b68804b0a0b8c8b09bb156f630ca71aeff435f493aaea99a24f2139c501a1fab

Analysis

max time kernel
587s
max time network
643s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 20:38

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Bully تعريب لعبة/ملف التعريب/SilentPatchBully.dll
Size

113KB
MD5

c854c8c64d7b398b1547b949edb062c7
SHA1

4e29e8ab68a45c39e4347fb715b8a341654cf609
SHA256

190e1a3d3eafc7d6d30a489d45e7b38265baed52966382f509017d3fc0e51c0a
SHA512

b9c0535503847e01b2b282d29f773682b80209196651aa65207dd7364b55cb5be6c4b90e63829072090ab9804448250ef2572512adb1013d6168ea26f2118f82
SSDEEP

3072:g4JNjeuSfd00Iy/xTH6rCHxna7/uuLU6CooaksfNgI/77d+P4V8:hNjcfdB/56mdINHV

Score

9^/10

defense_evasion discovery execution persistence privilege_escalation ransomware

Malware Config

Signatures

Renames multiple (95) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Downloads MZ/PE file 3 IoCs

flow	pid	Process
230	4328	BlueStacksInstaller.exe
230	4328	BlueStacksInstaller.exe
219	3192	chrome.exe

Modifies Windows Firewall 2 TTPs 8 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
8940	netsh.exe
9128	netsh.exe
10428	netsh.exe
6908	netsh.exe
4848	netsh.exe
11052	netsh.exe
6372	netsh.exe
8008	netsh.exe

Stops running service(s) 4 TTPs
defense_evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 64 IoCs

pid	Process
5304	BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe
4328	BlueStacksInstaller.exe
3200	HD-CheckCpu.exe
1700	HD-CheckCpu.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
8532	BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe
428	Bootstrapper.exe
2964	BlueStacksInstaller.exe
5944	7zr.exe
9372	HD-ForceGPU.exe
9336	HD-GLCheck.exe
9448	HD-GLCheck.exe
9508	HD-GLCheck.exe
9576	HD-GLCheck.exe
9636	HD-GLCheck.exe
9712	HD-GLCheck.exe
9772	HD-CheckCpu.exe
9816	7zr.exe
9744	BlueStacksServicesSetup.exe
7536	BlueStacksServices.exe
7812	BlueStacksServices.exe
7892	BlueStacksServices.exe
7932	BlueStacksServices.exe
10992	BlueStacksServices.exe
10988	BlueStacksServices.exe
10956	BlueStacksServices.exe
10800	BlueStacksServices.exe
10696	BlueStacksServices.exe
8044	BlueStacksServices.exe
3472	BlueStacksServices.exe
5700	BlueStacksServices.exe
9592	BlueStacksServices.exe
9588	BlueStacksServices.exe
9536	BlueStacksServices.exe
9964	7zr.exe
10128	BlueStacksServices.exe
6296	7zr.exe
6552	BlueStacksServices.exe
6548	BlueStacksServices.exe
6524	BlueStacksServices.exe
6972	BlueStacksServices.exe
7164	BlueStacksServices.exe
920	BlueStacksServices.exe
1868	BlueStacksServices.exe
2956	BlueStacksServices.exe
10176	BlueStacksServices.exe
7644	BlueStacksServices.exe
6064	BlueStacksServices.exe
7204	BlueStacksServices.exe
7432	BlueStacksServices.exe
7648	BlueStacksServices.exe
8060	BlueStacksServices.exe
9024	BlueStacksServices.exe
6652	BlueStacksServices.exe
8176	BlueStacksServices.exe
11008	BlueStacksServices.exe
1160	BlueStacksServices.exe
10320	BlueStacksServices.exe
8996	BlueStacksServices.exe
8956	BlueStacksServices.exe
9520	BlueStacksServices.exe
9124	BlueStacksServices.exe
10124	BlueStacksServices.exe
10020	BlueStacksServices.exe

Loads dropped DLL 64 IoCs

pid	Process
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 47 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\D:	BlueStacksInstaller.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\L:	wmplayer.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\storage.json	BlueStacksServices.exe
File opened for modification	C:\Windows\system32\storage.json	BlueStacksServices.exe

Enumerates processes with tasklist 1 TTPs 49 IoCs

discovery

Process Discovery

T1057

pid	Process
8508	tasklist.exe
9460	tasklist.exe
9624	tasklist.exe
7900	tasklist.exe
4900	tasklist.exe
1996	tasklist.exe
9720	tasklist.exe
6232	tasklist.exe
9096	tasklist.exe
7968	tasklist.exe
6960	tasklist.exe
6336	tasklist.exe
11820	tasklist.exe
8144	tasklist.exe
9512	tasklist.exe
10376	tasklist.exe
2188	tasklist.exe
9356	tasklist.exe
6572	tasklist.exe
10360	tasklist.exe
10652	tasklist.exe
8004	tasklist.exe
10544	tasklist.exe
7176	tasklist.exe
8176	tasklist.exe
7556	tasklist.exe
9908	tasklist.exe
6448	tasklist.exe
7196	tasklist.exe
5392	tasklist.exe
10524	tasklist.exe
6564	tasklist.exe
10200	tasklist.exe
3620	tasklist.exe
6352	tasklist.exe
9036	tasklist.exe
10308	tasklist.exe
10376	tasklist.exe
2824	tasklist.exe
7100	tasklist.exe
13008	tasklist.exe
12096	tasklist.exe
10040	tasklist.exe
6264	tasklist.exe
3388	tasklist.exe
3420	tasklist.exe
10988	tasklist.exe
10184	tasklist.exe
3232	tasklist.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\BlueStacks X\family	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\meta_engine	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\next_enable.svg	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\NowBuxUser\Caret Right-Hover.png	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-utility-l1-1-0.dll	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\liberase_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\concrt140.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Setting_on.svg	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\ja.pak	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_wav_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_output\libdirectdraw_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ml.pak	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\CloudGame.svg	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\access\libhttps_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\settings\remove_disabled.svg	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\sv.pak	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\www\js\utils.js	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\position\qtposition_positionpoll.dll	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\cs.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\checkBox\uncheck_normal.svg	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\settings\setting_logo.svg	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\access\libhttp_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libchorus_flanger_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Guide\BG.png	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\HD-Common.dll	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\language\id.qm	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\BlueStacks5.svg	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Gallery\pre_hover.svg	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\kn.pak	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qt_cs.qm	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\mux\libmux_wav_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\BstkSVC.exe	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\Qt\labs\platform\qmldir	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Qt6MultimediaQuick.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Gallery\next_hover.svg	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorBack_Default.svg	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qt_gd.qm	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qt_lv.qm	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\BstkDDU.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\codec\libaraw_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\it.pak	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Search\mini_and.svg	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ko.pak	7zr.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Guide\GoldCoins_Left.gif	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libyuvp_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Qt6QuickControls2BasicStyleImpl.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\muti.svg	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\AndroidGame.svg	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\fi.pak	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libgain_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libscaletempo_pitch_plugin.dll	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\aws\aws-c-auth.dll	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources.pak	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fi.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\NowBuxUser\Caret Right-Hover.svg	BSX-Setup-5.22.51.1038_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-heap-l1-1-0.dll	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\lua	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\Shadow_under_those_cards.png	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\Qt5SerialPort.dll	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\HD-Vdes-Service.dll	7zr.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Qt5Compat\GraphicalEffects	7zr.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\close_hover.svg	BSX-Setup-5.22.51.1038_nxt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\www\localization\index.js	BSX-Setup-5.22.51.1038_nxt.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
11456	sc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Event Triggered Execution: Netsh Helper DLL 1 TTPs 24 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1084	2816	WerFault.exe	167

System Location Discovery: System Language Discovery 1 TTPs 27 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksServicesSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BSX-Setup-5.22.51.1038_nxt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Checks processor information in registry 2 TTPs 40 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacksInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacksInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876679779024737"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings	BSX-Setup-5.22.51.1038_nxt.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\	BSX-Setup-5.22.51.1038_nxt.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol	BSX-Setup-5.22.51.1038_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell	BSX-Setup-5.22.51.1038_nxt.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\URL Protocol	BlueStacksServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler"	BSX-Setup-5.22.51.1038_nxt.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\ = "URL:bstsrvs"	BlueStacksServices.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
2772	WINWORD.EXE
2772	WINWORD.EXE
6100	EXCEL.EXE
2092	vlc.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
5776	chrome.exe
5776	chrome.exe
564	chrome.exe
564	chrome.exe
4328	BlueStacksInstaller.exe
4328	BlueStacksInstaller.exe
4328	BlueStacksInstaller.exe
4328	BlueStacksInstaller.exe
4328	BlueStacksInstaller.exe
4328	BlueStacksInstaller.exe
4328	BlueStacksInstaller.exe
564	chrome.exe
564	chrome.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
4192	BSX-Setup-5.22.51.1038_nxt.exe
8284	chrome.exe
8284	chrome.exe
428	Bootstrapper.exe
428	Bootstrapper.exe
428	Bootstrapper.exe
428	Bootstrapper.exe
428	Bootstrapper.exe
428	Bootstrapper.exe
428	Bootstrapper.exe
428	Bootstrapper.exe
2964	BlueStacksInstaller.exe
2964	BlueStacksInstaller.exe
2964	BlueStacksInstaller.exe
2964	BlueStacksInstaller.exe
2964	BlueStacksInstaller.exe
2964	BlueStacksInstaller.exe
2964	BlueStacksInstaller.exe
2964	BlueStacksInstaller.exe
2964	BlueStacksInstaller.exe
9744	BlueStacksServicesSetup.exe
9744	BlueStacksServicesSetup.exe
10040	tasklist.exe
10040	tasklist.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
6112	osk.exe
2092	vlc.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
2584	chrome.exe
2092	vlc.exe
2092	vlc.exe
2092	vlc.exe
2092	vlc.exe
2092	vlc.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2092	vlc.exe
2092	vlc.exe
2092	vlc.exe
2092	vlc.exe
2092	vlc.exe
2092	vlc.exe
2092	vlc.exe
2092	vlc.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
7536	BlueStacksServices.exe
7536	BlueStacksServices.exe
7536	BlueStacksServices.exe
7536	BlueStacksServices.exe
7536	BlueStacksServices.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
6112	osk.exe
6112	osk.exe
6112	osk.exe
6112	osk.exe
6112	osk.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
6112	osk.exe
6112	osk.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe
3688	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5400 wrote to memory of 4584	5400	rundll32.exe	78
PID 5400 wrote to memory of 4584	5400	rundll32.exe	78
PID 5400 wrote to memory of 4584	5400	rundll32.exe	78
PID 2584 wrote to memory of 2156	2584	chrome.exe	82
PID 2584 wrote to memory of 2156	2584	chrome.exe	82
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 3644	2584	chrome.exe	83
PID 2584 wrote to memory of 4952	2584	chrome.exe	84
PID 2584 wrote to memory of 4952	2584	chrome.exe	84
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85
PID 2584 wrote to memory of 5020	2584	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Bully تعريب لعبة\ملف التعريب\SilentPatchBully.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Bully تعريب لعبة\ملف التعريب\SilentPatchBully.dll",#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf914dcf8,0x7ffcf914dd04,0x7ffcf914dd10
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1932,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1436,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2260 /prefetch:11
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2396,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2372 /prefetch:13
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4172,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4208 /prefetch:9
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4660,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5276,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5200 /prefetch:14
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5496,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5516 /prefetch:14
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5300,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5556 /prefetch:14
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5516,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5288 /prefetch:14
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5540,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5820 /prefetch:14
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5604,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5552 /prefetch:14
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5312,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5340 /prefetch:14
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5772,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5328 /prefetch:14
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5804,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5704 /prefetch:14
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4288,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5800 /prefetch:9
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4168,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5876,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6056,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6136,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6156 /prefetch:9
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6064,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6084,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6100,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5792 /prefetch:9
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6120,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6724,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6844 /prefetch:14
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6916,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6624,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7212,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7320,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7476 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7356,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6256,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7608,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7736 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6864,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7700 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7744,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6044,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5284 /prefetch:14
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5812,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5284 /prefetch:14
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7664,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6192 /prefetch:14
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6524,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4696 /prefetch:14
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6072,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6536 /prefetch:14
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7532,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=7348 /prefetch:9
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6748,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=7524,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5832 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6104,i,6219278110042496968,14882441570537365679,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6540 /prefetch:14
  2⤵
  PID:4604

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1712
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1980 -prefsLen 27097 -prefMapHandle 1984 -prefMapSize 270279 -ipcHandle 2060 -initialChannelId {a05214b1-989d-43e1-b6d5-173f0f37a557} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:5292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2424 -prefsLen 27133 -prefMapHandle 2428 -prefMapSize 270279 -ipcHandle 2436 -initialChannelId {6b0cf98c-f6f3-4f88-9369-082d38ea113d} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:3232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3772 -prefsLen 27274 -prefMapHandle 3752 -prefMapSize 270279 -jsInitHandle 3812 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3820 -initialChannelId {ddad2df1-bfb1-4477-8f45-00a3be533999} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:5856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3968 -prefsLen 27274 -prefMapHandle 3972 -prefMapSize 270279 -ipcHandle 4048 -initialChannelId {a79ac3f7-6527-49e2-8d48-13e7c7b24ee1} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:4536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3176 -prefsLen 34773 -prefMapHandle 3068 -prefMapSize 270279 -jsInitHandle 3076 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2792 -initialChannelId {6ccb2b35-b321-4379-b3e3-0b6939201cc7} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4788 -prefsLen 34822 -prefMapHandle 4900 -prefMapSize 270279 -ipcHandle 4872 -initialChannelId {5eac533e-40e3-4eb4-9578-35e14410c9a5} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:2928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5532 -prefsLen 32952 -prefMapHandle 5536 -prefMapSize 270279 -jsInitHandle 5540 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 1536 -initialChannelId {6858acf0-3282-4aa2-aa60-f106e50184ef} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:4472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5700 -prefsLen 32952 -prefMapHandle 5704 -prefMapSize 270279 -jsInitHandle 5708 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5716 -initialChannelId {616aac0d-0514-454f-a1e6-a440251d25cd} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5888 -prefsLen 32952 -prefMapHandle 5892 -prefMapSize 270279 -jsInitHandle 5896 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5904 -initialChannelId {51126c72-85e3-42ef-b4da-e49bb251a3fb} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6352 -prefsLen 33031 -prefMapHandle 6356 -prefMapSize 270279 -jsInitHandle 6360 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5864 -initialChannelId {8eabee77-7f55-4e45-b0c7-092f4a6b8e1d} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:3936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6548 -prefsLen 33031 -prefMapHandle 6552 -prefMapSize 270279 -jsInitHandle 6556 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6568 -initialChannelId {eee42921-3020-4078-a215-cd2b7e90d426} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
    3⤵
    - Checks processor information in registry
    PID:5844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 1 -prefsHandle 6820 -prefsLen 35141 -prefMapHandle 5904 -prefMapSize 270279 -ipcHandle 6844 -initialChannelId {46fcd5cd-8072-4f5e-a414-c6dec26dbfc6} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 utility
    3⤵
    - Checks processor information in registry
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7008 -prefsLen 33031 -prefMapHandle 1692 -prefMapSize 270279 -jsInitHandle 6124 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7152 -initialChannelId {0a958dca-347d-430c-b64c-14ae872070be} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 tab
    3⤵
    - Checks processor information in registry
    PID:4376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2892 -prefsLen 33081 -prefMapHandle 5952 -prefMapSize 270279 -jsInitHandle 5940 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6504 -initialChannelId {072e7b76-6f22-43ee-b79f-a8b4d3423756} -parentPid 3688 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3688" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 14 tab
    3⤵
    - Checks processor information in registry
    PID:2964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5792

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4208

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1048

C:\Windows\System32\ATBroker.exe
C:\Windows\System32\ATBroker.exe /start osk
1⤵
PID:2832
- C:\Windows\System32\osk.exe
  "C:\Windows\System32\osk.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0
1⤵
PID:2792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4784

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SubmitCopy.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
PID:2772

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\FormatSkip.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
PID:6100

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RemoveSync.mpeg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2092

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:2816
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1368
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    PID:2260
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 2232
  2⤵
  - Program crash
  PID:1084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:2828

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- System Location Discovery: System Language Discovery
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2816 -ip 2816
1⤵
PID:4700

