
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7864
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:760
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:432
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5716
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2776
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6140
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:1100
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7136
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7748
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4712
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8336
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8640
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7280
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6728
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:1772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6080
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4584
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8384
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8932
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7988
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4908
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9096
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:1676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4336
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8648
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2904
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7752
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8548
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:8092
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7340
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6972
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7908
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1536
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8804
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3660 --field-trial-handle=1708,i,190621911894471939,3978502329639938010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9168
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6512
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6180
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:6404
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1708,i,1242020796539569374,12420304344257583701,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:7116
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1708,i,1242020796539569374,12420304344257583701,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:7140
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1708,i,1242020796539569374,12420304344257583701,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:2744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7040
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  PID:7428
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1948,i,3631783676511589971,4811730438748057511,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:2944
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1840 --field-trial-handle=1948,i,3631783676511589971,4811730438748057511,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:5668
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2292 --field-trial-handle=1948,i,3631783676511589971,4811730438748057511,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:1588

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1056
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  PID:3936
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1632,i,14412081222789756381,4818191871647387182,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:3296
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1892 --field-trial-handle=1632,i,14412081222789756381,4818191871647387182,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:2828
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1632,i,14412081222789756381,4818191871647387182,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:3864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1696
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  PID:6744
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1740,i,11784495819583852639,4352340625244605884,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:2328
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1740,i,11784495819583852639,4352340625244605884,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:5092
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1740,i,11784495819583852639,4352340625244605884,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:1712

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6928
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  PID:7384
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1760,i,6811280287427819653,2852879442708583644,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:8220
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1968 --field-trial-handle=1760,i,6811280287427819653,2852879442708583644,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:8252
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2268 --field-trial-handle=1760,i,6811280287427819653,2852879442708583644,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:8268

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7892
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  - Modifies registry class
  PID:8616
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1752,i,4130629870273693691,6874040236601711222,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:8036
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1984 --field-trial-handle=1752,i,4130629870273693691,6874040236601711222,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:8140
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2172 --field-trial-handle=1752,i,4130629870273693691,6874040236601711222,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:8120

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7964
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  PID:8992
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1804,i,1639042300210253575,1179026145886464873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:6872
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1804,i,1639042300210253575,1179026145886464873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:1788
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1804,i,1639042300210253575,1179026145886464873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:2996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6508
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  PID:2032
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1740,i,15354214054928765883,18330653582643710271,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:5848
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1740,i,15354214054928765883,18330653582643710271,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:3844
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2200 --field-trial-handle=1740,i,15354214054928765883,18330653582643710271,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:9112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2892
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  PID:1508
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1756,i,4108044238820699340,5557713910899181765,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:4160
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1756,i,4108044238820699340,5557713910899181765,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:5140
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1756,i,4108044238820699340,5557713910899181765,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:1112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3132
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  PID:7216
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1752,i,15927527505380095712,1911485212583017919,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:4256
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1752,i,15927527505380095712,1911485212583017919,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:6540
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2196 --field-trial-handle=1752,i,15927527505380095712,1911485212583017919,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:7080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6848
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:7364
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1492 --field-trial-handle=1700,i,2241574184947441774,1977332115331763835,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:7484
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1700,i,2241574184947441774,1977332115331763835,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:7392
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2312 --field-trial-handle=1700,i,2241574184947441774,1977332115331763835,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:7752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6980
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  PID:7124
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1744,i,4537490629793775399,15918257977265715408,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:8468
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2036 --field-trial-handle=1744,i,4537490629793775399,15918257977265715408,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:8472
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1744,i,4537490629793775399,15918257977265715408,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:8544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7604
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Executes dropped EXE
  - Modifies registry class
  PID:8932
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1756,i,14661856113023918821,16449067117307922616,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:8908
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1756,i,14661856113023918821,16449067117307922616,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:1976
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2228 --field-trial-handle=1756,i,14661856113023918821,16449067117307922616,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8084
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  PID:6932
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1764,i,8951979701181872708,2473021446950710876,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2376
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1764,i,8951979701181872708,2473021446950710876,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5100
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2196 --field-trial-handle=1764,i,8951979701181872708,2473021446950710876,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6844
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7412
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1684,i,16538890759421392325,9021260639175425137,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2036
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2016 --field-trial-handle=1684,i,16538890759421392325,9021260639175425137,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2924
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1684,i,16538890759421392325,9021260639175425137,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3452
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:8744
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1692,i,14153336955200807003,11169647608086837971,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4580
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1692,i,14153336955200807003,11169647608086837971,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7560
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2240 --field-trial-handle=1692,i,14153336955200807003,11169647608086837971,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4800
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:4628
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1740,i,1234072287314834756,5791788600911600152,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6400
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1740,i,1234072287314834756,5791788600911600152,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7704
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1740,i,1234072287314834756,5791788600911600152,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5164
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:4952
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1752,i,9070517412031493694,2868156576424055898,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5768
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2032 --field-trial-handle=1752,i,9070517412031493694,2868156576424055898,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3000
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1752,i,9070517412031493694,2868156576424055898,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7764
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:4244
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1948,i,12417248162024821817,17142735539615151715,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:3288
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1792 --field-trial-handle=1948,i,12417248162024821817,17142735539615151715,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4464
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2240 --field-trial-handle=1948,i,12417248162024821817,17142735539615151715,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8680
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:2484
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1700,i,7578232113674190917,16744263078001337620,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8304
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1700,i,7578232113674190917,16744263078001337620,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:436
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1700,i,7578232113674190917,16744263078001337620,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5072

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7216
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:2536
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1476 --field-trial-handle=1844,i,12463237133902320998,15165636724496937978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7736
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1892 --field-trial-handle=1844,i,12463237133902320998,15165636724496937978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2788
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1844,i,12463237133902320998,15165636724496937978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7184

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8292
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:3764
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1860,i,8718243790979662768,15163331564638753567,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5608
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1880 --field-trial-handle=1860,i,8718243790979662768,15163331564638753567,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8068
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2180 --field-trial-handle=1860,i,8718243790979662768,15163331564638753567,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8024
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:2724
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1748,i,12060720800479894479,9641599615123678663,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:976
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1748,i,12060720800479894479,9641599615123678663,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5780
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1748,i,12060720800479894479,9641599615123678663,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8684
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7956
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1788,i,9583898206469198078,3570732395823812815,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7056
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1872 --field-trial-handle=1788,i,9583898206469198078,3570732395823812815,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6908
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2300 --field-trial-handle=1788,i,9583898206469198078,3570732395823812815,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3560
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:6856
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1724,i,880321696875169188,4741862419389312268,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5260
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1724,i,880321696875169188,4741862419389312268,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2180
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1724,i,880321696875169188,4741862419389312268,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8720
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7436
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1744,i,1220041138558539779,12279883615448763983,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8564
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1744,i,1220041138558539779,12279883615448763983,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2192 --field-trial-handle=1744,i,1220041138558539779,12279883615448763983,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1676

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7268
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:3364
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1792,i,15158060091092066635,5042991988702371928,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8840
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1872 --field-trial-handle=1792,i,15158060091092066635,5042991988702371928,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3880
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1792,i,15158060091092066635,5042991988702371928,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8036