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcf914dcf8,0x7ffcf914dd04,0x7ffcf914dd10
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1724,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2100 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2072,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2384 /prefetch:13
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5136,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5168 /prefetch:14
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5372,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5384 /prefetch:14
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5556,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5748,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5900,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5892 /prefetch:14
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5856,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=4528 /prefetch:14
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=216,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5904 /prefetch:14
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5724,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3320,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6108,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6292,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=6344 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3568
- C:\Users\Admin\Downloads\BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe
  "C:\Users\Admin\Downloads\BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5304
- - C:\Users\Admin\AppData\Local\Temp\7zS8B4C41ED\BlueStacksInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS8B4C41ED\BlueStacksInstaller.exe"
    3⤵
    - Downloads MZ/PE file
    - Executes dropped EXE
    - Enumerates connected drives
    - Suspicious behavior: EnumeratesProcesses
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\7zS8B4C41ED\HD-CheckCpu.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS8B4C41ED\HD-CheckCpu.exe" --cmd checkHypervEnabled
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\7zS8B4C41ED\HD-CheckCpu.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS8B4C41ED\HD-CheckCpu.exe" --cmd checkSSE4
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1700
  - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.22.51.1038_nxt.exe
      "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.22.51.1038_nxt.exe" -s
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:4192
    - - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10928
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c green.bat
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11008
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="BlueStacksWeb"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:11052
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="Cloud Game"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:6372
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:8008
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:8940
  - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe
      "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe" -versionMachineID=7c513b62-6ba4-452b-92e1-285b0fb4ab4f -machineID=e11aae36-fb2f-40ef-a628-6ce25bdf2d63 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.42.51.1001 -country=GB -isWalletFeatureEnabled -discordUrl=https://discord.gg/UnXV7taVs4
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\7zS4510369F\Bootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\Bootstrapper.exe" -versionMachineID=7c513b62-6ba4-452b-92e1-285b0fb4ab4f -machineID=e11aae36-fb2f-40ef-a628-6ce25bdf2d63 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.42.51.1001 -country=GB -isWalletFeatureEnabled -discordUrl=https://discord.gg/UnXV7taVs4
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\7zS4510369F\BlueStacksInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\BlueStacksInstaller.exe" -versionMachineID="7c513b62-6ba4-452b-92e1-285b0fb4ab4f" -machineID="e11aae36-fb2f-40ef-a628-6ce25bdf2d63" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bs5" -bsxVersion="10.42.51.1001" -country="GB" -isWalletFeatureEnabled -discordUrl="https://discord.gg/UnXV7taVs4" -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.22.51.1038_native_986eba4b2c9892e4d98f19ce6d58619a_MzsxNSwwOzUsMTsxNSw0OzE1LDU7MTU=.exe" -md5=986eba4b2c9892e4d98f19ce6d58619a -app64=
        6⤵
        Executes dropped EXE
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS4510369F\" -aoa
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-ForceGPU.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"
        7⤵
        Executes dropped EXE
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe" 1 2
        7⤵
        Executes dropped EXE
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe" 4 2
        7⤵
        Executes dropped EXE
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe" 2 2
        7⤵
        Executes dropped EXE
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe" 1 1
        7⤵
        Executes dropped EXE
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe" 4 1
        7⤵
        Executes dropped EXE
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe" 2 1
        7⤵
        Executes dropped EXE
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-CheckCpu.exe" --cmd checkSSE4
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        7⤵
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\7zr.exe" x "C:\ProgramData\Pie64_5.22.51.1038.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\\HD-GLCheck.exe" 2
        7⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\\HD-GLCheck.exe" 3
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\\HD-GLCheck.exe" 1
        7⤵
        
        PID:10720
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:9128
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:10428
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:6908
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-CheckCpu.exe" --cmd checkSSE3
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
        
        C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"
        7⤵
        
        PID:8452
        
        C:\Windows\system32\sc.exe
        
        sc.exe delete BlueStacksDrv_nxt
        8⤵
        Launches sc.exe
        
        PID:11456
        
        C:\Windows\SYSTEM32\reg.exe
        
        "reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\3gud0y51.4i0\RegHKLM.txt"
        7⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\7zS4510369F\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS4510369F\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\3gud0y51.4i0\*"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloud.bluestacks.com/bs3/help_articles?article=valid_cert_update&oem=nxt&locale=en-US&guid=e11aae36-fb2f-40ef-a628-6ce25bdf2d63&image_name=Pie64
        7⤵
        
        PID:8856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://cloud.bluestacks.com/bs3/help_articles?article=valid_cert_update&oem=nxt&locale=en-US&guid=e11aae36-fb2f-40ef-a628-6ce25bdf2d63&image_name=Pie64
        8⤵
        
        PID:12612
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x250,0x7ffcd694f208,0x7ffcd694f214,0x7ffcd694f220
        9⤵
        
        PID:12096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1864,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=1888 /prefetch:2
        9⤵
        
        PID:11412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1888,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:11
        9⤵
        
        PID:6816
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1876,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:13
        9⤵
        
        PID:4816
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:1
        9⤵
        
        PID:6852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
        9⤵
        
        PID:11856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4772,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:12
        9⤵
        
        PID:5884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4916,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:14
        9⤵
        
        PID:2064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4972,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:14
        9⤵
        
        PID:4384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:14
        9⤵
        
        PID:11008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:14
        9⤵
        
        PID:9508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:14
        9⤵
        
        PID:8032
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:14
        9⤵
        
        PID:11688
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
        
        cookie_exporter.exe --cookie-json=1140
        10⤵
        
        PID:9424
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6056,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:14
        9⤵
        
        PID:9052
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6344,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:14
        9⤵
        
        PID:6544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6184,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:14
        9⤵
        
        PID:4020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=5808 /prefetch:14
        9⤵
        
        PID:12656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5392,i,17629989536678938858,11125548115000919067,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:14
        9⤵
        
        PID:12852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6420,i,3090823009699190633,4226229605207440444,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=7040 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8284

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5212

C:\ProgramData\BlueStacksServicesSetup.exe
"C:\ProgramData\BlueStacksServicesSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:9744
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:9996
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:10040
- - C:\Windows\SysWOW64\find.exe
    find "BlueStacksServices.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10072

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SendNotifyMessage
PID:7536
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1704,i,2409421860194909287,11619404010360814272,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:7812
- C:\Windows\system32\cscript.exe
  cscript.exe
  2⤵
  PID:7824
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1960 --field-trial-handle=1704,i,2409421860194909287,11619404010360814272,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:7892
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:10268
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:3952
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:5784
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:9604
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:6336
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2532 --field-trial-handle=1704,i,2409421860194909287,11619404010360814272,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:7164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9620
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9660
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6264
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:9720
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:9708
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:6744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6848
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6800
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8888
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8876
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7968
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8044
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7644
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10580
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9404
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9248
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7020
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8280
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:388
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:11496
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9788
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:11404
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:11416
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9256
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8380
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:11820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9748
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6616
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8220
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:8612
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10520
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10984
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10464
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8780
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:12096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6768
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:12116
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:11404
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6636
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6260
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3568
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10408
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3108
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7724
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1008
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9316
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9608
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8016
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:13008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:12588
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6192
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8488
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5392
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1704,i,2409421860194909287,11619404010360814272,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:6648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10224
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:11640
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:1996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6588
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10032
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7428
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:892
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10308

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7724
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  PID:7932
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1812,i,6682946733022374907,3639096489839430860,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:10992
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1812,i,6682946733022374907,3639096489839430860,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:10988
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2196 --field-trial-handle=1812,i,6682946733022374907,3639096489839430860,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:10956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10508
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  PID:10800
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1980,i,10034406391296573058,36524893025157170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:10696
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1792 --field-trial-handle=1980,i,10034406391296573058,36524893025157170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:8044
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2304 --field-trial-handle=1980,i,10034406391296573058,36524893025157170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:3472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8152
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:5700
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=2024,i,2439704483683625001,8797433767150301215,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:9536
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1808 --field-trial-handle=2024,i,2439704483683625001,8797433767150301215,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:9592
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1976 --field-trial-handle=2024,i,2439704483683625001,8797433767150301215,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:9588

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2512
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:10128
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=2056,i,2988500284638291529,17286155593551233889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:6552
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1844 --field-trial-handle=2056,i,2988500284638291529,17286155593551233889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:6548
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2364 --field-trial-handle=2056,i,2988500284638291529,17286155593551233889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:6524

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6684
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  PID:6972
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1996,i,9536299538206505832,2748096487700846562,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:920
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1792 --field-trial-handle=1996,i,9536299538206505832,2748096487700846562,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:1868
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2072 --field-trial-handle=1996,i,9536299538206505832,2748096487700846562,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:2956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2344
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:10176
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1468 --field-trial-handle=2008,i,6180987165919462782,3830621155098611991,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:7644
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1792 --field-trial-handle=2008,i,6180987165919462782,3830621155098611991,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:6064
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1960 --field-trial-handle=2008,i,6180987165919462782,3830621155098611991,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:7204

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6428
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  PID:7432
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1332,i,8009722830041029052,4160583899655464978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:7648
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1844 --field-trial-handle=1332,i,8009722830041029052,4160583899655464978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:8060
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2032 --field-trial-handle=1332,i,8009722830041029052,4160583899655464978,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:9024

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10732
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  PID:6652
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=2044,i,1652845150083708181,17860678240691161532,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:8176
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1844 --field-trial-handle=2044,i,1652845150083708181,17860678240691161532,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:11008
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2176 --field-trial-handle=2044,i,1652845150083708181,17860678240691161532,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:1160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8328
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  PID:10320
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1996,i,6631795784857896000,1592836486015094303,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:8996
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1852 --field-trial-handle=1996,i,6631795784857896000,1592836486015094303,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:8956
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2328 --field-trial-handle=1996,i,6631795784857896000,1592836486015094303,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:9520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8364
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  PID:9124
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1332,i,17943844766132632182,5768857954680496713,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:10124
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1792 --field-trial-handle=1332,i,17943844766132632182,5768857954680496713,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:10020
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1960 --field-trial-handle=1332,i,17943844766132632182,5768857954680496713,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10236

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8808
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:6792
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=2052,i,843231179771532754,12854543639719633515,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7320
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1792 --field-trial-handle=2052,i,843231179771532754,12854543639719633515,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7300
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2184 --field-trial-handle=2052,i,843231179771532754,12854543639719633515,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7292

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6480
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:3956
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=2084,i,17434426015893059048,15887523790437242537,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5612
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1844 --field-trial-handle=2084,i,17434426015893059048,15887523790437242537,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5276
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2032 --field-trial-handle=2084,i,17434426015893059048,15887523790437242537,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2372
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:8932
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1636,i,6915851871961824240,15814864366347374613,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4704
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1980 --field-trial-handle=1636,i,6915851871961824240,15814864366347374613,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10084
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2168 --field-trial-handle=1636,i,6915851871961824240,15814864366347374613,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:9976
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:10220
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1668,i,136180931063563279,14127377516655324115,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:10136
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1992 --field-trial-handle=1668,i,136180931063563279,14127377516655324115,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:11064
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1668,i,136180931063563279,14127377516655324115,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7400
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:10676
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1976,i,4383035269026758172,2215994879339517513,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9960
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1860 --field-trial-handle=1976,i,4383035269026758172,2215994879339517513,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10156
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1976,i,4383035269026758172,2215994879339517513,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:9648
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:10292
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1436 --field-trial-handle=1756,i,15238299085727799198,4173492107090433250,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4468
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1756,i,15238299085727799198,4173492107090433250,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5472
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2188 --field-trial-handle=1756,i,15238299085727799198,4173492107090433250,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2968
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:684
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1740,i,12707070503748149295,10148782181537577988,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1740,i,12707070503748149295,10148782181537577988,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:744
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1740,i,12707070503748149295,10148782181537577988,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1256
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6612
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1716,i,4201102080455784514,10141921670365068974,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:10596
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2032 --field-trial-handle=1716,i,4201102080455784514,10141921670365068974,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6640
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1716,i,4201102080455784514,10141921670365068974,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7368
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:11040
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1752,i,15490647524735013076,3030387477246831027,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8816
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1892 --field-trial-handle=1752,i,15490647524735013076,3030387477246831027,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3360
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1752,i,15490647524735013076,3030387477246831027,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5296

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5324
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:9476
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1780,i,17555481217267789202,12074056105867197457,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7200
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1992 --field-trial-handle=1780,i,17555481217267789202,12074056105867197457,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7240
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2172 --field-trial-handle=1780,i,17555481217267789202,12074056105867197457,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8812
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:8464
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1832,i,11800778924408293446,203984420750165823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2492
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1872 --field-trial-handle=1832,i,11800778924408293446,203984420750165823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9812
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2224 --field-trial-handle=1832,i,11800778924408293446,203984420750165823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7196
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:11496
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1836,i,17628313675514008610,18430262154842203959,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11856
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1912 --field-trial-handle=1836,i,17628313675514008610,18430262154842203959,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:11872
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1836,i,17628313675514008610,18430262154842203959,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11900

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11760
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:12204
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1980,i,2554714932563052291,15009083679513805634,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11716
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1844 --field-trial-handle=1980,i,2554714932563052291,15009083679513805634,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8468
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2320 --field-trial-handle=1980,i,2554714932563052291,15009083679513805634,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11620
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:11936
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1744,i,2097516915018154994,4076372457061486350,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11512
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1744,i,2097516915018154994,4076372457061486350,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9724
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2296 --field-trial-handle=1744,i,2097516915018154994,4076372457061486350,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11476
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:8044
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1772,i,14590126701029266127,18255096868659205074,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8020
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1868 --field-trial-handle=1772,i,14590126701029266127,18255096868659205074,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10828
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2040 --field-trial-handle=1772,i,14590126701029266127,18255096868659205074,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:9172
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:6664
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1756,i,11724967386437610607,9724383944544083046,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1828
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1756,i,11724967386437610607,9724383944544083046,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9864
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1756,i,11724967386437610607,9724383944544083046,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6180

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3944
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7024
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1724,i,15618362272404454656,9255337044366872295,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:10028
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1724,i,15618362272404454656,9255337044366872295,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6980
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2192 --field-trial-handle=1724,i,15618362272404454656,9255337044366872295,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7096
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:10172
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1744,i,12280645579801864811,2014668838467197432,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6656
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1744,i,12280645579801864811,2014668838467197432,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10416
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1744,i,12280645579801864811,2014668838467197432,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2576
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:7828
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1756,i,14121664274521366512,5137177582179837844,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11088
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1756,i,14121664274521366512,5137177582179837844,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10928
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1756,i,14121664274521366512,5137177582179837844,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10772
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:7460
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1716,i,3817951740935392045,1097020882181223068,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7240
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1716,i,3817951740935392045,1097020882181223068,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4224
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1716,i,3817951740935392045,1097020882181223068,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9264

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:12256
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:1536
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1744,i,12541183279122301107,16067597825695198497,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7928
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2016 --field-trial-handle=1744,i,12541183279122301107,16067597825695198497,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:884
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2276 --field-trial-handle=1744,i,12541183279122301107,16067597825695198497,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8008
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:12212
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1748,i,11578574598161700277,18048608685547769829,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6884
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1748,i,11578574598161700277,18048608685547769829,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6164
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2192 --field-trial-handle=1748,i,11578574598161700277,18048608685547769829,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:3444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8440
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:3392
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1764,i,935268858123467995,15843372795224440395,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5732
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1784 --field-trial-handle=1764,i,935268858123467995,15843372795224440395,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:12088
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2176 --field-trial-handle=1764,i,935268858123467995,15843372795224440395,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:5280

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1488
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:11848
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1768,i,1789267261138679934,16571332181381768508,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5512
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1900 --field-trial-handle=1768,i,1789267261138679934,16571332181381768508,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:11156
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1768,i,1789267261138679934,16571332181381768508,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:568
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:9284
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=2020,i,10806302511701260720,3638102699861591042,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4112
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1848 --field-trial-handle=2020,i,10806302511701260720,3638102699861591042,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1036
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2084 --field-trial-handle=2020,i,10806302511701260720,3638102699861591042,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11164

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:744
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:9408
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1652,i,3667411869068991039,10606748759537577194,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8152
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1652,i,3667411869068991039,10606748759537577194,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1208
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1652,i,3667411869068991039,10606748759537577194,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6360
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7836
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1800,i,15608513867226723542,8332276723587729917,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:10100
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1904 --field-trial-handle=1800,i,15608513867226723542,8332276723587729917,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:11044
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2180 --field-trial-handle=1800,i,15608513867226723542,8332276723587729917,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10916
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:12172
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1656,i,17449697194584883294,12507920226530683450,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:10864
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1992 --field-trial-handle=1656,i,17449697194584883294,12507920226530683450,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6604
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1656,i,17449697194584883294,12507920226530683450,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10528
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:8604
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1812,i,14203902767145883902,9224784030340064577,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9780
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1892 --field-trial-handle=1812,i,14203902767145883902,9224784030340064577,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10640
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2332 --field-trial-handle=1812,i,14203902767145883902,9224784030340064577,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1788
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:9384
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1724,i,9704454946328391202,17179158579917410332,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4956
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1724,i,9704454946328391202,17179158579917410332,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7724
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1724,i,9704454946328391202,17179158579917410332,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7600
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:1672
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1768,i,4381481925126670267,330853165920642961,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8500
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1768,i,4381481925126670267,330853165920642961,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2252
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2176 --field-trial-handle=1768,i,4381481925126670267,330853165920642961,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:9000
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:7244
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1748,i,17984912374482062031,1240540175659388903,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7108
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1748,i,17984912374482062031,1240540175659388903,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9260
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2288 --field-trial-handle=1748,i,17984912374482062031,1240540175659388903,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4108
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:11044
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:10704
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1980,i,12018086565246319188,10716854261834612480,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8732
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1816 --field-trial-handle=1980,i,12018086565246319188,10716854261834612480,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9460
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1980,i,12018086565246319188,10716854261834612480,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9500

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6420
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:11936
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6684
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1720,i,2433089311391797774,8713005587876326111,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9924
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1980 --field-trial-handle=1720,i,2433089311391797774,8713005587876326111,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6972
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2168 --field-trial-handle=1720,i,2433089311391797774,8713005587876326111,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6304
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:10100
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:11604
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1752,i,5463596464645756410,2245861715804036474,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6476
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1752,i,5463596464645756410,2245861715804036474,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3956
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1752,i,5463596464645756410,2245861715804036474,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:1488
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6584
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1716,i,1484781872205804770,10657061301623741058,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11024
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1716,i,1484781872205804770,10657061301623741058,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8568
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2268 --field-trial-handle=1716,i,1484781872205804770,10657061301623741058,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4788
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:10336
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1744,i,7018491433535874404,4164293503717378477,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7324
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2032 --field-trial-handle=1744,i,7018491433535874404,4164293503717378477,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:11672
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1744,i,7018491433535874404,4164293503717378477,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:12192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6612
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:12260
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1648,i,10427080498011012519,6766443426926346896,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5472
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1648,i,10427080498011012519,6766443426926346896,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9628
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2188 --field-trial-handle=1648,i,10427080498011012519,6766443426926346896,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:9808
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:10708
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1744,i,11482028389466673111,12756472248453493519,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11916
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1900 --field-trial-handle=1744,i,11482028389466673111,12756472248453493519,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3592
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2256 --field-trial-handle=1744,i,11482028389466673111,12756472248453493519,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4112
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:3640
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1772,i,6212234663622574940,4759876934746644477,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1896 --field-trial-handle=1772,i,6212234663622574940,4759876934746644477,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10668
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2060 --field-trial-handle=1772,i,6212234663622574940,4759876934746644477,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8300

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11808
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:11728
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1724,i,14979986117749954789,2886036958932359504,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11860
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1724,i,14979986117749954789,2886036958932359504,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6148
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2208 --field-trial-handle=1724,i,14979986117749954789,2886036958932359504,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3456
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:7388
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1940,i,2605724255232021289,3185805610598778664,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7096
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1832 --field-trial-handle=1940,i,2605724255232021289,3185805610598778664,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:920
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1940,i,2605724255232021289,3185805610598778664,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:9124
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:10824
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1408 --field-trial-handle=1728,i,2821922271908284453,15783836258061472970,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5708
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1728,i,2821922271908284453,15783836258061472970,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:11964
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2168 --field-trial-handle=1728,i,2821922271908284453,15783836258061472970,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2492
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:7612
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1724,i,8039150411745739862,9126883456071212795,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:10544
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1904 --field-trial-handle=1724,i,8039150411745739862,9126883456071212795,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10780
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2192 --field-trial-handle=1724,i,8039150411745739862,9126883456071212795,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4900

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10480
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:8036
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1752,i,9721550491746942654,3645944797503391573,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:10760
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1752,i,9721550491746942654,3645944797503391573,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5140
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2192 --field-trial-handle=1752,i,9721550491746942654,3645944797503391573,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:772
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:9520
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1744,i,2419986675703675813,4737001261927023415,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1984 --field-trial-handle=1744,i,2419986675703675813,4737001261927023415,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5804
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2200 --field-trial-handle=1744,i,2419986675703675813,4737001261927023415,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2348

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5000
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:6800
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1768,i,10394536705889650777,2599668445568552170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6264
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1768,i,10394536705889650777,2599668445568552170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8612
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1768,i,10394536705889650777,2599668445568552170,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2304
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:9940
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1696,i,14416038222490033971,6719755952657922825,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7624
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2016 --field-trial-handle=1696,i,14416038222490033971,6719755952657922825,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6472
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2152 --field-trial-handle=1696,i,14416038222490033971,6719755952657922825,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11560
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:7540
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1728,i,12836968614719298930,1681242397514038674,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8280
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1728,i,12836968614719298930,1681242397514038674,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9852
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2292 --field-trial-handle=1728,i,12836968614719298930,1681242397514038674,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10408
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7736
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1784,i,6585742253901306836,9125863411640280681,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9136
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1904 --field-trial-handle=1784,i,6585742253901306836,9125863411640280681,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1232
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2272 --field-trial-handle=1784,i,6585742253901306836,9125863411640280681,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:12152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6948
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:7384
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1756,i,3583464195891299886,11964815436618788002,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7012
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1756,i,3583464195891299886,11964815436618788002,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6468
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2240 --field-trial-handle=1756,i,3583464195891299886,11964815436618788002,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11952
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:8916
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1740,i,13847664049510919583,7835002584231376783,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7312
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1988 --field-trial-handle=1740,i,13847664049510919583,7835002584231376783,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5700
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1740,i,13847664049510919583,7835002584231376783,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8668
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:11028
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1756,i,14052725833377886909,1968971834275165158,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:10072
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1756,i,14052725833377886909,1968971834275165158,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4452
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1756,i,14052725833377886909,1968971834275165158,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11892
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:7684
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1780,i,2203762212329967616,3846436575455873146,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9008
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1780,i,2203762212329967616,3846436575455873146,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9712
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2236 --field-trial-handle=1780,i,2203762212329967616,3846436575455873146,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7568
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:3168
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1752,i,5852783129283740497,3177458718994988816,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9124
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1908 --field-trial-handle=1752,i,5852783129283740497,3177458718994988816,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9268
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2120 --field-trial-handle=1752,i,5852783129283740497,3177458718994988816,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2672
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:7464
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1716,i,18308071955423760493,8179263028750670513,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11560
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1980 --field-trial-handle=1716,i,18308071955423760493,8179263028750670513,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:11816
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1716,i,18308071955423760493,8179263028750670513,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6956
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:9856
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1780,i,16357424371283040307,8283282727630866802,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11280
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1780,i,16357424371283040307,8283282727630866802,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8616
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1780,i,16357424371283040307,8283282727630866802,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1360

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6788
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:7692
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1764,i,10627470553915238198,18363512553944497720,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2344
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1892 --field-trial-handle=1764,i,10627470553915238198,18363512553944497720,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7644
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2280 --field-trial-handle=1764,i,10627470553915238198,18363512553944497720,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2180
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:10904
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=2060,i,17584379150956580040,9197556252476902045,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6224
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1868 --field-trial-handle=2060,i,17584379150956580040,9197556252476902045,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2272 --field-trial-handle=2060,i,17584379150956580040,9197556252476902045,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:9384
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:5136
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1740,i,3071730631201665398,743574683897772247,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8592
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1884 --field-trial-handle=1740,i,3071730631201665398,743574683897772247,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3188
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2216 --field-trial-handle=1740,i,3071730631201665398,743574683897772247,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:4676
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:6508
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1736,i,328505968035233319,11516321274736621675,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:12040
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1872 --field-trial-handle=1736,i,328505968035233319,11516321274736621675,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9624
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2156 --field-trial-handle=1736,i,328505968035233319,11516321274736621675,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8160
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:5804
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1804,i,12480808767490168267,3409528284875450932,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6880
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1880 --field-trial-handle=1804,i,12480808767490168267,3409528284875450932,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2272 --field-trial-handle=1804,i,12480808767490168267,3409528284875450932,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10796
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:10192
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1744,i,3032223517019392620,9387328543789165344,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5884
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1744,i,3032223517019392620,9387328543789165344,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6684
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2132 --field-trial-handle=1744,i,3032223517019392620,9387328543789165344,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6496
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:3476
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1728,i,9555340282992486521,16916593765614775053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6324
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2000 --field-trial-handle=1728,i,9555340282992486521,16916593765614775053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8220
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2200 --field-trial-handle=1728,i,9555340282992486521,16916593765614775053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8072

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8992
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:11420
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1760,i,5472729202737042556,2617443020246778985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6872
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1872 --field-trial-handle=1760,i,5472729202737042556,2617443020246778985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5604
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2056 --field-trial-handle=1760,i,5472729202737042556,2617443020246778985,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8172
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:4184
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1784,i,12174887465916466962,5591455826366454112,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:232
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1908 --field-trial-handle=1784,i,12174887465916466962,5591455826366454112,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2016
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1784,i,12174887465916466962,5591455826366454112,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6288
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:9540
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1748,i,15705585207654489665,6892236401168181971,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9284
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1748,i,15705585207654489665,6892236401168181971,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2188 --field-trial-handle=1748,i,15705585207654489665,6892236401168181971,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8204

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11692
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:6600
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1844,i,3230610864998514877,5376035895620389710,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9828
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1888 --field-trial-handle=1844,i,3230610864998514877,5376035895620389710,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10956
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2304 --field-trial-handle=1844,i,3230610864998514877,5376035895620389710,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:11820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:12056
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:12184
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=2120,i,5253752437937891881,11038835013800110386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5504
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1804 --field-trial-handle=2120,i,5253752437937891881,11038835013800110386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9800
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2184 --field-trial-handle=2120,i,5253752437937891881,11038835013800110386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10908

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:12208
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:9108
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1740,i,3106517431566371666,3900825722662060299,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11088
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1768 --field-trial-handle=1740,i,3106517431566371666,3900825722662060299,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7528
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2156 --field-trial-handle=1740,i,3106517431566371666,3900825722662060299,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6416
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:6724
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1800,i,3741691618088794305,10423681854846086728,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11140
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1892 --field-trial-handle=1800,i,3741691618088794305,10423681854846086728,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9432
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2196 --field-trial-handle=1800,i,3741691618088794305,10423681854846086728,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7576

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11060
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:11624
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1736,i,16733275739825318577,4471981386059368341,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7528
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1992 --field-trial-handle=1736,i,16733275739825318577,4471981386059368341,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8644
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2216 --field-trial-handle=1736,i,16733275739825318577,4471981386059368341,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6064
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:1256
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1692,i,8641702938798465038,12594556002020993740,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11448
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1988 --field-trial-handle=1692,i,8641702938798465038,12594556002020993740,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:324
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2184 --field-trial-handle=1692,i,8641702938798465038,12594556002020993740,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:12108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5116
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:8184
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1976,i,18387886713368011034,8763680029612895419,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:6344
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1852 --field-trial-handle=1976,i,18387886713368011034,8763680029612895419,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9496
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2076 --field-trial-handle=1976,i,18387886713368011034,8763680029612895419,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1496

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2760
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:1464
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:9040
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1752,i,15463585116749828177,11185356541558219205,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2044
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1752,i,15463585116749828177,11185356541558219205,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5388
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2196 --field-trial-handle=1752,i,15463585116749828177,11185356541558219205,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:9668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:5212
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:10616
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=2108,i,13961365812253275828,13625326399265277846,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11696
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1872 --field-trial-handle=2108,i,13961365812253275828,13625326399265277846,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:9432
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2032 --field-trial-handle=2108,i,13961365812253275828,13625326399265277846,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10672
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:7508
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=2008,i,8711156731266417889,9476096486362682797,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7904
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1840 --field-trial-handle=2008,i,8711156731266417889,9476096486362682797,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10140
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2320 --field-trial-handle=2008,i,8711156731266417889,9476096486362682797,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6364
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:7432
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=2004,i,7751825932887127200,12633775975913285172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8236
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1844 --field-trial-handle=2004,i,7751825932887127200,12633775975913285172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7296
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2316 --field-trial-handle=2004,i,7751825932887127200,12633775975913285172,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8164

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7968
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:1232
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1744,i,2662691368090717926,7699705898324370454,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9016
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2024 --field-trial-handle=1744,i,2662691368090717926,7699705898324370454,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2956
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2200 --field-trial-handle=1744,i,2662691368090717926,7699705898324370454,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10824

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7664
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:11192
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1752,i,11511709287876593869,16489823985022776280,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:12540
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1888 --field-trial-handle=1752,i,11511709287876593869,16489823985022776280,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:12556
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=1752,i,11511709287876593869,16489823985022776280,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:12580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:12456
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  PID:12828
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1760,i,16166214961817840743,5701368563081990948,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:13176
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2016 --field-trial-handle=1760,i,16166214961817840743,5701368563081990948,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:13212
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2196 --field-trial-handle=1760,i,16166214961817840743,5701368563081990948,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:13224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:13088
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:12424
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1780,i,14100541798493845252,12266150984350020528,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2744
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1800 --field-trial-handle=1780,i,14100541798493845252,12266150984350020528,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:12816
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2240 --field-trial-handle=1780,i,14100541798493845252,12266150984350020528,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:12144

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7428
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Modifies registry class
  PID:13108
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1692,i,4150173575921384527,5559416924153853719,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:5112
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1692,i,4150173575921384527,5559416924153853719,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10956
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2196 --field-trial-handle=1692,i,4150173575921384527,5559416924153853719,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11448
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:6336
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  - Adds Run key to start application
  - Modifies registry class
  PID:9044
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=2012,i,14023185535942307013,8171425325170451897,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:10984
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1864 --field-trial-handle=2012,i,14023185535942307013,8171425325170451897,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8232
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2252 --field-trial-handle=2012,i,14023185535942307013,8171425325170451897,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:6992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:388
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:10484
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1752,i,5193824722234473756,4838981682417455781,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:1700
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2012 --field-trial-handle=1752,i,5193824722234473756,4838981682417455781,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:13176
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2220 --field-trial-handle=1752,i,5193824722234473756,4838981682417455781,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:6844
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:12348
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1752,i,15185132472005842238,4006182321847579783,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7380
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2032 --field-trial-handle=1752,i,15185132472005842238,4006182321847579783,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6848
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2232 --field-trial-handle=1752,i,15185132472005842238,4006182321847579783,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:3592
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:10540
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1808,i,18446631545152510319,13495499760201026179,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:12688
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1896 --field-trial-handle=1808,i,18446631545152510319,13495499760201026179,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:7232
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1808,i,18446631545152510319,13495499760201026179,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:7556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:12752
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:3092
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1704,i,15698435231379289429,7280160571383882178,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:13240
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1704,i,15698435231379289429,7280160571383882178,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6300
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2260 --field-trial-handle=1704,i,15698435231379289429,7280160571383882178,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:10480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:13112
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:5772
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1652,i,4398839664435407302,11545649613192747482,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:12576
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2016 --field-trial-handle=1652,i,4398839664435407302,11545649613192747482,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:12936
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2204 --field-trial-handle=1652,i,4398839664435407302,11545649613192747482,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:12316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7020
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:2424
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1680,i,12049526733807179079,5514586270852695724,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:12344
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1680,i,12049526733807179079,5514586270852695724,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:5144
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2192 --field-trial-handle=1680,i,12049526733807179079,5514586270852695724,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:12764

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10348
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:9392
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1784,i,7472794492374229971,2080893645198590382,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8028
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1916 --field-trial-handle=1784,i,7472794492374229971,2080893645198590382,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:10820
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1784,i,7472794492374229971,2080893645198590382,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:12388