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6992
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:8804
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1852,i,8708786510594612449,12082848202361306826,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7628
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1908 --field-trial-handle=1852,i,8708786510594612449,12082848202361306826,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6852
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2196 --field-trial-handle=1852,i,8708786510594612449,12082848202361306826,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5184
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:3428
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=2012,i,17782586591624111461,5193012270314648322,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1080
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1864 --field-trial-handle=2012,i,17782586591624111461,5193012270314648322,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2696
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=2012,i,17782586591624111461,5193012270314648322,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1416
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:1572
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1692,i,10412490511925874256,11261122913494245015,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7976
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1968 --field-trial-handle=1692,i,10412490511925874256,11261122913494245015,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9144
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2176 --field-trial-handle=1692,i,10412490511925874256,11261122913494245015,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9148

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8532
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:3684
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1956,i,16965085230233041604,17140122299305419133,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7852
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1868 --field-trial-handle=1956,i,16965085230233041604,17140122299305419133,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2428
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2188 --field-trial-handle=1956,i,16965085230233041604,17140122299305419133,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7348

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8160
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:1208
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1984,i,16435318546661073648,3748306736690144843,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8496
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1876 --field-trial-handle=1984,i,16435318546661073648,3748306736690144843,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1440
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1984,i,16435318546661073648,3748306736690144843,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8100
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:688
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1492 --field-trial-handle=1736,i,5300756458080757716,13548932607038023660,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7508
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2032 --field-trial-handle=1736,i,5300756458080757716,13548932607038023660,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4676
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2236 --field-trial-handle=1736,i,5300756458080757716,13548932607038023660,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1960

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8284
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:7236
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1712,i,16935183867020587,12437636650697936965,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8120
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1712,i,16935183867020587,12437636650697936965,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6896
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2324 --field-trial-handle=1712,i,16935183867020587,12437636650697936965,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5840
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:2316
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1748,i,4537507611239843189,15722088369625743050,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5772
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1748,i,4537507611239843189,15722088369625743050,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2200 --field-trial-handle=1748,i,4537507611239843189,15722088369625743050,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7500

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2808
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7364
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1500 --field-trial-handle=1700,i,16664658785865818084,13669633113524280365,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5736
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1700,i,16664658785865818084,13669633113524280365,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8524
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1700,i,16664658785865818084,13669633113524280365,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5848
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6148
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1696,i,9927549909372474533,8233033064521609170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1692
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1696,i,9927549909372474533,8233033064521609170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9024
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2240 --field-trial-handle=1696,i,9927549909372474533,8233033064521609170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2056
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:7620
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1756,i,429439136191450124,6678826727168399977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:572
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1756,i,429439136191450124,6678826727168399977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7636
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1756,i,429439136191450124,6678826727168399977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7668
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:5268
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1688,i,9027775120765797681,6058583973063785526,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8692
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1688,i,9027775120765797681,6058583973063785526,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2276 --field-trial-handle=1688,i,9027775120765797681,6058583973063785526,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9076

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6868
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:768
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1768,i,3108000726609191017,11353524756773512260,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7360
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2028 --field-trial-handle=1768,i,3108000726609191017,11353524756773512260,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6640
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1768,i,3108000726609191017,11353524756773512260,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5112
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:2208
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1760,i,16513810820394217912,7141896610639874587,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5688
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1760,i,16513810820394217912,7141896610639874587,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6356
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1760,i,16513810820394217912,7141896610639874587,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3056
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7960
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1772,i,12969660332948847589,8244990120450089973,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6852
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1772,i,12969660332948847589,8244990120450089973,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5200
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1772,i,12969660332948847589,8244990120450089973,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4608
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:432
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1796,i,3538657174375081492,9854065559411024701,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5892
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1852 --field-trial-handle=1796,i,3538657174375081492,9854065559411024701,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4004
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1796,i,3538657174375081492,9854065559411024701,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2980
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:7044
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1808,i,17471770809718445495,12071901660171814609,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:788
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1928 --field-trial-handle=1808,i,17471770809718445495,12071901660171814609,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6176
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2284 --field-trial-handle=1808,i,17471770809718445495,12071901660171814609,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9168

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7968
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6860
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1692,i,6695836117203331740,16865266696190506648,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8760
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2040 --field-trial-handle=1692,i,6695836117203331740,16865266696190506648,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7432
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2236 --field-trial-handle=1692,i,6695836117203331740,16865266696190506648,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7500

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4996
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:7852
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1864,i,7171579866014652184,6434441164780358984,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7856
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1936 --field-trial-handle=1864,i,7171579866014652184,6434441164780358984,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7948
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2268 --field-trial-handle=1864,i,7171579866014652184,6434441164780358984,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7420
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7560
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1744,i,9990925984420844444,13902366403820766707,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6744
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2016 --field-trial-handle=1744,i,9990925984420844444,13902366403820766707,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1632
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1744,i,9990925984420844444,13902366403820766707,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8276
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:1504
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1752,i,14250107411595887460,14931268103407963988,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1336 --field-trial-handle=1752,i,14250107411595887460,14931268103407963988,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8336
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2188 --field-trial-handle=1752,i,14250107411595887460,14931268103407963988,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1584
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:1208
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1772,i,3385170470112942375,18300246138459402663,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:3044
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1904 --field-trial-handle=1772,i,3385170470112942375,18300246138459402663,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8208
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1772,i,3385170470112942375,18300246138459402663,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:672
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8400
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1860,i,9148801639695356628,14466559581678705476,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9148
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1876 --field-trial-handle=1860,i,9148801639695356628,14466559581678705476,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6880
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1860,i,9148801639695356628,14466559581678705476,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8484

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8560
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:8036
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6984
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1764,i,58798909101375404,5606591645102947207,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5884
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1764,i,58798909101375404,5606591645102947207,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5556
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2200 --field-trial-handle=1764,i,58798909101375404,5606591645102947207,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1692
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:7876
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1708,i,15681212529611148603,6138309577280948348,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5080
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1708,i,15681212529611148603,6138309577280948348,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6856
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2184 --field-trial-handle=1708,i,15681212529611148603,6138309577280948348,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6172
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7432
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1708,i,12314335373347678782,14326397421945343977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7380
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1708,i,12314335373347678782,14326397421945343977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2240
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1708,i,12314335373347678782,14326397421945343977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7152
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5272
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1768,i,1186475697485510266,6465249781639888438,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4708
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2036 --field-trial-handle=1768,i,1186475697485510266,6465249781639888438,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8844
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1768,i,1186475697485510266,6465249781639888438,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1116
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8928
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1876,i,18338656366909841621,5886297641107623051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5972
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1880 --field-trial-handle=1876,i,18338656366909841621,5886297641107623051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6928
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,18338656366909841621,5886297641107623051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2284
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8352
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1724,i,1255536622763199970,10091401426221934002,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5028
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1724,i,1255536622763199970,10091401426221934002,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4908
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1724,i,1255536622763199970,10091401426221934002,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7004
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7276
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1756,i,1407229744478173527,9413235662247893979,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6476
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1756,i,1407229744478173527,9413235662247893979,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4804
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1756,i,1407229744478173527,9413235662247893979,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1432
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:2256
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1852,i,7951817465724838948,4926539009129694307,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8732
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1916 --field-trial-handle=1852,i,7951817465724838948,4926539009129694307,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7268
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2216 --field-trial-handle=1852,i,7951817465724838948,4926539009129694307,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5344
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:5884
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1492 --field-trial-handle=1788,i,1445577162058469375,11144845584703484290,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7572
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1788,i,1445577162058469375,11144845584703484290,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4252
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1788,i,1445577162058469375,11144845584703484290,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7512