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:7200
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:12812
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1916,i,4271525980761053341,2834978782286649626,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:13252
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1812 --field-trial-handle=1916,i,4271525980761053341,2834978782286649626,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:11764
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2128 --field-trial-handle=1916,i,4271525980761053341,2834978782286649626,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:13080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:2812
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:11280
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:11920
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1780,i,14120718297522244598,578619634055379756,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:8620
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1880 --field-trial-handle=1780,i,14120718297522244598,578619634055379756,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:8348
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2228 --field-trial-handle=1780,i,14120718297522244598,578619634055379756,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:2564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:10028
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:10828
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1768,i,13150877323187482139,3883793722042876140,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:4464
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2020 --field-trial-handle=1768,i,13150877323187482139,3883793722042876140,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:11668
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2216 --field-trial-handle=1768,i,13150877323187482139,3883793722042876140,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:13012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:8440
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:12588
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1744,i,1225456611273348510,12551860923208659897,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:9416
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2004 --field-trial-handle=1744,i,1225456611273348510,12551860923208659897,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:11032
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1744,i,1225456611273348510,12551860923208659897,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:12520
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:12044
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1744,i,412689447577930054,12834472410026935911,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:13220
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1988 --field-trial-handle=1744,i,412689447577930054,12834472410026935911,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6216
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1744,i,412689447577930054,12834472410026935911,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:8988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:12468
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:6560
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1740,i,6878399742476694774,4585242850479932679,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:11580
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2016 --field-trial-handle=1740,i,6878399742476694774,4585242850479932679,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6316
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1740,i,6878399742476694774,4585242850479932679,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:4652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:12368
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:1160
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1744,i,4906022850635648515,2183703501480790067,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:7904
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=2008 --field-trial-handle=1744,i,4906022850635648515,2183703501480790067,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:6196
- - C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
    "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id="electron.app.BlueStacks Services" --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2256 --field-trial-handle=1744,i,4906022850635648515,2183703501480790067,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:12448

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
1⤵
PID:11156
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:10708
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden
  2⤵
  PID:11148

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:11152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:12020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5328

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:7836

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3f02855 /state1:0x41c64e6d
1⤵
PID:9488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Program Files\BlueStacks_nxt\7zr.exe

Filesize
812KB

MD5
fbaba140f30a11e5ff4f97d921de6d45

SHA1
d12360b79d9fe7ddc5380a22539dc7d4768ff5f3

SHA256
4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16

SHA512
cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\powered_by_bs.png

Filesize
9KB

MD5
7a2e5c21140aa8269c2aafd207f5dbaa

SHA1
4e0d9e7e1b09e67eba10100d73dc51623517821e

SHA256
3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35

SHA512
63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

Filesize
392B

MD5
ca0a329097316832e4a6ea5d870c9268

SHA1
4a36b93361d3dc9df9b00313f2c2b394be9e1e72

SHA256
4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2

SHA512
51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

Download Submit
C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

Filesize
169KB

MD5
9c826131e0bdc693d957b75b3386ceea

SHA1
bbe61f3bac55b350ae1721bcc64e6b6262996fed

SHA256
1e48af8808e55906c4b8ee431bc42fa2e0a05002f4aeec1cf56c1251a6e53bb8

SHA512
46e505a63eaa67fd1070ee2cf7dda3163acb482195db1a890edb0453684d0ead57ebd2f246dcc82795d9f403ffa20bc1fe5b97de609de1655ee252d93b31d196

Download Submit
C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

Filesize
223KB

MD5
d6013884f98c40bb1c8264eafe7c1b6c

SHA1
726df8ea82f3bc05116ca12a19b5405a775e8268

SHA256
7a8b764061494f11d8a9fb2f73bf9a4bf6ca655757a3d1490431b2b9935cab45

SHA512
bd44d7ed2d3ba452870b94bb456cfdf9d22af52efabd1ede4d080521c2f3045be384b502881227833bab6800dcb07e024b4e1ce41763ce1bc2135d97501cbdd0

Download Submit
C:\Program Files\BlueStacks_nxt\ProductLogo.ico

Filesize
131KB

MD5
169706218f98a42594a8c5c5a65771fe

SHA1
b8ded94180212578d86a031eb71ef93dcffe1a26

SHA256
3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697

SHA512
1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

Filesize
447B

MD5
b09525b48c0023f893d6b64d06add4b1

SHA1
10ecd439ea04e02eefe17f6c110d0c0a78a1db21

SHA256
caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e

SHA512
c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

Filesize
577B

MD5
47ff3e4cc15b8c4a07e3ceb6cb619b62

SHA1
0318e54c613b8ff00f54d843e90ef88310c1a96f

SHA256
4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a

SHA512
0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

Filesize
480B

MD5
22efccf38e15df945962ac85ac3aa3b7

SHA1
b94a8615dc92982e1637680446896080f97c2564

SHA256
0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92

SHA512
41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-EG.txt

Filesize
26KB

MD5
7e1b54de9e0be4510550ba9161ccc9a8

SHA1
333815232284ca6187c03e73a1a91dc9971c9d09

SHA256
4e65bd74a81152029c17b41d56b232dc651e5464f8fc790d7fa40b9a4251d83f

SHA512
989ff80b2d0922c342df86f54b29214d5b22535ebef4ea517c5975e86e6b335eba49524e721145546eb46cc7bd6d9e66ce73ce04c45e624632ebce1a7701f1c6

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-IL.txt

Filesize
14KB

MD5
9fb07e066cc2f213a64d35a97a8c2922

SHA1
a70db989f5c562bc69caad89a1402c8ad7c9b80e

SHA256
65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90

SHA512
81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.de-DE.txt

Filesize
23KB

MD5
48e4803467b72e8402e7a2826a4935dc

SHA1
654ce1b1f0e02d60b1829ad1444c017d386e7ab9

SHA256
6089925a1c92585a8cf0d991e98b55fed776ce2c49ee358fd5093ac366162b53

SHA512
c018925b08c1819677b4a75108c66216df26030600dc8b364f79536a82d857334090a66aec93aef695699b9544e6169853f618a39e6c601619e4275740027d76

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.en-US.txt

Filesize
20KB

MD5
4c6062abb9af3c8f3927937c33144a40

SHA1
5793c078b751389c2a9dbf0fd6d719ba942d1bd7

SHA256
95d89562c43fd4b72994e051e907e89b981afffb555b065548c9db2575acee58

SHA512
884d76e86ac2c99fa2501469aa96fb3bcc757bd3571406d290425b7ce7d10153a64f70cb1479a5a5c6e5798bade515c869e233dd2b12c9aa218a7d38c9e252bd

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.es-ES.txt

Filesize
22KB

MD5
cbb62581f8b6da777fa04503a5b47f0e

SHA1
c201191397f58698dce4ab702367ba403eb96bf8

SHA256
bb07ba1ac36d379ae58846ac6f997ed9931dc242b79980adfec0a0c67c9150a6

SHA512
70fe9f226c0b65ae3b626d6c4a959292f4a56468812e17e16b9bc8d1adf64f3acec3a477d46d80444b94e784914d77bd9a92df3f56ff0a40def3ced0b4bb374f

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.fr-FR.txt

Filesize
23KB

MD5
578205018f319b70f0cd364e95b4113c

SHA1
49c8c07fb29d3db39f67616880d5dca0395b197b

SHA256
6bdba354469033e7c653605c7f36551ab13b65b8f48d3cb2c2533a916e6a27ba

SHA512
4c44040d49c083c417307916dfd162207fb2f875f2a7204aae280ccdc9b49812facb842f22ff6fa0e99a47cb4e8d3a920b625d2ada809d595443f11078c93b05

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.id-ID.txt

Filesize
21KB

MD5
ed4e9f8ce4a4cc6b893ea5b3d29112bf

SHA1
4cc7afe3c137c36887116eedd91cf5f992af837f

SHA256
9f51597122eb47ac3db05415b25b5d1b644af61d2256cb4fa74c6de4bcfb4328

SHA512
144cdbefff0ad3445cf5effc0b10ed282f50ef01de9a23ab5f346136901d294e0bdfafd3f03b4ac6640da8a948142be1b4326dee3f147ae0dda2f0c82b32b9ea

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.it-IT.txt

Filesize
22KB

MD5
9eea7b79e5b5913f8588b755638518c1

SHA1
3d6de14e620d9a8268949adaee2a60c7cfc1993a

SHA256
d1bef547ec317a39fadd60ebc71091074385c56f52af01b3ed5b78ea54eb441b

SHA512
b7699cbefffa459ad2ef259428dcbd4201edc25fcca7a68e63592c48d46f6081559686de02d3632968313738cebe83c126c56e7acc49fd263a7e7c8609d65000

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ja-JP.txt

Filesize
26KB

MD5
dd68c862a80a1e124113e3385c501a4d

SHA1
4ef41bfa51c516338bef9742b0092d5dc57ff2f7

SHA256
785a872cf144dd33003147f6d256787ffca9917d6a2d0329a216034400bb8918

SHA512
852d5bb04f1c516c7036042a7b58aab0472c91eef01af0b538df3dc76101837d6fac4b3351811f6967f64cbec9ac48cc16932825d8018df0588c74ab7b850a61

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ko-KR.txt

Filesize
23KB

MD5
56f71aed1b00233eb52f6f6a27f84c2f

SHA1
88e5a3b416e66b7c15e696cd422d13bbb3569138

SHA256
20456d46a1df98bb8cc4a76fd0f61e33f4becdefa3f108155675c78e47838784

SHA512
dcc98ef6626d19f1aac2613d8eb7d8cf6ab3d588f2327cba3065f89402f1261fa6626f88ba2d0eb8bed291b5dd009f36de784db0507c852aeb152b076d20d400

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pl-PL.txt

Filesize
22KB

MD5
c899631c25661e44c621510536e9e6dd

SHA1
bb44d17173f7ce20670c2d77393749ab6d61f85a

SHA256
3ffcc63b0a2bd622b886a4b35f69790b493805623e0b4051f44887e021e31175

SHA512
2ee5d53810dd1a9a3ce06efeff3e2f3de58b1f6f04ffb1ea621f08c0513f9b10971af078d785463c3dbb86880fc1d75e589080b2f4fbd21545e13eff102489f0

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pt-BR.txt

Filesize
22KB

MD5
043915a8880076679f1fee6895b54727

SHA1
c6d24d2b32879322086a489dac97a247850af523

SHA256
55f16875207111b165e62638a79f6ec0f2f4b74b66c632a2a2205c6a1ec1ced5

SHA512
d236e3347e69dc6babbb6fb2b83bf21f2ba0077bdb9d5bcb7c51881ed8b8ea2ac9be35b53c98e8dff6cc035011f17e48a846883348cc02b63b5f4c1831ade812

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ru-RU.txt

Filesize
30KB

MD5
7edb51d8107eacfdc0650e122cd6bdd4

SHA1
54b91a5a17760dcedce6f9c8301c265870ad7255

SHA256
1f4c907d2706ff1bc285505ffa7514cbe145e5d50bc8806ca97c8503217993e7

SHA512
f96ff286e667e54dfed02b32c29e88e57758a5aabf1c94f7a1a27da7e9ce4e9f9629274b6acd26222922bd05639b9a9815b9a9dbcd98de92068e1da023d8cdad

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.th-TH.txt

Filesize
36KB

MD5
76a09786ec3065bb50144d33ef7bb6f5

SHA1
f08d8d6404da8e61b80b69b99ea20ca4b5b926b1

SHA256
767bcd46a8403fdeea0bb24c6752ddfe8c00a7e983bc4ee395fd6f425085c917

SHA512
7b0f67004c82dc7b2a4c8e5533a0d6bd2fa0837d2ee987b1df6c9ac5a103d4b8aac098bf38ed2d5a329c3981f155f88e880faf9443ca8ae2f4056769ac6eaaf1

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.tr-TR.txt

Filesize
22KB

MD5
d4e8db1f82e0cb9e20627a08f75c6570

SHA1
0bbaa0da7a4970e0d39bf6795757e06bbe9ed508

SHA256
1b32c4eeac3a2fc0f511135be0e0860587b26f2ed8f43300abb0c0d5c8db7428

SHA512
80897cd4b6701a4913191d585949cdb1c0546bcbe51be343f05d3bf368481503da99efbec42820d47e8b320e8d4a64484132ec2bd415b3651d1c6030b3772440

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.vi-VN.txt

Filesize
24KB

MD5
3f9f4f035bfc7e62a2f738816481d70a

SHA1
285e59bdec371faf8c0f40817b061535cdbde6c1

SHA256
939d14d244114fe0f6c4029e0c30dd04ea38a0adb8becca7a0e51f08c184db76

SHA512
71a7b6fff112bca1531ba4f59dc0317d3e8445f61d369c01655ffd1a87a14249ba76964ffba8e4000148e03abccf04661d1a0fb1fc8384d68ca1c1a83cbc7fa7

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-CN.txt

Filesize
19KB

MD5
ca9a3eaa782ddffc8c983aea35296a15

SHA1
dc9b803494087ee40afbffffeacf5612c7b39d24

SHA256
bdcfad30fa5d1d5ecb0e54dd56de7178ef597aa63f249d7ed2170fd610a2758f

SHA512
4a8aac539465894b092515a9bdd6af1880867ee31915d1628d520ea5441f3c89d3bb6dd7dcc8dc593d902b408b2b51c6bbd74cd4ecbaf8fe55dec09b0b6987be

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-TW.txt

Filesize
19KB

MD5
639087799fde8aa16069fb4d20f394df

SHA1
4baff85e7faa2012cb00164c2fd1f29bef5a19c1

SHA256
11c40a7615896d4d9fbc1379821d1e51ac3e7064c1031fb8121f3a8069b9c531

SHA512
6b51d4c6baea44f0d2a8201845815261c2385f4b794d8d88629efe43b5c7b25bdb6b8c4f4472713e381743ace7c5361cd1fbe03d5bd3ad075100bee1f9f5ccd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
21dc3f82aa43dfe05e372bc33d6689f6

SHA1
2a64a92afeab93431f93ee7d1915a0dc5b06d081

SHA256
27067ac82f83fc339cfb2f546aeb1329b31f822e1ad63b7eab75fdd365857791

SHA512
0350751bcff915f97fe14e574fa221f0d902c95964f65ac24cbf1fd58c626469136935ad0afbfab9d64f4adbd8f1c5e008e7e5e41fae68ecb916c13d9cc91708

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
50778008891280061acda558484892c3

SHA1
80b0e1dacc0368c6482dfff11c9d684d7859877a

SHA256
801a750af0c880686f4804b631927caa02332596bd9f28665dfe2a0b977d3981

SHA512
fd293fe3e71ed59155d245652a5024f373273771a3c688860f5d681ea43929988d05eabaeb80a273a30b3fa31abf1d469c02faeb803ff19c0c6a426911b6e47e

Download Submit
C:\Users\Admin\AppData\Local\Bluestacks\BlueStacks-Installer_5.22.51.1038.log

Filesize
165KB

MD5
60da22cb9287cbe3125679dbb43fa131

SHA1
0ac3a8462071693dcca7a543d66292c8fda8a067

SHA256
8c23c4d1ff9022d1eaa0bbcd20a3d6e6cda4dadc3c46c87702db736ea279ea30

SHA512
fd16e90ba45ba17293e1aa49df4bf3b3640af2a8c4beafa774024a7dd392d9f30b1797e6adac244c1543db5370241f5585b8b1b611b140ec8a4afcaf4be0ff89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
b0366599d64b0fc1adb2a712dcd02ee1

SHA1
b7a1c09ccd2846664cab5f76bd80b8e9f107acb0

SHA256
ae1bddb9e2cc97b0c9cd78ef3cd17553be6e5204677bd67e0b8f7fa27007f189

SHA512
d7de6d48285018f8b709c81ca01688126db7893ce9f48829524ee3122aa6f2200c7f78186b5a558d0b1ecf8157ee78a20064b63b45ab89f7aa0835b8409435d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c3673a4c9da7657f9648a6b1c1393afc

SHA1
657dba6bf73ac27fb71a147ef450c8adfe247e5f

SHA256
71e032027fe13620e1d4298778855983aabb9e23d23223650bccb1df4b5b33e0

SHA512
2c7a04f2d498b971e1936423df9eaab44cec4ff64335577ce4acd7207a5aa45985aa88d6e9e6702c254aa541c6f667326cb762486f385c1ced80b68271dd42b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
40e5eae85edc06d4918f8f8491fe78a5

SHA1
048bb442f42de9b75f862b97fcf7b9bedb975da6

SHA256
cb1911c99c6214843840bbfa87161e465e67ef1dbfeedee9ecb5d76966873c79

SHA512
af6cbc0f87fa1c057d424b60a425541a9d6fcfdffeb7009e13037e5ec6e0b9b5422c396ceb89e457dfea4e9d837b19ba7cbcdac32c7c0ec085264b03d31c214b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
816B

MD5
be31cca386a177723d3442a5bb2f7d10

SHA1
f511e75482f2bcb64e4990d79d858d4a6c865e10

SHA256
d655f287a47c38c2cc146a22298ffc84535387720be6b8cb7f6c19bc81db5183

SHA512
effa47808d6fdabd99320786cb37990f92eeb5463bcc4b5725e9367f575dd399ce9673d4754287980e093c1cd8b9ea7b9a2456aebaecad3d61487cb6a151e2e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

Filesize
189KB

MD5
1221a812e4c70d38d0283584586c2add

SHA1
482c85a81897f931d12aaa243faac1af4843f273

SHA256
1d52c98af7b40a4d6f209501cdd68263164db4d9dfa6c973983a361aff4e9e1a

SHA512
07a057e116695dc6253b42789220c37bf8e8f93a9b362140fc08bdd9cbfb5ae2432129b8edd32c221eca42ee68b3906cb7b75fc7fca2a1299ae50379396fa9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

Filesize
192KB

MD5
505a174e740b3c0e7065c45a78b5cf42

SHA1
38911944f14a8b5717245c8e6bd1d48e58c7df12

SHA256
024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d

SHA512
7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
a2f9514410c843dff24053975d4a9e14

SHA1
e9721ce4e820d4401a3a1212d147323c155f9ba6

SHA256
0445551fbdf636a89715ba9ddb077546acedd364bfd089abda58c04f772af6c7

SHA512
03ddaa95d54d1b793360868fbc713584f89b78549999e981637f845291d389c0e9827a20b1c6249d481108a03413e422e000a38b5546b6688c0d8eb66123a321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
2ff2b7a5756047d334c1f2c5f5bddd33

SHA1
310b5155b608ccebfeaa8d5f93758e9ba1c9d8df

SHA256
d65cc4ac77ab1dc1cfa267e0fb97a5703f9cbaff096f7bf5d201652110fc5568

SHA512
732f686214672441bbc76eb2d9fc112b2f499481d6ba0006e6b872eae851890f28c24eda4f82fc156b6f768d4e3e8ea53dab946019106608b50b3e66eba28d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
05974223eecd34b8a527a4c43ad9dad3

SHA1
c9c44014e705bce2a27fde196f650351d6e1f498

SHA256
5318c87516a2231d61be8d7eab0265dc867bf0d50e28706c0697b27367cc3d77

SHA512
acdfb5bc178729f4c2b73e2d87b1a38b8f9cc4ddfc03cc3b8c9fb201fe3f22087ea8b2ca265a80f20751b6dc1a06588bb994a505ab2ba346575b6962e6b11720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
515B

MD5
363a01f6ce609f0ccaf2550d4f8a2ae0

SHA1
97ad2ad2be3114ff8d19d6f38d9922eb2778df1c

SHA256
ee9a139a59e735f815dce88407a2485a532848cc6c8dd2a6ff3a647bc4f1fd9b

SHA512
4119ae7730cecce75aa915c28b091f9514ced1487fecbee4073a32b8a883a5016c981b30afce9b160df906c99fa1648140983b3bb04a33eb9e450038bceb6a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e564e0219c8a4c2dcfd3d1f2b2862457

SHA1
03b84e96aa248bcad71d0677b87e17cb4380fcbd

SHA256
ad77630cefccae4fd0c20c8f1c2185d8af0840f55dbd868749150c34bd4e332b

SHA512
0102cd2e096674583beea97529068ee0c62b3b94100107d459c63883173af8f2a8dcbcc0bc44e2ffcab003793618e16ad291cfc83a65ea5841767fe71a1a234a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9da5992943f6a3cd54ea343dbe00640d

SHA1
c6b59f76193ef40dbfd6f2b2296e497ff56e9bdc

SHA256
020fd881aafd766afa1030542bd4c3cb463e94b1c96e97d177ac5bda0f5999ea

SHA512
518e1739b02a036d2aef2b817dcfe719607b41390d0b6ff0239ffa3b2678f5ce1c3981733c2a30475488b9e80d128f57b78d0355529706f7b9d59f737be8d63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
280f4b95c565168ea5876973dc11ea1a

SHA1
dcba7ffa2655989781750cc85e69bf53b9b90dd5

SHA256
a640aff510d2da01b09ac6fc1ae70b58d58d52c0f3df8d5481b683c8a60a7016

SHA512
04efe25ced067dcfb19fc1444b8f7271c57af90d5498687411e0b45aba0015893e481bb2113c493d4a14c8b73fae70d86c9a56a5cabf7973ae23885e1a4e9394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3ea4f836cfa2600d84081dcb5d6d987d

SHA1
2b2bee400487089873ebe5168fece2ce3f99b09b

SHA256
3c2773f9f9a6b11242be7713a1489b6ead3088f1631f649c0e989afc5e77cb07

SHA512
ad9ff102ddaf71bf7b65a2b015fbb32fa9129348d3dd66f63ab12572d20ba5a29123dfe65a5d8bd3e616fa31cafaee917fe0675178f03e228694ea0181e52989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1dd3abb3f849d693eee3ecc9a34f2ebe

SHA1
1d20c794128013a218daddabca6f4c9cfeaf034b

SHA256
34d4d13651590b0141d4ea492f07658c8c07ae9c722a3b2d28559b7f9de6da61

SHA512
03cec26328e77565800a2629fb84e86d82fe0639b11f161807b449ae58130349c33c437376524420837b1f9c0c7bd007520310fc6ea26f90c896362431a95c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d4598a4518ad67d03db1496364e02b0

SHA1
a47741193761bbcd0913e7bc7b46132e5b7dad35

SHA256
577e603af71f8b501d2d0fa34ca5808131af89b8a724acb5c74994ab4784f62d

SHA512
ff6e737e684806380ad637bdc745d1b150fe1d18b5f78ed8130814741ff02fc5c0c71fad3ede6439a0c39e2dc6811af2b23c00f44a2ce92192ca35663e0bb6ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
37f86999e49efb9f23671b7a03c32589

SHA1
0ee784ed289cc2735c733f311d047b3d0f9beaff

SHA256
a5e0b8ff0d403521e8b7bdf4199dc526539e5ba696126908489479fe0c015fe9

SHA512
dde220da320df526cbc9556f4292abdde7ab7f7feae271a62c58e71eebeaf4c2d67439c7917a9e37b2b66d0031d35ba6dd83ea5fcf3ee3bcff7015929e31265a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4151b828efb53312d0e231779aecffc1

SHA1
0544bf690fbbbd19a971d9fc2b3b4d2bcab9b441

SHA256
5fca0de95f3beee5624e4c076e2c5701a51edee0b687478436e8f158f271e650

SHA512
21b13e3320d51931926d3bd6d9083b3c997ae7867141141e089b4013a0a4dac6ac17ed869bfe0383527698fb3b86e5baf0f49d21ee59acccc65d0226ce39a7f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
029b4f7e70205e01e1551e4c625cdf0e

SHA1
ebbe6d4c53d2ef1b0cf3180c9263b34e6d09d893

SHA256
1aa288d6c505c6d27887a361851d816a998a51f2588dadef5a03da6b2068a9c7

SHA512
c1d1810818b20ed88a97617ee73730d37ae6cd3dd359dcac6923e9c0c7ef1d9f46314d2789de22fdec96991735fa27193e27bfdb57ca3879ba994bb894d61b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
dbe8d8f2ea03c79a8122b881666bf080

SHA1
9224bab323a9f072b32e7aa8b21e0810944ebc43

SHA256
db7718bca300b0d72a4803df2b74b6d096740e86013b35599d0c2b986eef7806

SHA512
e9f17c2e3f91244ad36feb9460819184c371e2dd43c542cbf208e72c690788517723ae9f9b6e9a1644088626c553178721789fe44024fcf04b0188854d1c8262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8805dd01cc1f450b3ef12a47f4a7d6ff

SHA1
ba1579f650d3dc4e4b0a1b00be7a25a2e932dcf7

SHA256
a47ca91e935c7cff49a08ec6470c520b8aeb54b6edca16ea99a2ce521e753261

SHA512
58ccf9427d1ce32deafa7d64fd08fac521b86362df522fb7e68c987bf28889e6fb1b24c24f164aa93491dc28721bfa02d22608dccd91b8b226bc1f6ad1a15e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8bdb10227dd38760b39bee3e49949c6e

SHA1
93384eb422df7a572e03b47d143e26ca3163af39

SHA256
e34148216769a3e4383a114820fed8ebadabb65113572bebe4c47cf28f003246

SHA512
0182192cce6320b64f0605b190a1a697951521c9d716a77a62a728d2adba62aa39cf80bf38125e2e205f71aa68b237be99e4acc90645f3b2f89c4d82d78c73af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e8967aed341c5d843e24e4c513992ab6

SHA1
de66c2f52d04ee4eb48ecaf4e750c2bfb021ef4c

SHA256
6db14e1b42076172aef597f328ea691c7f6f57831f1996eef70c94518cb99bbf

SHA512
d2cc932789e787002401d21803b343d80520ce19cec4627adfec9360880f88e7f98e9a488e965fc9005644ecd60a39376d09222df94405ba10ed97829f30c303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582dd1.TMP

Filesize
48B

MD5
14e38487efe413d6442b5d209f0422ed

SHA1
fe1ac0b162aa1d9fea0f1ad7f84d5851624b7474

SHA256
bb35d9f2bdd0c8c3315be9f6e8f80dbcb968a2206a136eb24357920246b4332b

SHA512
d3e0dac96e018d2cc69bad94056b215cab1aefeb0cab66df767a59a6b26a2befbc29d7f269560a187fa9afbc391f9c8afc7d3c34f5ab9219046f9772d3b5c031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
130KB

MD5
83f6f9ead81a4b093b863898965aa0fd

SHA1
b6273244d1261d626c09496395e70e499bcb0ea9

SHA256
5163a83c0e5df407498a2f8ad473171646c045a18ce99ea4a5c8b971cb1daed8

SHA512
c57af1cb83332e0caabfbf782c071603af2f195b8271c7523c2e144768513261817eb4b4dbcebbed9027cb669d601c176159c7744404dbe95cc30fd8dc9ebb42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
bca4b46e4eda680f0c2693f8726f2868

SHA1
6aed8467010132313731f787ebba118e95e43156

SHA256
d1e2e0eb02fef9b9265e3cefa4c9ac8fd8f0ff9f3c1b1fca22a9deb8adb57b3d

SHA512
29d99cfa5817f1c957c0315ccce7e4849794448b2c988075752ab463bd8e660ef923c1e818192749e84a81e72f6e35da663c5cc100cdde2f5047aef63f0abeec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
a66d7985e744e5d3f83b0a4466b558e9

SHA1
10d4bb63472ed15e7dfb3a5df625305e12cc4486

SHA256
2585d340926c62c1fe39728e0dac71dcbb02f9216958ea8a951717b7a58b7579

SHA512
b5e7101ffe25806a000de8f091982d6cb4a0dc75ed6545cb07327f29223d2e500983ef0b5916d117261dcd3bfb0df8f6c894541ba18e902d3584d3c6852ebf8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
92ef5163ca800eb85a286e68abd2fdbf

SHA1
f69ac6d96cba7a6d6de2e0d1a335525d59be40f5

SHA256
f6da0dc45e1603db8b63bc5cacdf0db1b15093e3f78fa5115f501d480a306d2c

SHA512
9e91375ce7659f5a2823e02cbdf6697329b5435d6f6c858e0053103d377d5e3870565bdc72cdc0485eb0f1e4598c9999e647300ad432a52aed0e90df84372cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
07dc3498f7a4709999ed54271f23b3e8

SHA1
7d43f19e801970bf32dd2a3fb4803140c605bbad

SHA256
81c393ff0b8985d9298cea46c3cecd1fa8fca386f4307726f12791ed4ad67d11

SHA512
56be51a807cdce8f65cde087c664fc4e234a26688906a8c65a6734426b276e214925dac884c0fe84baf0f181f6f90f712c1c324fec05355225249e9be57eda25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
111KB

MD5
77159809946c058d0f629437a70922d8

SHA1
fd9bab184eb8654d5e4d54b7339b9e8cefdf6ebb

SHA256
9663837bf0838b6ee6c8e8c341c69db23d99ca3cc420c4373c7b969a7a113a11

SHA512
aa5ac6a3ca873d4d680354dc46598ef78de86ba8c775f5c0520e19124bf6e424596a12e9d1877e08acb3e02fead4e7c54748242c1856e504ac78f776b1093f16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
17d134f5ef73e6b93aa80532f56e13c6

SHA1
90738c7f7ae983d9ab7249faab0e417af696678a

SHA256
93e191a13590e5d16f72aaf817de9eb980158dfd0b4753164d7b0aa781efc5d1

SHA512
5b0396fb7e4707305cb915eb0187746e910087e7be7205d805424d124f73e15321a62203edfa417f6eb9bbad2d52a58bb0f86a11b9750069e1e815fd9f32085d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
187KB

MD5
ac7f74cf82f2450a8294a42d2c9a8330

SHA1
c68dd6073543013ad3bb9b57c7775076d20b3670

SHA256
fe3aa4386c768997fb9e37216f618572de1417eb272128589ae2a5a756fb30bd

SHA512
c90395e9977b13220d6d6e70ff3025b09b54bf83cb97b0c5bb80db55ad69daadffba7b674a3dc6881c1d7d2fc1eea3a2f14ce4c2ab1d0e8cf279f2db37e79938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\2fb66542-f836-47b0-a6df-e972b97aed5a.tmp

Filesize
7KB

MD5
da112d9064701cef260655138496d93b

SHA1
772db3afcfb06ac6661abed47613d6a262be3982

SHA256
ac3e65d9452369021ffa35ee478b0fe939ef726fe53ede23e4ef3ce46a232ee0

SHA512
9699d1dd5fba5c4bb356527f6ab04a6dc797c2c31b2692d1a7eb579e6248123add5930cde9c0780580107caaf0748400c43a7f5dd6dd801bcc0f23f313decedb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\417c1805-22a9-45a9-80f8-3a43c954155c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
632562d71e63af14c9997b5e502fb3c0

SHA1
5814452b3b6b6083e54f43390334a8680e0d854e

SHA256
024f1e09f5e891a40c272376571f62897d30d4fb8fd5f4093fa9825107b71d6d

SHA512
043dcf6e3bebaa0f7e24714ff3d09077fb4336777cae0001e7dcbe4a6d72cd5d87fc257bc0cfb42b4073ce21af05de05e3d3a6c478f1ddc1481e46456187237d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js\index-dir\the-real-index~RFe5938e8.TMP

Filesize
48B

MD5
42989a043bd214b94821519b5f11dae1

SHA1
59ed6b1b2a1c14b0d8e46278002c7c1a3a8e1c20

SHA256
fa56b19a9ba108124c24696478763b9a7281705b25d35ed2a5498a20dca64225

SHA512
69ed9794d49123a17d377c5a5fdeb2b0352f762749524f6e2908e1009a297ebc0d46ebde6ff06ffdd5aa616f79b280ed25c2e231d49f6f78969278c19d56e321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_metadata\computed_hashes.json

Filesize
5KB

MD5
464bbf1f8bc004910811d3595302dafb

SHA1
092d5d0ab90e39e7426e2cdb11ddb142268e5389

SHA256
fd892466b234706ba329fcf5e26b1c2a052478f84d320b55c3f4ac79dea9c8b4

SHA512
813c900f1067de596d6c14a5429e88a3073989f72fc29188e8581b72f21c35c11c661358d51dea82dc40efae820573f464988007f51cf07bf470c778a63dc28b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_metadata\verified_contents.json

Filesize
11KB

MD5
66ca3b4324ce2f09906c7a1d16a1c10f

SHA1
38597793e98446b853f4680f0e3f51798d93b390

SHA256
fbe9c4ba4b6178a2daf160a237c1e89ab73ee89ebd4faab490c8b4802b4976b1

SHA512
66fbf9e23ca0441a2018297b9e8f9ae3545e0f4c5165e0a4805948b23ed4a695e033a501b323d54300608763936bc66220405ec703ad5cb955a787f8b92bda12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\manifest.json