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2472
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:6668
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1716,i,11556350010063173258,10885133529735639674,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2240
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1716,i,11556350010063173258,10885133529735639674,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8292
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2280 --field-trial-handle=1716,i,11556350010063173258,10885133529735639674,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8116
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:7464
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1696,i,16009041659394807229,15198636081089871179,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:3624
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1696,i,16009041659394807229,15198636081089871179,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8684
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1696,i,16009041659394807229,15198636081089871179,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5608
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:5840
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1756,i,4702690286599710804,9596060282211867274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8936
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1756,i,4702690286599710804,9596060282211867274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7820
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2276 --field-trial-handle=1756,i,4702690286599710804,9596060282211867274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5772
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:1736
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1768,i,5236910395261018852,2989072680438357246,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9112
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1888 --field-trial-handle=1768,i,5236910395261018852,2989072680438357246,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1428
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1768,i,5236910395261018852,2989072680438357246,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:9036
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:6108
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1840,i,628008103076555041,11630963054275423666,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:776
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2040 --field-trial-handle=1840,i,628008103076555041,11630963054275423666,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8708
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2272 --field-trial-handle=1840,i,628008103076555041,11630963054275423666,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5140
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:4552
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1804,i,2323888569171672249,1333764856759617720,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7848
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1940 --field-trial-handle=1804,i,2323888569171672249,1333764856759617720,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8216
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2284 --field-trial-handle=1804,i,2323888569171672249,1333764856759617720,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5052
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:8568
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=2088,i,3478162349638016720,4679123340583756844,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7800
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1856 --field-trial-handle=2088,i,3478162349638016720,4679123340583756844,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2484
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2080 --field-trial-handle=2088,i,3478162349638016720,4679123340583756844,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5264

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5380
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8784
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1740,i,9738947549865825568,10681706389273492324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6888
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1740,i,9738947549865825568,10681706389273492324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3280
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2180 --field-trial-handle=1740,i,9738947549865825568,10681706389273492324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1176
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:3508
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1868,i,601302659730166948,5333248273399126954,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2036
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1888 --field-trial-handle=1868,i,601302659730166948,5333248273399126954,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6540
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2236 --field-trial-handle=1868,i,601302659730166948,5333248273399126954,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4652
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:6640
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:4280
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1864,i,11395830090511380354,13670818888540412310,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8536
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1904 --field-trial-handle=1864,i,11395830090511380354,13670818888540412310,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8740
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2192 --field-trial-handle=1864,i,11395830090511380354,13670818888540412310,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7020
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:3912
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1796,i,5649501110164207189,12409328658193200718,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8188
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1920 --field-trial-handle=1796,i,5649501110164207189,12409328658193200718,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8180
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2216 --field-trial-handle=1796,i,5649501110164207189,12409328658193200718,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8016
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5884
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7712
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1764,i,3614358436412379394,1750286813871043845,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6636
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1884 --field-trial-handle=1764,i,3614358436412379394,1750286813871043845,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5804
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2316 --field-trial-handle=1764,i,3614358436412379394,1750286813871043845,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6452

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2640
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:6084
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1884,i,15777805296694999910,15814340314455584261,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2524
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1860 --field-trial-handle=1884,i,15777805296694999910,15814340314455584261,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7036
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2128 --field-trial-handle=1884,i,15777805296694999910,15814340314455584261,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3092

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6952
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:7692
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1684,i,2443175083365818098,4877105862496498134,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1708
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1684,i,2443175083365818098,4877105862496498134,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2508
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1684,i,2443175083365818098,4877105862496498134,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7048
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:6228
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1752,i,11988285596717680594,15368386001313395738,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8452
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1752,i,11988285596717680594,15368386001313395738,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5668
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2216 --field-trial-handle=1752,i,11988285596717680594,15368386001313395738,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7488
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6880
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1828,i,4253372570866536609,18292072245852187545,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4676
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1828,i,4253372570866536609,18292072245852187545,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8468
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2228 --field-trial-handle=1828,i,4253372570866536609,18292072245852187545,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1100

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3116
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:8352
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1976,i,13356221726325730289,7958051240821395636,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9212
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1852 --field-trial-handle=1976,i,13356221726325730289,7958051240821395636,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7500
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2100 --field-trial-handle=1976,i,13356221726325730289,7958051240821395636,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7656
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6248
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1664,i,7977362202062491360,12433560169558682696,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9132
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1664,i,7977362202062491360,12433560169558682696,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3628
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2240 --field-trial-handle=1664,i,7977362202062491360,12433560169558682696,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8480
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6348
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1960,i,11186425166395314444,7198418207779192380,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7136
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1884 --field-trial-handle=1960,i,11186425166395314444,7198418207779192380,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8272
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2172 --field-trial-handle=1960,i,11186425166395314444,7198418207779192380,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2904
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:2684
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1716,i,17782267788894523993,14597814087262550808,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7524
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1716,i,17782267788894523993,14597814087262550808,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8516
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2280 --field-trial-handle=1716,i,17782267788894523993,14597814087262550808,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6932
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:8084
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1792,i,10584867475370515850,6795876552818754097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8176
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1912 --field-trial-handle=1792,i,10584867475370515850,6795876552818754097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2856
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1792,i,10584867475370515850,6795876552818754097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8616
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:5676
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1808,i,7909889680120600763,12489285564779354654,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2412
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1916 --field-trial-handle=1808,i,7909889680120600763,12489285564779354654,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2068
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1808,i,7909889680120600763,12489285564779354654,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5868

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6916
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:4552
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1876,i,14116551549954822376,17035463414966043326,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4276
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1908 --field-trial-handle=1876,i,14116551549954822376,17035463414966043326,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7176
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1876,i,14116551549954822376,17035463414966043326,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7840
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:8912
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1436 --field-trial-handle=1684,i,13744902038365027476,10757189828961764507,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5308
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1684,i,13744902038365027476,10757189828961764507,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8304
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1684,i,13744902038365027476,10757189828961764507,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5984
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8128
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1724,i,13817893094129072736,16502020737299014013,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7032
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1724,i,13817893094129072736,16502020737299014013,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5532
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1724,i,13817893094129072736,16502020737299014013,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4460
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5444
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1756,i,8517505931561155356,2163192093070694387,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1856
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1756,i,8517505931561155356,2163192093070694387,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8732
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2184 --field-trial-handle=1756,i,8517505931561155356,2163192093070694387,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3128

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4608
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:4396
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1752,i,4130747003008621880,116529920061246060,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1864
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1752,i,4130747003008621880,116529920061246060,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6860
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2192 --field-trial-handle=1752,i,4130747003008621880,116529920061246060,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8092

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1428
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:2364
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1688,i,11823561871451863466,8815432876715101704,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:840
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1688,i,11823561871451863466,8815432876715101704,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6204
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1688,i,11823561871451863466,8815432876715101704,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6604
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5068
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1764,i,9589586601955550070,5694226399564828940,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5872
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1764,i,9589586601955550070,5694226399564828940,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8452
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1764,i,9589586601955550070,5694226399564828940,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6536
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:6348
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5232
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=2028,i,11954718854353175231,9181613789947475454,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6864
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1856 --field-trial-handle=2028,i,11954718854353175231,9181613789947475454,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1712
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2112 --field-trial-handle=2028,i,11954718854353175231,9181613789947475454,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8820
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:5528
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1744,i,1925809061189856710,7283277325883290700,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5816
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2028 --field-trial-handle=1744,i,1925809061189856710,7283277325883290700,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1484
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2228 --field-trial-handle=1744,i,1925809061189856710,7283277325883290700,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4652
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:8304
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1860,i,2941946702327894050,4609545768871087869,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9136
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1872 --field-trial-handle=1860,i,2941946702327894050,4609545768871087869,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:920
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1860,i,2941946702327894050,4609545768871087869,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5260