Filesize
2KB

MD5
1048f1f4d861f5c812e5bc268eb68a06

SHA1
4c9495a3202f63fd0878086f27310db6d3bf5be9

SHA256
8b3b5b96a5d6d7c613052b4a751c6632f5f91cb0a912c96e515978999b6f43f5

SHA512
158ca9fc4e59568c8d04b8f6ad16fd8216ee10d8869ce1e2dec844e52d3d3b19bd98433665fa003552e8896a2691531141ee11fef212d8d66283d7002ece8c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\service_worker_bin_prod.js

Filesize
130KB

MD5
d47e43b89edce51bc01fa656962401fe

SHA1
8cdc456964cfbcc7ca62e58d6258c8535b48d980

SHA256
7e2aa9557db237ee59473f8079197e4de851f8faddf3575bc345cbde6aa49dfc

SHA512
548b6d023154d4404567e331ffdd7a740d6144924fd489e2d7fda4a18db94c67bbc493b72058e92878b8d2d1a8cbe58bf4ae7c5f73d7b3bbe6909c8e78bb828f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\GPUCache\data_1

Filesize
264KB

MD5
656ff361862c30b41a81642e761ccacd

SHA1
8df6a420ddaad89c369252b1085feab9798d5ba5

SHA256
63063e917ba75406e6c000ba86dbc5c62c5b49299f0e0f94cdeb7fcae483bfb4

SHA512
fa384d107b3fc7948b2d32ca8ccf957e0aa466fc81b58db7f2223821f8989f3c3763783445f84fa063029381b6c92ab2459ee9be2981960b9e64307e33144d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\History

Filesize
160KB

MD5
9b85a4b842b758be395bc19aba64799c

SHA1
c32922b745c9cf827e080b09f410b4378560acb3

SHA256
ecc8d7540d26e3c2c43589c761e94638fc5096af874d7df216e833b9599c673a

SHA512
fad80745bb64406d8f2947c1e69817cff57cc504d5a8cdca9e22da50402d27d005988f6759eaa91f1f7616d250772c9f5e4ec2f98ce7264501dd4f436d1665f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Login Data

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State

Filesize
885B

MD5
70fac7fe8c8309d73fe270db5fa98531

SHA1
2afb233809eaf131db4754edc181128522bd3aa1

SHA256
da2007edda21507423bc5d38352235bb9a1a47c209880b5d4e147736d957c197

SHA512
ae7625e4e184652181d43732db53bd808b342df78ba79af6331e326ce4f183824e9daf49e4302d82fec5822b6e192d0f671c2d7eaa015dc507bd396c3c2a7444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Network\Network Persistent State~RFe5a0447.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4d0f8d82c0e68e05add4c96d33868ea8

SHA1
78c5e8c1dc33f9acf4cdb21cdd9d1cec7d129b2b

SHA256
974c6e514faea727e22778f4fadf3e873ddf1c030808a957cb93dd4a4e2e9f15

SHA512
8fb39df950ad0c1373983289b87e77b0ff2a685e8518d0542f2fb5124c1c3bbf64bd9cab4dcc71af0be8f5db5d69e4eb6efc04fe8932969427ed94f5dcc9e65e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\ScriptCache\index-dir\the-real-index~RFe594481.TMP

Filesize
72B

MD5
6fae9aa54a9439178711f97d3313b0bf

SHA1
45bc43b82e7e045cd1634fd4496fb90eb33c19f7

SHA256
8c62df48ad572ea19fc6bd452577a8a937e81b26fb79671c4b2c827514beca19

SHA512
5a83da86d6f25a9eb16d61808e98c0d7445ab2485d3a73e16d22d31c6616256bc023023130c1ddbc4f8cdf000129bbee97c544ada0209f4cdf6079de08058396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\32.png

Filesize
1KB

MD5
2e53a0da3d561ad9fd7d70f2797242d3

SHA1
74c07d8e040d385168885859ebb084dbcfc278f3

SHA256
f18dcb72e3b35b082a4ff8e36897a0e571eea9ce3faa4df01c25db03e242cadb

SHA512
2128a52cd3e8ee8d6485742324409e716cffec6f0a404178d6ebd532948ee6a9b973515a5d68d4f787b914f18427b99d50fd86b391f6e1d9a757bd8eb4bfb0b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\48.png

Filesize
1KB

MD5
d6b943b4b8bbeb32f00a8874ef1e706f

SHA1
5f1666f9f8546e8e044b01f98753016d31467203

SHA256
1957de0f0d150691cf50136cc8af5557c69594578292632284981dc90bcf20c3

SHA512
2dd204e93ab1d6847d3ef182ee35dc9dcc78c5e807d5881aa562f407c7a78a08bdebd0007bc836970691740398dd567e13bfcd256ec07b97a13a26f046675b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\64.png

Filesize
1KB

MD5
5de2b8db0c9986b3eee601b1009ef623

SHA1
9a267178a3ecb89904d1f6a973a659f9ff8dee61

SHA256
26ef3a9f36aac1eca1805249a02f749d420c7d1513847adb25a2e4ec887bd17e

SHA512
1e3e4cc7f663dd47a7ccbf4721f7a0f28eed3df8b5193492279217e30a8b1330131625a1e2030e923a3914593097b700fd2073be66dfda315f38e785fc97f264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\32.png

Filesize
1KB

MD5
a3a00ef924278ba60be0fffeec04995e

SHA1
69ab25402bb5ef6d99538ec8044c6edb128be0d3

SHA256
a5670fe56dbae316511d6f8c7349477c69c53dc59fe5615984eed5c8cf55a717

SHA512
fd53f2c0e8f493817f5ff5c2f9b87ffb82a11bc2b56a9798072efdf22677d2760bc489a2c8d76fdee6f65a0f4509d4bc257851811b4f720120780e796c6bc4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\48.png

Filesize
1KB

MD5
5bfbb6b6a7e313f5d67a1219f7866c4a

SHA1
c49ec46ca5fb945b582c99b47a2b7c09da8f766e

SHA256
6dc4e5c4c1722173cb9d40e7edd2947c12677b12fd2fdd6e2544bda6bb456ab1

SHA512
55928faf39965083855cf6e1a8bc477560b41f3d8d8f678de7271960c6b59b7f2a256ae4e03428f86c1fc0e431370512e9c69a5631cad9e103e8978faa10ac13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\64.png

Filesize
1KB

MD5
0aa5ac35c79f5cb38dd5fafbabf2983c

SHA1
36658f24dbb49f5ff2a19897b22071f72e523f12

SHA256
3695587d1d40ba3171aa991cb77e6c9080b550db7c3d3b52097c1723ab060f32

SHA512
fcbc8a65c4b852c848a13fa12131fa7b17b1310ad3278e78545e8334ddf199b627110bde2fc0a5e7312fad3a5f12b0db54c665d00f1feb1cf3b7c4b18e7569e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data

Filesize
130KB

MD5
44e343cc85d89225081ea46d8f811ae8

SHA1
97ddad35555a48b75a6091d325bfab5bed269d5c

SHA256
400216eccaddca0e4d2b6a13c3eff74b3a9a50f4b27fd6819c7cf751d066c3c8

SHA512
fd2c4977d5934febe0c36b905c358f4793162e55a7c4c29cbf4018a47a6c8e25a47845928c91d2712f6aa47eefb7dd1169ae28daa252b678752e5d08400074f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-wal

Filesize
108KB

MD5
0814097043f91831fc55144b924a8b1b

SHA1
66b25faf32047f33adfecef2239f5d516b892089

SHA256
aab1375563ae309abb0079d12f2f8933679712e9fe8dc17f1f5b55837a7c896b

SHA512
18cf0f3a7c290b9d191828cc363f65a684665be72968a95a31bc4f3c2c9e0e014299441c1436fd001c9ffb3a3f15cd21e7c205c120546991f7a0cc652a50159f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
e5f3655796637b7d0f4a8ed402e119ea

SHA1
3baaf516676664d46727759914745776a166016a

SHA256
22d91a4321390a9445110f04d5600f49f03604a2d7ecadd10c663248295c88dd

SHA512
2125899d678c926c9f85ad81892f8ee91aa0a74e4c533bcb6e48675ebf0eccbe0db17998f3e3ab961cf3beb8fef7f950588398c5868327aa2d33f81bde797ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
02269b0260c60ea857eaac649f9f39a2

SHA1
6ec8229570831f2e9dcbf951f100eb851e16050c

SHA256
4c72230d3ca84e310d759377a3b7972479d2663dc825774ab582dc67c9dc39ac

SHA512
762f16ad7f0690ff31fe771654d698d7b39e8b360f908317d655c87776d705771f0f5931353791f6cb9aa5c8faddcfc7023ad0bcd26ab4812c0d4861e9e1cf6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe614cc7.TMP

Filesize
3KB

MD5
84620dfce5ee89c0057731ab28e2b445

SHA1
c466f7bcbfa3ade02869c1eba3d2cc233cce9e25

SHA256
32d1bb18dd8d1ec760d439c19a6e6ad436ba6d6a185df5132e298b8f4b316452

SHA512
69eb0713a3b4bb451b6bc4ac015038b8e09149636a737b6391c90722088b2be1cdfb7fdb011cdcd9201d3b2f04db682954b727b65e63da8ea7e26d53b6ef2cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
e676641ddbec146668cada7a3f80d738

SHA1
2d196b150388327c81eb9763be1d9f1e7ac51d60

SHA256
a808d4629ec3c92e730331e54f59e9290c5ad365cd20df146216c8ec552f8134

SHA512
d417a59e75ec48485fb0b6b33c45bfa37440336708e97527a3af9f829c0897c75228520dfafcdba8be312e291af05e01c8c802fa511e88d4b3a0a74d276e9f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
8655a49339c298dffad371941a950694

SHA1
9d99f524f4f2dfd7cba85cec0aaa8e6796f21ccc

SHA256
02b8a394efbcbb3e12bf5849d25e66b31f98cc23421457a508c6707185bde409

SHA512
db33bb13e612d01227acec7607de3d2a044894675108c6deaf9891da176e6702c38fa16a420aaa28fad7f075f2c6c99925b80ecfa76c3f0522dfcb7321822882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9824e33c0dfe5f5a1d8f2846baf8cdc8

SHA1
18d977c70d50ea12af02de64319cb1d7f806d3e7

SHA256
0ef705c1bba50a661695bfd03f651c6ece912b4f8527b610c2501006cdee4a9d

SHA512
00f32a2dab5be7ef69660be706ff77dc3cf7ca6b6882e4287205c644b9e1add17bb01e8d59b4eeb80cd3d0cbf92a3cb6bbc07835c8817e5ef5be90c171044379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
9532caafa759a894d1b79c641bd44f47

SHA1
f3acba2347c145e77b7ecba9e1cf26ea1ad9a6cc

SHA256
88e9cc74cbc77f7a324905883ca7a3a11604c1f36e2844455a70df6d2a660f2d

SHA512
3aa221733034d4544150ff4f677a6000d95b7a6dd4738aa1fe7ad6da213e9b53a15505e524b60507aa466e10ef699bd2bd0f69d45ba7627e92fa6541e7ae6ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
ca1b2434f78b6b2256b4217862428ce8

SHA1
29453c64bdb8dae206de43210cdf56ba3d3327b0

SHA256
ea74bbd3aaf7d29989e6a9f28e269e4bfdec14b0775117ced756961fa9e59b03

SHA512
3f06a9389089b12f6e9e2628cb95d07e2d6f7ef209fa0fd734b126560e560c6010b890d938b8390ae8752187e2d78c161c51512f95d770ad6851937d11ffb3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
d5f2c4f72141f25faff27fa187ae772d

SHA1
9de1ddc0cbfbbee65fe284db26d8da7081b93641

SHA256
5d42572605c5bf10aa473ad0f1887300f4c8f2f854950eb0f8bb35aff0b16115

SHA512
75ccf1aa89ecc1a635625612ccad14a12d051cf7fc04c8e0caad48f23e0be100444c08f563e2b2f73b680aaab7d891a2859ae4eb7267ec82f78a0a67a3ac4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
ee1be004bed0d1170dc0f24e14057793

SHA1
1af4893b73d67ce92a2987b68971b7d2e6acd072

SHA256
c4946cbf8385bdc5e147d96899df414a8979ab32bacb98065b7226e389355f9d

SHA512
e4f173b1d87ee0471b6f400f037ba32cad58073947912adb66f3154615001ff423f7895c41c9fbd1bf13cfc0b60a8d2d8bef5bf37981ad96c47b3dc84e96be43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
9afcd13230ac51d6218fa68c001a9f93

SHA1
c9b5d4b4066c5b2ed240c6366e790e7f84befdd8

SHA256
ec08a566276dcf512eac8ad5266b96c42ee1ff7ad954914851ad803f7b326b2e

SHA512
a3241c1872990cd101ec8bde85d34ec3134c656459c3f516eab501475389088efe5503d4022fae1c68ec9b4d5fec2892c3296776577bf87b34f6a7ec565fbe9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F704CC47-5FE3-4266-AD4C-F0EF342BE049

Filesize
178KB

MD5
17dcaa6589f58ac4f4ca17aa494ee39d

SHA1
827e7ceb4f1cf2a2692a14e858b9b4c985459659

SHA256
c0a51ccb1f6262571b412d91226694446682c5a69eacb06c9db21385c73bee4b

SHA512
27bb8457a7ba747df9b3c443f40d79817fe57052e555e310d63119946e3bf9b837ecfd9b6560865cd85ac4cb3e41b4db93f991a40b03ee344768356ea4bda722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6xthhun8.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
63fd98beb30606cb749beb86e1d4caf1

SHA1
dfbfd8a1d14b755b252be65ddf2257938571d699

SHA256
48dd3cbd5289f07d9d9a1285aed3914b81098658ee79530346475978454807cc

SHA512
c209404784ee9df200525bd0fcd2293fbe556c17deaa40d9b641742e215723e60ad29f7703075f25e6ef27016d0412ea80b2e0d55d1e89eb236f2998686b8f12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6xthhun8.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
54b43e30f3f73ad73311905c254e3c30

SHA1
c0ee742967805afcede09dd959cd0ead9ddffcfe

SHA256
96a853ea7786e91772f2c7d6636883db5ad15a9ddd121aae27e39315759357d7

SHA512
99c23425fc2daf8c4f4eda58da0783efe5263271ecceafb9d26d1129f84d04f2b3696238ed388a3c0c365f6a03aa3bc4078128de802f71eed24b701130511263

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c1abe582-38e2-4dbf-b6c8-40b6a925ab5e.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4510369F\Assets\discord_icon_click.png

Filesize
512B

MD5
c11cc6a9edff1694a71584413dd47dfd

SHA1
3b84fbfab8b53db95e8fb1b409193624fc8359dd

SHA256
6b126c8a7015c2274e6a2ac969e0f31ecae421e1652b446b2aafd2b03d0dc3f5

SHA512
bdf3ff3a1b8022521cba870334b11bd9c877b84bf134fc4710f0c9e8fe3703a2604915a24ae6738a3099b7e80f0f5a8d9b161c74fc36ee217e05581d88d728ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4510369F\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4510369F\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4510369F\Bootstrapper.exe

Filesize
153KB

MD5
a46a16c053f3a9b551b56e15278fd101

SHA1
06e963bf6678977e06237fc661fac930050739f1

SHA256
6af777a9fca3366c4950edee987ca90eb1a54fe96093f1607581bdf0a4245cac

SHA512
d7685132c2e5eb3f23f5c945d6e652259833a8694aaf9b6b3af601b4043ff5317000e0f508d5809f3819a9953f59b864f6eb0e659c1ec32f9db8a7bb2aa1fa23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4510369F\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B4C41ED\Assets\change_hover.png

Filesize
310B

MD5
57092634754fc26e5515e3ed5ca7d461

SHA1
3ae4d01db9d6bba535f5292298502193dfc02710

SHA256
8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1

SHA512
553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8B4C41ED\BlueStacksInstaller.exe

Filesize
640KB

MD5
d4bf8a709b1b1033a8db56258facc1b9

SHA1
33c012900e82cf7d8cb449da7f4be45aa190055a

SHA256
98a346591f99ee730879cbade7adf8ca703840ebb76364176cceadf6a8e8844b

SHA512
7042c7facf6e176f00a27585458cc819a544f1b3709ccb28f9b46c10f3ec974ace8aa5a25868c677532e37101ecba19c65beb3f29b8d8a382becf18679adeb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Assets\installer_bg_1.jpg