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7868
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:3472
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1736,i,735179771634146000,18187908480833976262,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:380
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1900 --field-trial-handle=1736,i,735179771634146000,18187908480833976262,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3024
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2176 --field-trial-handle=1736,i,735179771634146000,18187908480833976262,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5296

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4136
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:3808
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1732,i,477020483620090281,16257872026599225143,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9212
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1732,i,477020483620090281,16257872026599225143,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2372
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1732,i,477020483620090281,16257872026599225143,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7328
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:1200
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1692,i,14192268553388916985,13191448541472576927,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5056
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1692,i,14192268553388916985,13191448541472576927,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8892
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1692,i,14192268553388916985,13191448541472576927,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6740
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:2696
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1848,i,17717144819645804214,2250519526425936655,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1916 --field-trial-handle=1848,i,17717144819645804214,2250519526425936655,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4208
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1848,i,17717144819645804214,2250519526425936655,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8636

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8532
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:9168
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1752,i,11683770620720692147,9987047320587608756,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7772
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2040 --field-trial-handle=1752,i,11683770620720692147,9987047320587608756,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5128
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2276 --field-trial-handle=1752,i,11683770620720692147,9987047320587608756,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4532
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:7496
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1772,i,6415604060627889725,2165866591012917802,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:688
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1772,i,6415604060627889725,2165866591012917802,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4384
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1772,i,6415604060627889725,2165866591012917802,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5272

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8740
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:5780
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1764,i,7957303692187279584,6982175502801388034,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1620
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1912 --field-trial-handle=1764,i,7957303692187279584,6982175502801388034,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1244
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1764,i,7957303692187279584,6982175502801388034,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7200
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8268
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1744,i,5602522841233038380,14528921111511865006,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7856
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1744,i,5602522841233038380,14528921111511865006,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8664
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2180 --field-trial-handle=1744,i,5602522841233038380,14528921111511865006,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7540

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2784
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:1520
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1692,i,3795906970166960596,985377387139014482,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8320
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1692,i,3795906970166960596,985377387139014482,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7672
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1692,i,3795906970166960596,985377387139014482,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2724
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:3024
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:8180
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1756,i,6922737291157210973,9714154202388161284,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5844
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1868 --field-trial-handle=1756,i,6922737291157210973,9714154202388161284,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6844
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2224 --field-trial-handle=1756,i,6922737291157210973,9714154202388161284,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5536
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:4796
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1784,i,11425891169508619343,5769057323682990978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8300
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1784,i,11425891169508619343,5769057323682990978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6776
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2236 --field-trial-handle=1784,i,11425891169508619343,5769057323682990978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8448

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8420
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:7620
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1812,i,6031195481128071003,13246478615528117428,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6884
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1860 --field-trial-handle=1812,i,6031195481128071003,13246478615528117428,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9120
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2272 --field-trial-handle=1812,i,6031195481128071003,13246478615528117428,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7836
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5544
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1492 --field-trial-handle=1744,i,13340928991782223558,8260255173164525536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1768
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1992 --field-trial-handle=1744,i,13340928991782223558,8260255173164525536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2508
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2276 --field-trial-handle=1744,i,13340928991782223558,8260255173164525536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1188
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:7256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5972
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:1360
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1680,i,3112358660936158901,8283705191406273621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:3848
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1680,i,3112358660936158901,8283705191406273621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7388
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1680,i,3112358660936158901,8283705191406273621,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7616
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:4480
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1748,i,3944280124619197936,9284923887667075763,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:3392
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1748,i,3944280124619197936,9284923887667075763,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4540
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2184 --field-trial-handle=1748,i,3944280124619197936,9284923887667075763,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1856

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8844
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:7916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8648
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:5596
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1748,i,12070471407952446099,12744273339588651592,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2808
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1892 --field-trial-handle=1748,i,12070471407952446099,12744273339588651592,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4532
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2272 --field-trial-handle=1748,i,12070471407952446099,12744273339588651592,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7496

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1996
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5704
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1756,i,7717153060099211447,11747727168150125643,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1756,i,7717153060099211447,11747727168150125643,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6488
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2228 --field-trial-handle=1756,i,7717153060099211447,11747727168150125643,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7660
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:9076
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1784,i,6041601510303881735,17518336175555686606,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7740
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1928 --field-trial-handle=1784,i,6041601510303881735,17518336175555686606,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1540
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2200 --field-trial-handle=1784,i,6041601510303881735,17518336175555686606,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5872
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:5000
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1492 --field-trial-handle=1744,i,9731139391804991963,2892180496926337360,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9036
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1908 --field-trial-handle=1744,i,9731139391804991963,2892180496926337360,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2472
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2084 --field-trial-handle=1744,i,9731139391804991963,2892180496926337360,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7312
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:8188
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5084
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1752,i,383811268413304374,17825469450387700367,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4904
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1752,i,383811268413304374,17825469450387700367,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2224 --field-trial-handle=1752,i,383811268413304374,17825469450387700367,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2992
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:2076
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1476 --field-trial-handle=1716,i,2084897980178824915,3785496850152556198,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4208
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2036 --field-trial-handle=1716,i,2084897980178824915,3785496850152556198,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8112
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2184 --field-trial-handle=1716,i,2084897980178824915,3785496850152556198,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2696
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6008
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1740,i,2069136753253324821,11257828069237696911,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2680
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1740,i,2069136753253324821,11257828069237696911,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8340
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1740,i,2069136753253324821,11257828069237696911,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8568
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7096
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1696,i,5796026199929969125,11476521195744550985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4132
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1696,i,5796026199929969125,11476521195744550985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3020
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1696,i,5796026199929969125,11476521195744550985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7344
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6200
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1876,i,10990332059118795944,5188430895745826879,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6248
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1928 --field-trial-handle=1876,i,10990332059118795944,5188430895745826879,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8212
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1876,i,10990332059118795944,5188430895745826879,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8444
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:4932
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1812,i,12046209730191213890,3572676284800653886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5268
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1920 --field-trial-handle=1812,i,12046209730191213890,3572676284800653886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5032
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2228 --field-trial-handle=1812,i,12046209730191213890,3572676284800653886,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5100
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:4396
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:3564
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1764,i,16631601973041255974,10278754717178081858,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6216
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1764,i,16631601973041255974,10278754717178081858,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7240
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1764,i,16631601973041255974,10278754717178081858,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3456
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:6744
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1744,i,9815701437006103577,9512582596837708001,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8484
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1904 --field-trial-handle=1744,i,9815701437006103577,9512582596837708001,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8076
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2268 --field-trial-handle=1744,i,9815701437006103577,9512582596837708001,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8796
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:6108
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1752,i,6408916394283226699,1185231623292220532,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7548
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1752,i,6408916394283226699,1185231623292220532,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7600
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2200 --field-trial-handle=1752,i,6408916394283226699,1185231623292220532,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2800

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:9076
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8692
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1824,i,2724049273588399888,9009169155529126667,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4656
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1900 --field-trial-handle=1824,i,2724049273588399888,9009169155529126667,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8356
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2268 --field-trial-handle=1824,i,2724049273588399888,9009169155529126667,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:9068
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8488
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1704,i,17791208600703174958,7959194212620325898,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7628
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1704,i,17791208600703174958,7959194212620325898,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3428
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2196 --field-trial-handle=1704,i,17791208600703174958,7959194212620325898,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3216
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5360
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1820,i,11983251658187363230,8427617311413614394,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6836
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1892 --field-trial-handle=1820,i,11983251658187363230,8427617311413614394,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9024
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2192 --field-trial-handle=1820,i,11983251658187363230,8427617311413614394,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7032

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8316
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:1708
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:8084
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1752,i,13583961660127115677,4513989412566200078,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5996
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1924 --field-trial-handle=1752,i,13583961660127115677,4513989412566200078,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1668
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2228 --field-trial-handle=1752,i,13583961660127115677,4513989412566200078,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6240
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:4784
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1812,i,8743372676045365456,10018070766611689844,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7680
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2032 --field-trial-handle=1812,i,8743372676045365456,10018070766611689844,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4460
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2280 --field-trial-handle=1812,i,8743372676045365456,10018070766611689844,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4532
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:2528
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1692,i,1628659173674893970,15747591720623393148,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9212
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1692,i,1628659173674893970,15747591720623393148,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1444
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2304 --field-trial-handle=1692,i,1628659173674893970,15747591720623393148,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7520
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8260
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1772,i,10456323681660953308,14963820173918872097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9040
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1888 --field-trial-handle=1772,i,10456323681660953308,14963820173918872097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7476
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1772,i,10456323681660953308,14963820173918872097,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8324

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8444
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:2676
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1768,i,16686363563116556700,12806706227884217569,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1068
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1768,i,16686363563116556700,12806706227884217569,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7112
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2216 --field-trial-handle=1768,i,16686363563116556700,12806706227884217569,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7576

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6204
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:6604
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1716,i,1371428143001053522,9323609384507819504,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6744
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1716,i,1371428143001053522,9323609384507819504,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5084
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1716,i,1371428143001053522,9323609384507819504,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8756

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8448
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:948
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1764,i,13235128144676405724,15655166911793202697,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6912
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1864 --field-trial-handle=1764,i,13235128144676405724,15655166911793202697,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2800
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2088 --field-trial-handle=1764,i,13235128144676405724,15655166911793202697,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7132
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:1208
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1816,i,9954513598345225685,10111694085489207061,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1668
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1896 --field-trial-handle=1816,i,9954513598345225685,10111694085489207061,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1508
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2188 --field-trial-handle=1816,i,9954513598345225685,10111694085489207061,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6640
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:2036
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1760,i,1426521907947705054,12792444615255572700,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6104
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1760,i,1426521907947705054,12792444615255572700,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1760,i,1426521907947705054,12792444615255572700,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3936
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5052
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1732,i,3797669298759186349,5228789362798552912,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9152
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1904 --field-trial-handle=1732,i,3797669298759186349,5228789362798552912,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5236
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2240 --field-trial-handle=1732,i,3797669298759186349,5228789362798552912,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6012
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:8748
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1780,i,14654150401304538648,1277055109528872690,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8264
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1780,i,14654150401304538648,1277055109528872690,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5792
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2224 --field-trial-handle=1780,i,14654150401304538648,1277055109528872690,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7476
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6116
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1740,i,9958067359704563566,9096409685458742016,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7220
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1740,i,9958067359704563566,9096409685458742016,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8944
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1740,i,9958067359704563566,9096409685458742016,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3044
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:7764
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1752,i,17803583822268297207,12341055619023638500,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7596
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1920 --field-trial-handle=1752,i,17803583822268297207,12341055619023638500,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3148
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1752,i,17803583822268297207,12341055619023638500,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7860
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:1912
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1756,i,9144893721822953020,12300382447415490146,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:3572
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2016 --field-trial-handle=1756,i,9144893721822953020,12300382447415490146,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1056
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2276 --field-trial-handle=1756,i,9144893721822953020,12300382447415490146,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2800

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7012
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5068
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:4912
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1708,i,14490660494199766127,7010832621095879037,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5688
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2028 --field-trial-handle=1708,i,14490660494199766127,7010832621095879037,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2524
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1708,i,14490660494199766127,7010832621095879037,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5252

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8732
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5544
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:2980
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1824,i,7491714488083054421,11257948206507612764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5488
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1908 --field-trial-handle=1824,i,7491714488083054421,11257948206507612764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6104
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2224 --field-trial-handle=1824,i,7491714488083054421,11257948206507612764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6704
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6228
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1712,i,8395499709127119916,2859933305886125458,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4828
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1976 --field-trial-handle=1712,i,8395499709127119916,2859933305886125458,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2156 --field-trial-handle=1712,i,8395499709127119916,2859933305886125458,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3800
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:880
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1748,i,16377019008457021434,2706292185083834064,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6272
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1748,i,16377019008457021434,2706292185083834064,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3496
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2180 --field-trial-handle=1748,i,16377019008457021434,2706292185083834064,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7500
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:7344
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1720,i,14004245536010456899,61325919266445978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2080
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2040 --field-trial-handle=1720,i,14004245536010456899,61325919266445978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7200
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1720,i,14004245536010456899,61325919266445978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2788
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7092
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1840,i,16371560710165488424,558651500050833249,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4720
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1916 --field-trial-handle=1840,i,16371560710165488424,558651500050833249,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:668
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1840,i,16371560710165488424,558651500050833249,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6160
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:9016
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1724,i,7990850401973866403,7419270988032654938,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4028
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1908 --field-trial-handle=1724,i,7990850401973866403,7419270988032654938,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4248
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1724,i,7990850401973866403,7419270988032654938,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8532
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:2840
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1764,i,18331301493857692724,3361101244219408709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5216
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1932 --field-trial-handle=1764,i,18331301493857692724,3361101244219408709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7992
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2272 --field-trial-handle=1764,i,18331301493857692724,3361101244219408709,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1268

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8696
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:5432
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1788,i,9814137005487742830,13974998019832617995,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5484
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1788,i,9814137005487742830,13974998019832617995,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6008
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2284 --field-trial-handle=1788,i,9814137005487742830,13974998019832617995,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8120

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:324
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:7956
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:8972
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1848,i,6425662331538717047,6222001479143533633,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4456
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1900 --field-trial-handle=1848,i,6425662331538717047,6222001479143533633,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7308
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2312 --field-trial-handle=1848,i,6425662331538717047,6222001479143533633,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3376
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:9156
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1768,i,6433665159694446903,10270086810405482746,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2248
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1916 --field-trial-handle=1768,i,6433665159694446903,10270086810405482746,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2096 --field-trial-handle=1768,i,6433665159694446903,10270086810405482746,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1100
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:6684
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1684,i,14389901699454822104,3701041424485249109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8324
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2028 --field-trial-handle=1684,i,14389901699454822104,3701041424485249109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7584
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2216 --field-trial-handle=1684,i,14389901699454822104,3701041424485249109,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5300
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:3592
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1684,i,15045573342355673996,13599474519198347810,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:3596
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2032 --field-trial-handle=1684,i,15045573342355673996,13599474519198347810,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1684,i,15045573342355673996,13599474519198347810,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6868