Filesize
30KB

MD5
efb63876389c300433587a29ce85f258

SHA1
8eb00659e003a934c8538b6e5a2be65ea097e5c9

SHA256
873030e34515538dac3efb98edec519596439fa05b7aad37f6137ca954ba41a6

SHA512
3c4a935f949e70199333889ba54870930858e54bf2ee0ac2a27f814710264ae30c474c4cd9e59835cc9bdc9da8c7eb25b963f02ee34767b3738f43988084059d

Download Submit
C:\Users\Admin\AppData\Local\Temp\c2063c98-f77b-4e4d-a214-98082de4ccbb.tmp.node

Filesize
2.2MB

MD5
d4d4556d90276bc091ec53366a7b893d

SHA1
81be395f58241ac117fdf6b2a87d2a5f9e2fca3f

SHA256
dadb2fc7fa9f6a8691661a90d5b1ab80f4091c1b8a5becf1959a977e8aca025a

SHA512
14d439520c958e00505b74c8a584ef56b0384d73346b7a67710e4f55e06ac5c06dcfd3d0f3cb9fbb978ed0b8dc42af4a9916fe8f6d619bf06cffc839b071c0aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh2E8C.tmp\Registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh2E8C.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh2E8C.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh2E8C.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh2E8C.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh2E8C.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp5EA.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp5EA.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp5EA.tmp\nsDui.dll

Filesize
3.0MB

MD5
827b3ebec9e5ccd66bfdd6118fd362f7

SHA1
93b50874dc873077902b989d6f42ff27b2ab6114

SHA256
730715172ca96136d4ef37005f5087b879369da0d216a4d853b40f3b144b64c7

SHA512
cc800618f634cd805d0f54d8a70e2887605724443bcf09f323f057cde79323f9c701bad9cbab45c30fcaa8de21d05b7d35d0513f0d2e7ad9d0da16f55b24af6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\128.png

Filesize
4KB

MD5
35696aba596d5b8619a558dd05b4ad40

SHA1
7ecc1dad332847b08c889cb35dda9d4bae85dea8

SHA256
75da533888189d13fc340d40637b9fc07a3f732e3fcf33ec300f4c7268790a62

SHA512
c32f20865f736b772844aaa44572369e7ae85b9f2f17f87d61694acc54487309a32bc4830ed8d9cee8b593babecf728c1ea33c2b9588649be0e4f1e6ed7ee753

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\af\messages.json

Filesize
908B

MD5
12403ebcce3ae8287a9e823c0256d205

SHA1
c82d43c501fae24bfe05db8b8f95ed1c9ac54037

SHA256
b40bde5b612cfff936370b32fb0c58cc205fc89937729504c6c0b527b60e2cba

SHA512
153401ecdb13086d2f65f9b9f20acb3cefe5e2aeff1c31ba021be35bf08ab0634812c33d1d34da270e5693a8048fc5e2085e30974f6a703f75ea1622a0ca0ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\am\messages.json

Filesize
1KB

MD5
9721ebce89ec51eb2baeb4159e2e4d8c

SHA1
58979859b28513608626b563138097dc19236f1f

SHA256
3d0361a85adfcd35d0de74135723a75b646965e775188f7dcdd35e3e42db788e

SHA512
fa3689e8663565d3c1c923c81a620b006ea69c99fb1eb15d07f8f45192ed9175a6a92315fa424159c1163382a3707b25b5fc23e590300c62cbe2dace79d84871

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\ar\messages.json

Filesize
1KB

MD5
3ec93ea8f8422fda079f8e5b3f386a73

SHA1
24640131ccfb21d9bc3373c0661da02d50350c15

SHA256
abd0919121956ab535e6a235de67764f46cfc944071fcf2302148f5fb0e8c65a

SHA512
f40e879f85bc9b8120a9b7357ed44c22c075bf065f45bea42bd5316af929cbd035d5d6c35734e454aef5b79d378e51a77a71fa23f9ebd0b3754159718fceb95c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\az\messages.json

Filesize
977B

MD5
9a798fd298008074e59ecc253e2f2933

SHA1
1e93da985e880f3d3350fc94f5ccc498efc8c813

SHA256
628145f4281fa825d75f1e332998904466abd050e8b0dc8bb9b6a20488d78a66

SHA512
9094480379f5ab711b3c32c55fd162290cb0031644ea09a145e2ef315da12f2e55369d824af218c3a7c37dd9a276aeec127d8b3627d3ab45a14b0191ed2bbe70

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\bg\messages.json

Filesize
1KB

MD5
2e6423f38e148ac5a5a041b1d5989cc0

SHA1
88966ffe39510c06cd9f710dfac8545672ffdceb

SHA256
ac4a8b5b7c0b0dd1c07910f30dcfbdf1bcb701cfcfd182b6153fd3911d566c0e

SHA512
891fcdc6f07337970518322c69c6026896dd3588f41f1e6c8a1d91204412cae01808f87f9f2dea1754458d70f51c3cef5f12a9e3fc011165a42b0844c75ec683

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\bn\messages.json

Filesize
1KB

MD5
651375c6af22e2bcd228347a45e3c2c9

SHA1
109ac3a912326171d77869854d7300385f6e628c

SHA256
1dbf38e425c5c7fc39e8077a837df0443692463ba1fbe94e288ab5a93242c46e

SHA512
958aa7cf645fab991f2eca0937ba734861b373fb1c8bcc001599be57c65e0917f7833a971d93a7a6423c5f54a4839d3a4d5f100c26efa0d2a068516953989f9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\ca\messages.json

Filesize
930B

MD5
d177261ffe5f8ab4b3796d26835f8331

SHA1
4be708e2ffe0f018ac183003b74353ad646c1657

SHA256
d6e65238187a430ff29d4c10cf1c46b3f0fa4b91a5900a17c5dfd16e67ffc9bd

SHA512
e7d730304aed78c0f4a78dadbf835a22b3d8114fb41d67b2b26f4fe938b572763d3e127b7c1c81ebe7d538da976a7a1e7adc40f918f88afadea2201ae8ab47d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\cs\messages.json

Filesize
913B

MD5
ccb00c63e4814f7c46b06e4a142f2de9

SHA1
860936b2a500ce09498b07a457e0cca6b69c5c23

SHA256
21ae66ce537095408d21670585ad12599b0f575ff2cb3ee34e3a48f8cc71cfab

SHA512
35839dac6c985a6ca11c1bff5b8b5e59db501fcb91298e2c41cb0816b6101bf322445b249eaea0cef38f76d73a4e198f2b6e25eea8d8a94ea6007d386d4f1055

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\da\messages.json

Filesize
883B

MD5
b922f7fd0e8ccac31b411fc26542c5ba

SHA1
2d25e153983e311e44a3a348b7d97af9aad21a30

SHA256
48847d57c75af51a44cbf8f7ef1a4496c2007e58ed56d340724fda1604ff9195

SHA512
ad0954deeb17af04858dd5ec3d3b3da12dff7a666af4061deb6fd492992d95db3baf751ab6a59bec7ab22117103a93496e07632c2fc724623bb3acf2ca6093f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\de\messages.json

Filesize
1KB

MD5
d116453277cc860d196887cec6432ffe

SHA1
0ae00288fde696795cc62fd36eabc507ab6f4ea4

SHA256
36ac525fa6e28f18572d71d75293970e0e1ead68f358c20da4fdc643eea2c1c5

SHA512
c788c3202a27ec220e3232ae25e3c855f3fdb8f124848f46a3d89510c564641a2dfea86d5014cea20d3d2d3c1405c96dbeb7ccad910d65c55a32fdca8a33fdd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\el\messages.json

Filesize
1KB

MD5
9aba4337c670c6349ba38fddc27c2106

SHA1
1fc33be9ab4ad99216629bc89fbb30e7aa42b812

SHA256
37ca6ab271d6e7c9b00b846fdb969811c9ce7864a85b5714027050795ea24f00

SHA512
8564f93ad8485c06034a89421ce74a4e719bbac865e33a7ed0b87baa80b7f7e54b240266f2edb595df4e6816144428db8be18a4252cbdcc1e37b9ecc9f9d7897

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\en_GB\messages.json

Filesize
848B

MD5
3734d498fb377cf5e4e2508b8131c0fa

SHA1
aa23e39bfe526b5e3379de04e00eacba89c55ade

SHA256
ab5cda04013dce0195e80af714fbf3a67675283768ffd062cf3cf16edb49f5d4

SHA512
56d9c792954214b0de56558983f7eb7805ac330af00e944e734340be41c68e5dd03eddb17a63bc2ab99bdd9be1f2e2da5be8ba7c43d938a67151082a9041c7ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\es\messages.json

Filesize
961B

MD5
f61916a206ac0e971cdcb63b29e580e3

SHA1
994b8c985dc1e161655d6e553146fb84d0030619

SHA256
2008f4faab71ab8c76a5d8811ad40102c380b6b929ce0bce9c378a7cadfc05eb

SHA512
d9c63b2f99015355aca04d74a27fd6b81170750c4b4be7293390dc81ef4cd920ee9184b05c61dc8979b6c2783528949a4ae7180dbf460a2620dbb0d3fd7a05cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\es_419\messages.json

Filesize
959B

MD5
535331f8fb98894877811b14994fea9d

SHA1
42475e6afb6a8ae41e2fc2b9949189ef9bbe09fb

SHA256
90a560ff82605db7eda26c90331650ff9e42c0b596cedb79b23598dec1b4988f

SHA512
2ce9c69e901ab5f766e6cfc1e592e1af5a07aa78d154ccbb7898519a12e6b42a21c5052a86783abe3e7a05043d4bd41b28960feddb30169ff7f7fe7208c8cfe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\et\messages.json

Filesize
968B

MD5
64204786e7a7c1ed9c241f1c59b81007

SHA1
586528e87cd670249a44fb9c54b1796e40cdb794

SHA256
cc31b877238da6c1d51d9a6155fde565727a1956572f466c387b7e41c4923a29

SHA512
44fcf93f3fb10a3db68d74f9453995995ab2d16863ec89779db451a4d90f19743b8f51095eec3ecef5bd0c5c60d1bf3dfb0d64df288dccfbe70c129ae350b2c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\fa\messages.json

Filesize
1KB

MD5
097f3ba8de41a0aaf436c783dcfe7ef3

SHA1
986b8cabd794e08c7ad41f0f35c93e4824ac84df

SHA256
7c4c09d19ac4da30cc0f7f521825f44c4dfbc19482a127fbfb2b74b3468f48f1

SHA512
8114ea7422e3b20ae3f08a3a64a6ffe1517a7579a3243919b8f789eb52c68d6f5a591f7b4d16cee4bd337ff4daf4057d81695732e5f7d9e761d04f859359fadb

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\fi\messages.json

Filesize
911B

MD5
b38cbd6c2c5bfaa6ee252d573a0b12a1

SHA1
2e490d5a4942d2455c3e751f96bd9960f93c4b60

SHA256
2d752a5dbe80e34ea9a18c958b4c754f3bc10d63279484e4df5880b8fd1894d2

SHA512
6e65207f4d8212736059cc802c6a7104e71a9cc0935e07bd13d17ec46ea26d10bc87ad923cd84d78781e4f93231a11cb9ed8d3558877b6b0d52c07cb005f1c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\fil\messages.json

Filesize
939B

MD5
fcea43d62605860fff41be26bad80169

SHA1
f25c2ce893d65666cc46ea267e3d1aa080a25f5b

SHA256
f51eeb7aaf5f2103c1043d520e5a4de0fa75e4dc375e23a2c2c4afd4d9293a72

SHA512
f66f113a26e5bcf54b9aafa69dae3c02c9c59bd5b9a05f829c92af208c06dc8ccc7a1875cbb7b7ce425899e4ba27bfe8ce2cdaf43a00a1b9f95149e855989ee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\fr\messages.json

Filesize
977B

MD5
a58c0eebd5dc6bb5d91daf923bd3a2aa

SHA1
f169870eeed333363950d0bcd5a46d712231e2ae

SHA256
0518287950a8b010ffc8d52554eb82e5d93b6c3571823b7ceca898906c11abcc

SHA512
b04afd61de490bc838354e8dc6c22be5c7ac6e55386fff78489031acbe2dbf1eaa2652366f7a1e62ce87cfccb75576da3b2645fea1645b0eceb38b1fa3a409e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\fr_CA\messages.json

Filesize
972B

MD5
6cac04bdcc09034981b4ab567b00c296

SHA1
84f4d0e89e30ed7b7acd7644e4867ffdb346d2a5

SHA256
4caa46656ecc46a420aa98d3307731e84f5ac1a89111d2e808a228c436d83834

SHA512
160590b6ec3dcf48f3ea7a5baa11a8f6fa4131059469623e00ad273606b468b3a6e56d199e97daa0ecb6c526260ebae008570223f2822811f441d1c900dc33d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\gu\messages.json

Filesize
1KB

MD5
bc7e1d09028b085b74cb4e04d8a90814

SHA1
e28b2919f000b41b41209e56b7bf3a4448456cfe

SHA256
fe8218df25db54e633927c4a1640b1a41b8e6cb3360fa386b5382f833b0b237c

SHA512
040a8267d67db05bbaa52f1fac3460f58d35c5b73aa76bbf17fa78acc6d3bfb796a870dd44638f9ac3967e35217578a20d6f0b975ceeeedbadfc9f65be7e72c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\hi\messages.json

Filesize
1KB

MD5
98a7fc3e2e05afffc1cfe4a029f47476

SHA1
a17e077d6e6ba1d8a90c1f3faf25d37b0ff5a6ad

SHA256
d2d1afa224cda388ff1dc8fac24cda228d7ce09de5d375947d7207fa4a6c4f8d

SHA512
457e295c760abfd29fc6bbbb7fc7d4959287bca7fb0e3e99eb834087d17eed331def18138838d35c48c6ddc8a0134affff1a5a24033f9b5607b355d3d48fdf88

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\hr\messages.json

Filesize
935B

MD5
25cdff9d60c5fc4740a48ef9804bf5c7

SHA1
4fadecc52fb43aec084df9ff86d2d465fbebcdc0

SHA256
73e6e246ceeab9875625cd4889fbf931f93b7b9deaa11288ae1a0f8a6e311e76

SHA512
ef00b08496427feb5a6b9fb3fe2e5404525be7c329d9dd2a417480637fd91885837d134a26980dcf9f61e463e6cb68f09a24402805807e656af16b116a75e02c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\hu\messages.json

Filesize
1KB

MD5
8930a51e3ace3dd897c9e61a2aea1d02

SHA1
4108506500c68c054ba03310c49fa5b8ee246ea4

SHA256
958c0f664fca20855fa84293566b2ddb7f297185619143457d6479e6ac81d240

SHA512
126b80cd3428c0bc459eeaafcbe4b9fde2541a57f19f3ec7346baf449f36dc073a9cf015594a57203255941551b25f6faa6d2c73c57c44725f563883ff902606

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\id\messages.json

Filesize
858B

MD5
34d6ee258af9429465ae6a078c2fb1f5

SHA1
612cae151984449a4346a66c0a0df4235d64d932

SHA256
e3c86ddd2efebe88eed8484765a9868202546149753e03a61eb7c28fd62cfca1

SHA512
20427807b64a0f79a6349f8a923152d9647da95c05de19ad3a4bf7db817e25227f3b99307c8745dd323a6591b515221bd2f1e92b6f1a1783bdfa7142e84601b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\it\messages.json

Filesize
899B

MD5
0d82b734ef045d5fe7aa680b6a12e711

SHA1
bd04f181e4ee09f02cd53161dcabcef902423092

SHA256
f41862665b13c0b4c4f562ef1743684cce29d4bcf7fe3ea494208df253e33885

SHA512
01f305a280112482884485085494e871c66d40c0b03de710b4e5f49c6a478d541c2c1fda2ceaf4307900485946dee9d905851e98a2eb237642c80d464d1b3ada

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\ja\messages.json

Filesize
1KB

MD5
15ec1963fc113d4ad6e7e59ae5de7c0a

SHA1
4017fc6d8b302335469091b91d063b07c9e12109

SHA256
34ac08f3c4f2d42962a3395508818b48ca323d22f498738cc9f09e78cb197d73

SHA512
427251f471fa3b759ca1555e9600c10f755bc023701d058ff661bec605b6ab94cfb3456c1fea68d12b4d815ffbafabceb6c12311dd1199fc783ed6863af97c0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\kn\messages.json

Filesize
1KB

MD5
38be0974108fc1cc30f13d8230ee5c40

SHA1
acf44889dd07db97d26d534ad5afa1bc1a827bad

SHA256
30078ef35a76e02a400f03b3698708a0145d9b57241cc4009e010696895cf3a1

SHA512
7bdb2bade4680801fc3b33e82c8aa4fac648f45c795b4bace4669d6e907a578ff181c093464884c0e00c9762e8db75586a253d55cd10a7777d281b4bffafe302