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7856
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:7600
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:7988
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1844,i,13365560473468244278,9636869793491187381,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7820
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1932 --field-trial-handle=1844,i,13365560473468244278,9636869793491187381,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3264
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2272 --field-trial-handle=1844,i,13365560473468244278,9636869793491187381,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8728

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6236
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:2340
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1760,i,12012798524789061147,6164391005610695378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4264
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1760,i,12012798524789061147,6164391005610695378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8108
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1760,i,12012798524789061147,6164391005610695378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5148

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5932
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:6776
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1724,i,7869135303330152057,14006471299319388801,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:3148
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1724,i,7869135303330152057,14006471299319388801,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5000
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1724,i,7869135303330152057,14006471299319388801,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5124
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:200
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1804,i,14832335345174236928,818219486620926497,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7268
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1952 --field-trial-handle=1804,i,14832335345174236928,818219486620926497,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9032
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2268 --field-trial-handle=1804,i,14832335345174236928,818219486620926497,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7112
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:2532
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1640,i,6124212215610502189,7664142194191837796,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8444
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1640,i,6124212215610502189,7664142194191837796,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5872
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2288 --field-trial-handle=1640,i,6124212215610502189,7664142194191837796,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8412
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:1360
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:3808
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1788,i,17179389554121542271,1379021945433487744,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7044
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1876 --field-trial-handle=1788,i,17179389554121542271,1379021945433487744,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1428
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2264 --field-trial-handle=1788,i,17179389554121542271,1379021945433487744,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5744
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:8944
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8364
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=2044,i,751676308311414227,231601489190500730,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6816
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1852 --field-trial-handle=2044,i,751676308311414227,231601489190500730,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1864
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2104 --field-trial-handle=2044,i,751676308311414227,231601489190500730,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7312
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:3760
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1712,i,8780308545732200516,15251102032187386734,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7844
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1888 --field-trial-handle=1712,i,8780308545732200516,15251102032187386734,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6380
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2288 --field-trial-handle=1712,i,8780308545732200516,15251102032187386734,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7572
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:1432
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1780,i,11984207224099279639,16947839227980167162,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:540
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1896 --field-trial-handle=1780,i,11984207224099279639,16947839227980167162,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4884
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1780,i,11984207224099279639,16947839227980167162,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8732
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:7640
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1752,i,13891682507793237753,7318420647583361638,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2784
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1752,i,13891682507793237753,7318420647583361638,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6056
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1752,i,13891682507793237753,7318420647583361638,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8448

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:484
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5488
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8728
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1944,i,16624220229686304726,553643673103432211,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9160
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1844 --field-trial-handle=1944,i,16624220229686304726,553643673103432211,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6728
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,16624220229686304726,553643673103432211,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8264

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5916
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7832
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1864,i,2204657881681670514,17944566402106606037,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8352
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1868 --field-trial-handle=1864,i,2204657881681670514,17944566402106606037,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6232
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,2204657881681670514,17944566402106606037,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7288
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8632
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1748,i,4852804637443838561,8721627091201719048,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1748,i,4852804637443838561,8721627091201719048,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5496
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1748,i,4852804637443838561,8721627091201719048,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1440
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:3284
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1720,i,10797514298399383740,5290766650806821728,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6528
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1720,i,10797514298399383740,5290766650806821728,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6604
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2216 --field-trial-handle=1720,i,10797514298399383740,5290766650806821728,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:840
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5328
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1708,i,16990836396649811457,1742080414611308432,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7176
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1708,i,16990836396649811457,1742080414611308432,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4860
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2236 --field-trial-handle=1708,i,16990836396649811457,1742080414611308432,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4176

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6640
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:6912
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:7964
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1704,i,14877729696818776227,4574754791781040600,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5300
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2028 --field-trial-handle=1704,i,14877729696818776227,4574754791781040600,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5248
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2224 --field-trial-handle=1704,i,14877729696818776227,4574754791781040600,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8500

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5960
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:3592
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:740
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1780,i,8055138357349050764,17880128365748302550,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1520
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1780,i,8055138357349050764,17880128365748302550,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6064
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1780,i,8055138357349050764,17880128365748302550,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7020

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8836
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:3060
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1720,i,15228967937748946133,7438544505328478056,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5768
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2028 --field-trial-handle=1720,i,15228967937748946133,7438544505328478056,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9112
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1720,i,15228967937748946133,7438544505328478056,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2676

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2348
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:6532
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1792,i,13917842664376253045,14909551043762299045,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5144
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1900 --field-trial-handle=1792,i,13917842664376253045,14909551043762299045,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7080
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2288 --field-trial-handle=1792,i,13917842664376253045,14909551043762299045,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7572

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4608
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:5932
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1696,i,879864996918234409,12358367165684393770,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4720
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1976 --field-trial-handle=1696,i,879864996918234409,12358367165684393770,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2812
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2312 --field-trial-handle=1696,i,879864996918234409,12358367165684393770,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5100

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7076
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:4588
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1780,i,3226473734519004498,2847634262972575217,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7316
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1928 --field-trial-handle=1780,i,3226473734519004498,2847634262972575217,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4596
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1780,i,3226473734519004498,2847634262972575217,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7732

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7232
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:5516
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1676,i,13114055397365914911,2774654314391457744,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8220
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1676,i,13114055397365914911,2774654314391457744,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8268
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1676,i,13114055397365914911,2774654314391457744,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8064
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6136
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1860,i,537941030255323917,11448923034051051183,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8632
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1904 --field-trial-handle=1860,i,537941030255323917,11448923034051051183,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5248
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2280 --field-trial-handle=1860,i,537941030255323917,11448923034051051183,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8096
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:568
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1764,i,371203244561778540,15744624383813853390,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:3084
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1844 --field-trial-handle=1764,i,371203244561778540,15744624383813853390,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3920
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1764,i,371203244561778540,15744624383813853390,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8304
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:1736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s50w9h92.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
0980b7baa6e5f4cc56a5e2e9dd62609e

SHA1
158cc3a8a61474192c2a0fe3d336984dbf1e1ea5

SHA256
e75593e9c3eeeda89496daf2c7da11527d5f44b42eea9cdf4f96545ce5a91584

SHA512
1f69c5b78ed1830b31cb48f7a13fb2d124ec50c2956bffa596beee640284905a305d053019de593b9ad1d83d065f33b1f81c0dec3fcf4029becab119f6ee81b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
d6876fefe3ce2bd4f9863257188c5a8c

SHA1
1ff37d41a1fedc111395962823e0fc51b3e6424c

SHA256
3c822ca7388e4b1b2b584d9bb65f2ab5576c24d150f63de469f96abbb549b4f5

SHA512
ae55923820a839aa2e33d9456b40ad7206764ed3b3b8d02c5823c8222be175185009c405de5522aa3a2e3e42bd480f44ad852be7b1e1228ea712ad5b27fcd45b

Download Submit
C:\Users\Admin\AppData\Local\Temp\763924a3-e00c-4a73-9a6c-42c0925e0890.tmp.node

Filesize
2.2MB

MD5
d4d4556d90276bc091ec53366a7b893d

SHA1
81be395f58241ac117fdf6b2a87d2a5f9e2fca3f

SHA256
dadb2fc7fa9f6a8691661a90d5b1ab80f4091c1b8a5becf1959a977e8aca025a

SHA512
14d439520c958e00505b74c8a584ef56b0384d73346b7a67710e4f55e06ac5c06dcfd3d0f3cb9fbb978ed0b8dc42af4a9916fe8f6d619bf06cffc839b071c0aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Assets\change_hover.png

Filesize
310B

MD5
57092634754fc26e5515e3ed5ca7d461

SHA1
3ae4d01db9d6bba535f5292298502193dfc02710

SHA256
8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1

SHA512
553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Assets\discord_icon.png

Filesize
564B

MD5
9354bc445e979c2de9b9eedd9b7c8318

SHA1
8dc3e8fdcad0fcdad1fe19b0b94b676e8846affd

SHA256
c29b35c6be50f9e34f1120bd346ce01884f0c7ba1121c866d95b24e46e420b0c

SHA512
ad13f6bf46dd8cb48a030e720c1c577a22b0d3dec794ae807aa482474fe6c2bead7fc63dd45983fb3ab82034d74d4f10b6d9967d4ff677d2226c6c18ee03a4d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\BlueStacksInstaller.exe

Filesize
640KB

MD5
2fc654d065a0f2645a7972ac74972a6b

SHA1
72174f16770bc9dfc4e3c6c5f00adb4c5e4d9fcf

SHA256
20867e8ce9366157f9bc446a25753c2c51263c8461127c0f8fa03cbc17cfe8ef

SHA512
7b4389bfc4bb7039f4339657467acd52f03271a509ea086726b586541fb70b8603cf002605cc035f7737e049a26c66909d175ddfff3422ea9d85475d4d35a20f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\Locales\i18n.en-US.txt

Filesize
20KB

MD5
79d436afe9c464c2bda947ef8638a901

SHA1
1a88066c6199a96d25eb226e1b8d331ca3857445

SHA256
a071a131f25ee434a540911c35788ff1fa57494b57920f3075270d09c5f10d31

SHA512
d1d5db0d0a8886b4b9a2cbfc66ff0aec9287a365ead9e0dc13579628e88f88073a6aa31391b38d57d752c825416da69949520ccadcd943708f3a49d6de60c0ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4A5426A7\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84191DF8\Assets\discord_icon_click.png

Filesize
512B

MD5
c11cc6a9edff1694a71584413dd47dfd

SHA1
3b84fbfab8b53db95e8fb1b409193624fc8359dd

SHA256
6b126c8a7015c2274e6a2ac969e0f31ecae421e1652b446b2aafd2b03d0dc3f5

SHA512
bdf3ff3a1b8022521cba870334b11bd9c877b84bf134fc4710f0c9e8fe3703a2604915a24ae6738a3099b7e80f0f5a8d9b161c74fc36ee217e05581d88d728ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84191DF8\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84191DF8\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_1.jpg

Filesize
30KB

MD5
efb63876389c300433587a29ce85f258

SHA1
8eb00659e003a934c8538b6e5a2be65ea097e5c9

SHA256
873030e34515538dac3efb98edec519596439fa05b7aad37f6137ca954ba41a6

SHA512
3c4a935f949e70199333889ba54870930858e54bf2ee0ac2a27f814710264ae30c474c4cd9e59835cc9bdc9da8c7eb25b963f02ee34767b3738f43988084059d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfDE8A.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfDE8A.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfDE8A.tmp\nsDialogs.dll

Filesize
9KB

MD5
f7b92b78f1a00a872c8a38f40afa7d65

SHA1
872522498f69ad49270190c74cf3af28862057f2

SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfDE8A.tmp\nsDui.dll

Filesize
3.0MB

MD5
28cf872eb908ce4a1e19f1dbae815a26

SHA1
d094ada9307cace1091dca4b9f686fb11653322d

SHA256
e705ae9280f92cbfc648d15fb7e25e0805ad85e4f3d3356c997b1820dd0053f6

SHA512
387839d00b4b5ded0a53e140949ee1df7c7b711daa221d7ac67c0985197ca7b0adfd7a10732d016ba4b23b7d4f7939af8d8f9caad3c8d38b3901f370bb2e73a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfDE8A.tmp\nsis7z.dll

Filesize
434KB

MD5
95f6f6ab9509bc366ab9215defe4251a

SHA1
e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b

SHA256
a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50

SHA512
a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC7B1.tmp\Registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC7B1.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC7B1.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC7B1.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC7B1.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC7B1.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
89bc88b0e45355c54c1b3e02ed79635c

SHA1
e68a38e8a9da12db9a547a5ede5ca4ee49cd383e

SHA256
7929da0b2e4b0aad1b97434456d181fd679bb8fbec25be0cc562a57c17139229

SHA512
34586b23f6fe8698b49365e18df7b0cd76ccdb4e5a3e77fa5afd1b882cda4afb41a8d20620d55f46d1ed0bea222d3b3bc3deb35ff893831465d23c87dd7efd5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
d5cae899f89570608c18403fe2437fea

SHA1
be5677769290e8be6f7437c4650944c88b938e5d

SHA256
b27b349e72f1b758983b1c10143390bc858ef62cd660e8581ae7e23b800ea834

SHA512
8590afeb67c0f3dddd1f05c390a74a2c0e2acd560788ca43b515adf58334c2d756310c8b1efd467671dc5b334b58388808734f47869caa3793864e6a672c5908

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\0e5a97fe-5a03-478a-bd28-5b0a67ecda4c

Filesize
235B

MD5
00b36f71048b33560121a897eade83b0

SHA1
ae7e4397bd52f3a11268f9362cc1b6fecbc6104e

SHA256
5b377de37770d2809efdce12a0a3a7cd45289fdc624c9f005a24b266d693c81a

SHA512
60fc7da28cd1bb490cc6f3c090f13059070f52d9d2f0730c7fcc153446c4b5e8981fe51e01d32a3eefec72d50b662410c5db9a160d92d674f3b2f3f934b99092

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\297bcb97-a24b-4945-9211-2574928cd665

Filesize
883B

MD5
d010ceb02fbc83cf56fba03f5fe74213

SHA1
9a38b1639b8bd56c4f8ccdcc2001cc86f35cc5d6

SHA256
589d7013d8818dbc59b83212198eb358a148320717757207d1376e87f4613e63

SHA512
a72c3987bbcca8596c0dd2224b077efe6a9b686ef9bf6fa4d1c932f0d4a8a0561e9753060ae83e0e5f2973d37c6640e647ca2d2eebe735123862ee385aad27e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\3cab25ff-b0dc-4854-9416-b0a491ba8da5

Filesize
886B

MD5
0e923bccc1fb9a33ba8a3c09758afae1

SHA1
5eda3c06bda4bcef21f007383f2090c1508bc14a

SHA256
70df4226246cef93393a32e47f880d18616072ae8d5dceb45d2a9d7ebe630fcd

SHA512
34497ead3cb834f19a92944866a0216f7255f185caab1fc2cfe469c8ef3cee1f97c4982eeb1dc8c100a5c96b048cb58daee15c875011dd25309c6d4843a220db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\826ca552-1ebf-43d9-b6c4-3de115bdcc1d

Filesize
235B

MD5
03d058d590895e3a9b33b91efdccd3c6

SHA1
c134237a6ecbd10b86c2acff3af1b028e7651a18

SHA256
81aaddd87de332e681ba95997f023c80f623afd5e434e85a6c32bbf23855f361

SHA512
9b291d2a08af9b3abd89da35332078a83aab631c0f74e83705a5fab6d47153b847e0c6a29592e916fe90fe74c9b6a2d3673e3569e7de8a277cb447f66366062d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\b4084701-1221-4ad7-8ba4-beb12fe97638

Filesize
2KB

MD5
46febd673e29d869d880e87d7f949884

SHA1
b2038248973212d965a530419c909cac6ad0f9ce

SHA256
0a701f2b4029928c7a2e4a2bc6cefbbc51434041959e34f00854a241c5c7247e

SHA512
09f2f77624d68d7bc7cde7b605506f14c1b143c22effe9a5b0915dcd5736cbe14e0a51c129050b0abaf38289877e7ffe605e82e11bb6b415ec0dd96f12958c88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\datareporting\glean\pending_pings\cb65734b-612c-4afa-965a-4feb2dbad86a

Filesize
17KB

MD5
493a0af324f2096a335f7ef71d24022f

SHA1
ac6cd752acb124af11bb4c112491075e130f70b8

SHA256
6443ea1d55ca2e42da7eacde52a02ad5d1885be60cf0cd85109647fb46bd8e74

SHA512
e802858e7f1dd57dbb5066ae45daa1c2762814f05e7527931bfd6245db2349badf8dc69eb212b735bf3671e7c93daf2a172407157bd33fb3acffa6f7b1d304a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\prefs-1.js

Filesize
6KB

MD5
1e931cd3f7b90e5ecd2c787cad65c123

SHA1
a63a31ba15fc68585f2dba281ee6f2e1de2e09df

SHA256
afb29ff5731438dae9eced0f1116d7fcc4d3aa115b7302cd9202782406fa1d80

SHA512
b16d3d93a0b0991f8bf5e35fc3198cbdc7c8a3d91e216b737db7cb0ab1783460dd481662c8f9ff5adafe4b32db6eb710eb2d52228e8bbefc82618e860c5c0ce0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s50w9h92.default-release\prefs.js

Filesize
6KB

MD5
15602dbc15eb232e921750af2ab931bb

SHA1
84ba8d83b4b273e76564b4d46ccd790b48c02868

SHA256
fa8da56d1dbefdae2881ec3cf338c50f13dd315fd786bbb11ad4809cc09023f8

SHA512
fbf645ddda5ae1875773879a20e909b3b2745edb875608347c383ebde59a8e3440f50d2b448ca02aab66b0a08a74c198be8119fd37bf5a60a20545c3f45238cf

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Local State

Filesize
389B

MD5
6492586c39f208c135878fe1be4e47c5

SHA1
ae749e150eb80ca39f8470517b6d5f86f8e970d5

SHA256
9fc2fac79b85e3ec4d9253d9f437d25ca7c6c1fd870688856e046a4c560d4f01

SHA512
b333cc471b663eb11c95481cc717ec32a880e73eeb7f0a369d9f71a1302bcaeae5faa4f9501ade6a82515f069c3c2c011ffe92cd6af28465381214d89faaa2b6

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
493B

MD5
af94eaeb616967ad05bd80c1b38261b5

SHA1
7c4b8e56686e9e3150cbbbe7d7dc9dc7ada45807

SHA256
2eeb0100da4950bf9c3f49b647d1e303a18ebf2a2639c27ef10b2ea574f15c11

SHA512
55bec05956b6aa08fc48e48c8c2de1c8cab90f1eb0adecf63140886d00006d7d4af1436dde6fbf84f78585037c4f35b2dcbed46c2d737e7042bcbded6b3842cb

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\ff0d78dd-032c-4fa8-a1ad-6a8e37dfad3c.tmp

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\cc922cf6-3529-4874-a2da-29a4d0787e6e.tmp

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
57B

MD5
3108588803d279d7f62d00b497cce88d

SHA1
3c8f1e0973810989696e53a5808d6a073d0da625

SHA256
a10b062ae01ae5bdd3032bfc853cdfbe714802d3f9c823fcaba47da873c2a8f6

SHA512
5da4a760920204035c6faf5ae39f94b87dfb67d44e57dd9355b971f7e3879bdeb893c987eeab686174236915815debcb49b873be42721ccc6273afd04bf34845

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-3158716994e5aa9d

Filesize
92B

MD5
11a87974309221c874100f7d4197e741

SHA1
bc31d63e59c831a9d02db9f6b371820f177a9cc7

SHA256
508ccb1645882e76500ffa56a5d7d41ce970d0fb0b503ceabbd19f7cdb897eef

SHA512
ec33d7047b650bebba25245a73bbd8fb551fc148ab9019d7bdde7a9891b74a4a21a32480b6e3e375effe98133656eae8b7fcc5f122d48def3b0ace7df4030f49

Download Submit
C:\Windows\System32\storage.json

Filesize
51B

MD5
aa9ab927f7bc1bc84ada9519e58f9650

SHA1
a9515474d15f9cd43c4f1c30b2c7041d6c6b05c4

SHA256
3cb23b535845ddd6fd6160dbb5fb6b14096161d3e632e0dc424a788875c85094

SHA512
b5bb47ea20ec20587e29dd3b6f8f68e7f8ac567e087b1e432320c3264769ae5e03b16693f5c9d4ba38a0c67d2f2a071b3ee7d104e75cbfaa0aa9342515f0085c

Download Submit
memory/2744-9385-0x00007FFF48950000-0x00007FFF48951000-memory.dmp

Filesize
4KB

Download
memory/2744-9386-0x00007FFF47A50000-0x00007FFF47A51000-memory.dmp

Filesize
4KB

Download
memory/5340-139-0x00007FFF284B0000-0x00007FFF28F72000-memory.dmp

Filesize
10.8MB

Download
memory/5340-157-0x000000001B0C0000-0x000000001B0C8000-memory.dmp

Filesize
32KB

Download
memory/5340-134-0x000000001B320000-0x000000001B388000-memory.dmp

Filesize
416KB

Download
memory/5340-132-0x0000000000390000-0x0000000000432000-memory.dmp

Filesize
648KB

Download
memory/5340-168-0x00007FFF284B3000-0x00007FFF284B5000-memory.dmp

Filesize
8KB

Download
memory/5340-130-0x00007FFF284B3000-0x00007FFF284B5000-memory.dmp

Filesize
8KB

Download
memory/5340-13994-0x00007FFF284B0000-0x00007FFF28F72000-memory.dmp

Filesize
10.8MB

Download
memory/5340-146-0x000000001BC80000-0x000000001BCB8000-memory.dmp

Filesize
224KB

Download
memory/5340-135-0x00007FFF284B0000-0x00007FFF28F72000-memory.dmp

Filesize
10.8MB

Download
memory/5340-144-0x000000001C930000-0x000000001CE58000-memory.dmp

Filesize
5.2MB

Download
memory/5340-141-0x00007FFF284B0000-0x00007FFF28F72000-memory.dmp

Filesize
10.8MB

Download
memory/5340-147-0x000000001BC50000-0x000000001BC5E000-memory.dmp

Filesize
56KB

Download
memory/5340-170-0x00007FFF284B0000-0x00007FFF28F72000-memory.dmp

Filesize
10.8MB

Download
memory/5340-169-0x00007FFF284B0000-0x00007FFF28F72000-memory.dmp

Filesize
10.8MB

Download
memory/5540-8980-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download