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\ko\messages.json

Filesize
1KB

MD5
f3e59eeeb007144ea26306c20e04c292

SHA1
83e7bdfa1f18f4c7534208493c3ff6b1f2f57d90

SHA256
c52d9b955d229373725a6e713334bbb31ea72efa9b5cf4fbd76a566417b12cac

SHA512
7808cb5ff041b002cbd78171ec5a0b4dba3e017e21f7e8039084c2790f395b839bee04ad6c942eed47ccb53e90f6de818a725d1450bf81ba2990154afd3763af

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\lt\messages.json

Filesize
1KB

MD5
970544ab4622701ffdf66dc556847652

SHA1
14bee2b77ee74c5e38ebd1db09e8d8104cf75317

SHA256
5dfcbd4dfeaec3abe973a78277d3bd02cd77ae635d5c8cd1f816446c61808f59

SHA512
cc12d00c10b970189e90d47390eeb142359a8d6f3a9174c2ef3ae0118f09c88ab9b689d9773028834839a7dfaf3aac6747bc1dcb23794a9f067281e20b8dc6ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\lv\messages.json

Filesize
994B

MD5
a568a58817375590007d1b8abcaebf82

SHA1
b0f51fe6927bb4975fc6eda7d8a631bf0c1ab597

SHA256
0621de9161748f45d53052ed8a430962139d7f19074c7ffe7223ecb06b0b87db

SHA512
fcfbadec9f73975301ab404db6b09d31457fac7ccad2fa5be348e1cad6800f87cb5b56de50880c55bbadb3c40423351a6b5c2d03f6a327d898e35f517b1c628c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\ml\messages.json

Filesize
2KB

MD5
4717efe4651f94eff6acb6653e868d1a

SHA1
b8a7703152767fbe1819808876d09d9cc1c44450

SHA256
22ca9415e294d9c3ec3384b9d08cdaf5164af73b4e4c251559e09e529c843ea6

SHA512
487eab4938f6bc47b1d77dd47a5e2a389b94e01d29849e38e96c95cabc7bd98679451f0e22d3fea25c045558cd69fddb6c4fef7c581141f1c53c4aa17578d7f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\mr\messages.json

Filesize
1KB

MD5
3b98c4ed8874a160c3789fead5553cfa

SHA1
5550d0ec548335293d962aaa96b6443dd8abb9f6

SHA256
adeb082a9c754dfd5a9d47340a3ddcc19bf9c7efa6e629a2f1796305f1c9a66f

SHA512
5139b6c6df9459c7b5cdc08a98348891499408cd75b46519ba3ac29e99aaafcc5911a1dee6c3a57e3413dbd0fae72d7cbc676027248dce6364377982b5ce4151

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\ms\messages.json

Filesize
936B

MD5
7d273824b1e22426c033ff5d8d7162b7

SHA1
eadbe9dbe5519bd60458b3551bdfc36a10049dd1

SHA256
2824cf97513dc3ecc261f378bfd595ae95a5997e9d1c63f5731a58b1f8cd54f9

SHA512
e5b611bbfab24c9924d1d5e1774925433c65c322769e1f3b116254b1e9c69b6df1be7828141eebbf7524dd179875d40c1d8f29c4fb86d663b8a365c6c60421a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\nl\messages.json

Filesize
914B

MD5
32df72f14be59a9bc9777113a8b21de6

SHA1
2a8d9b9a998453144307dd0b700a76e783062ad0

SHA256
f3fe1ffcb182183b76e1b46c4463168c746a38e461fd25ca91ff2a40846f1d61

SHA512
e0966f5cca5a8a6d91c58d716e662e892d1c3441daa5d632e5e843839bb989f620d8ac33ed3edbafe18d7306b40cd0c4639e5a4e04da2c598331dacec2112aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\no\messages.json

Filesize
878B

MD5
a1744b0f53ccf889955b95108367f9c8

SHA1
6a5a6771dff13dcb4fd425ed839ba100b7123de0

SHA256
21ceff02b45a4bfd60d144879dfa9f427949a027dd49a3eb0e9e345bd0b7c9a8

SHA512
f55e43f14514eecb89f6727a0d3c234149609020a516b193542b5964d2536d192f40cc12d377e70c683c269a1bdcde1c6a0e634aa84a164775cffe776536a961

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\pl\messages.json

Filesize
978B

MD5
b8d55e4e3b9619784aeca61ba15c9c0f

SHA1
b4a9c9885fbeb78635957296fddd12579fefa033

SHA256
e00ff20437599a5c184ca0c79546cb6500171a95e5f24b9b5535e89a89d3ec3d

SHA512
266589116eee223056391c65808255edae10eb6dc5c26655d96f8178a41e283b06360ab8e08ac3857d172023c4f616ef073d0bea770a3b3dd3ee74f5ffb2296b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\pt_BR\messages.json

Filesize
907B

MD5
608551f7026e6ba8c0cf85d9ac11f8e3

SHA1
87b017b2d4da17e322af6384f82b57b807628617

SHA256
a73eea087164620fa2260d3910d3fbe302ed85f454edb1493a4f287d42fc882f

SHA512
82f52f8591db3c0469cc16d7cbfdbf9116f6d5b5d2ad02a3d8fa39ce1378c64c0ea80ab8509519027f71a89eb8bbf38a8702d9ad26c8e6e0f499bf7da18bf747

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\pt_PT\messages.json

Filesize
914B

MD5
0963f2f3641a62a78b02825f6fa3941c

SHA1
7e6972beab3d18e49857079a24fb9336bc4d2d48

SHA256
e93b8e7fb86d2f7dfae57416bb1fb6ee0eea25629b972a5922940f0023c85f90

SHA512
22dd42d967124da5a2209dd05fb6ad3f5d0d2687ea956a22ba1e31c56ec09deb53f0711cd5b24d672405358502e9d1c502659bb36ced66caf83923b021ca0286

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\ro\messages.json

Filesize
937B

MD5
bed8332ab788098d276b448ec2b33351

SHA1
6084124a2b32f386967da980cbe79dd86742859e

SHA256
085787999d78fadff9600c9dc5e3ff4fb4eb9be06d6bb19df2eef8c284be7b20

SHA512
22596584d10707cc1c8179ed3abe46ef2c314cf9c3d0685921475944b8855aab660590f8fa1cfdce7976b4bb3bd9abbbf053f61f1249a325fd0094e1c95692ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\ru\messages.json

Filesize
1KB

MD5
51d34fe303d0c90ee409a2397fca437d

SHA1
b4b9a7b19c62d0aa95d1f10640a5fba628ccca12

SHA256
be733625acd03158103d62bc0eef272ca3f265ac30c87a6a03467481a177dae3

SHA512
e8670ded44dc6ee30e5f41c8b2040cf8a463cd9a60fc31fa70eb1d4c9ac1a3558369792b5b86fa761a21f5266d5a35e5c2c39297f367daa84159585c19ec492a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\sk\messages.json

Filesize
934B

MD5
8e55817bf7a87052f11fe554a61c52d5

SHA1
9abdc0725fe27967f6f6be0df5d6c46e2957f455

SHA256
903060ec9e76040b46deb47bbb041d0b28a6816cb9b892d7342fc7dc6782f87c

SHA512
eff9ec7e72b272dde5f29123653bc056a4bc2c3c662ae3c448f8cb6a4d1865a0679b7e74c1b3189f3e262109ed6bc8f8d2bde14aefc8e87e0f785ae4837d01c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\sl\messages.json

Filesize
963B

MD5
bfaefeff32813df91c56b71b79ec2af4

SHA1
f8eda2b632610972b581724d6b2f9782ac37377b

SHA256
aab9cf9098294a46dc0f2fa468afff7ca7c323a1a0efa70c9db1e3a4da05d1d4

SHA512
971f2bbf5e9c84de3d31e5f2a4d1a00d891a2504f8af6d3f75fc19056bfd059a270c4c9836af35258aba586a1888133fb22b484f260c1cbc2d1d17bc3b4451aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\sr\messages.json

Filesize
1KB

MD5
7f5f8933d2d078618496c67526a2b066

SHA1
b7050e3efa4d39548577cf47cb119fa0e246b7a4

SHA256
4e8b69e864f57cddd4dc4e4faf2c28d496874d06016bc22e8d39e0cb69552769

SHA512
0fbab56629368eef87deef2977ca51831beb7deae98e02504e564218425c751853c4fdeaa40f51ecfe75c633128b56ae105a6eb308fd5b4a2e983013197f5dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\sv\messages.json

Filesize
884B

MD5
90d8fb448ce9c0b9ba3d07fb8de6d7ee

SHA1
d8688cac0245fd7b886d0deb51394f5df8ae7e84

SHA256
64b1e422b346ab77c5d1c77142685b3ff7661d498767d104b0c24cb36d0eb859

SHA512
6d58f49ee3ef0d3186ea036b868b2203fe936ce30dc8e246c32e90b58d9b18c624825419346b62af8f7d61767dbe9721957280aa3c524d3a5dfb1a3a76c00742

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\sw\messages.json

Filesize
980B

MD5
d0579209686889e079d87c23817eddd5

SHA1
c4f99e66a5891973315d7f2bc9c1daa524cb30dc

SHA256
0d20680b74af10ef8c754fcde259124a438dce3848305b0caf994d98e787d263

SHA512
d59911f91ed6c8ff78fd158389b4d326daf4c031b940c399569fe210f6985e23897e7f404b7014fc7b0acec086c01cc5f76354f7e5d3a1e0dedef788c23c2978

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\ta\messages.json

Filesize
1KB

MD5
dcc0d1725aeaeaaf1690ef8053529601

SHA1
bb9d31859469760ac93e84b70b57909dcc02ea65

SHA256
6282bf9df12ad453858b0b531c8999d5fd6251eb855234546a1b30858462231a

SHA512
6243982d764026d342b3c47c706d822bb2b0caffa51f0591d8c878f981eef2a7fc68b76d012630b1c1eb394af90eb782e2b49329eb6538dd5608a7f0791fdcf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\te\messages.json

Filesize
1KB

MD5
385e65ef723f1c4018eee6e4e56bc03f

SHA1
0cea195638a403fd99baef88a360bd746c21df42

SHA256
026c164bae27dbb36a564888a796aa3f188aad9e0c37176d48910395cf772cea

SHA512
e55167cb5638e04df3543d57c8027b86b9483bfcafa8e7c148eded66454aebf554b4c1cf3c33e93ec63d73e43800d6a6e7b9b1a1b0798b6bdb2f699d3989b052

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\th\messages.json

Filesize
1KB

MD5
64077e3d186e585a8bea86ff415aa19d

SHA1
73a861ac810dabb4ce63ad052e6e1834f8ca0e65

SHA256
d147631b2334a25b8aa4519e4a30fb3a1a85b6a0396bc688c68dc124ec387d58

SHA512
56dd389eb9dd335a6214e206b3bf5d63562584394d1de1928b67d369e548477004146e6cb2ad19d291cb06564676e2b2ac078162356f6bc9278b04d29825ef0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\tr\messages.json

Filesize
1KB

MD5
76b59aaacc7b469792694cf3855d3f4c

SHA1
7c04a2c1c808fa57057a4cceee66855251a3c231

SHA256
b9066a162bee00fd50dc48c71b32b69dffa362a01f84b45698b017a624f46824

SHA512
2e507ca6874de8028dc769f3d9dfd9e5494c268432ba41b51568d56f7426f8a5f2e5b111ddd04259eb8d9a036bb4e3333863a8fc65aab793bcef39edfe41403b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\uk\messages.json

Filesize
1KB

MD5
970963c25c2cef16bb6f60952e103105

SHA1
bbddacfeee60e22fb1c130e1ee8efda75ea600aa

SHA256
9fa26ff09f6acde2457ed366c0c4124b6cac1435d0c4fd8a870a0c090417da19

SHA512
1bed9fe4d4adeed3d0bc8258d9f2fd72c6a177c713c3b03fc6f5452b6d6c2cb2236c54ea972ece7dbfd756733805eb2352cae44bab93aa8ea73bb80460349504

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\ur\messages.json

Filesize
1KB

MD5
8b4df6a9281333341c939c244ddb7648

SHA1
382c80cad29bcf8aaf52d9a24ca5a6ecf1941c6b

SHA256
5da836224d0f3a96f1c5eb5063061aad837ca9fc6fed15d19c66da25cf56f8ac

SHA512
fa1c015d4ea349f73468c78fdb798d462eef0f73c1a762298798e19f825e968383b0a133e0a2ce3b3df95f24c71992235bfc872c69dc98166b44d3183bf8a9e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\vi\messages.json

Filesize
1KB

MD5
773a3b9e708d052d6cbaa6d55c8a5438

SHA1
5617235844595d5c73961a2c0a4ac66d8ea5f90f

SHA256
597c5f32bc999746bc5c2ed1e5115c523b7eb1d33f81b042203e1c1df4bbcafe

SHA512
e5f906729e38b23f64d7f146fa48f3abf6baed9aafc0e5f6fa59f369dc47829dbb4bfa94448580bd61a34e844241f590b8d7aec7091861105d8ebb2590a3bee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\zh_CN\messages.json

Filesize
879B

MD5
3e76788e17e62fb49fb5ed5f4e7a3dce

SHA1
6904ffa0d13d45496f126e58c886c35366efcc11

SHA256
e72d0bb08cc3005556e95a498bd737e7783bb0e56dcc202e7d27a536616f5ee0

SHA512
f431e570ab5973c54275c9eef05e49e6fe2d6c17000f98d672dd31f9a1fad98e0d50b5b0b9cf85d5bbd3b655b93fd69768c194c8c1688cb962aa75ff1af9bdb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir12612_264630609\CRX_INSTALL\_locales\zh_TW\messages.json

Filesize
843B

MD5
0e60627acfd18f44d4df469d8dce6d30

SHA1
2bfcb0c3ca6b50d69ad5745fa692baf0708db4b5

SHA256
f94c6ddedf067642a1af18d629778ec65e02b6097a8532b7e794502747aeb008

SHA512
6ff517eed4381a61075ac7c8e80c73fafae7c0583ba4fa7f4951dd7dbe183c253702dee44b3276efc566f295dac1592271be5e0ac0c7d2c9f6062054418c7c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2584_1352488848\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2584_1352488848\CRX_INSTALL\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2584_1352488848\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2584_1352488848\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2584_919149040\e011af24-58aa-43a6-b8dd-fee99dce22f9.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
d61c5b975498fbfa2be9d040e16b0022

SHA1
7305845103dd438b769fcdbb889485ae435620b1

SHA256
18b079cacbc7093a09462929df6b5bcb15c63ea6c7200e3e35bc8ed4bf77adef

SHA512
c5cd7e58eb1831391c6b3ed0b9064be223b7fd28f12a32e642e8a4c31a0a93baf84d470d246076e9bfa45759c6a1fe42f5d85979e265f03f5d0ae5f58448ff20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
25265b9080ae496517106ffe2e0d4024

SHA1
7fde14659b6a1f8d9a88f370e727eed10497d3fe

SHA256
fd0075f7c549bc58f4ca1996ae89a62fcbb794b217d627cb90e30a24fb3f387c

SHA512
93db4240549d8fd6eda90ad16dabc0763aef22c0f0e4f667833762c6c01ac140b6a2253c667f60bcaa0e624e172d26ed7935164467b9d98df247b405fe1f4629

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
deda3936a1b1a47a1633eee1c6cefbcf

SHA1
41212fab7077bf2830fda9c391e3262d65ac16fb

SHA256
e2fb278bdb56e716542befa14adec5afe81a077aba335d200e8242924b79a55f

SHA512
cc53fcd56a2c2e53fb3cab999e22b4ec95345cd8016003e9584aef5cb25e9cba50bbff6f70eb8c6cf12748d1d37d35ad136b915cdc248dd3a058137bb407cd8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\AlternateServices.bin

Filesize
6KB

MD5
da46e7925fd8ced2ebe4d1c89462ed09

SHA1
4fa0773711c4960b30f06ab04fcb9f1df1aca265

SHA256
153555c8c2613362d503f6f6fdb3b017fb27bb373b6879b7b86bb78565a7c7e4

SHA512
b46f2515417df4fe80d971499fa56dd4a5464e18d6caa262a23de0441c761257d4b09a51fcb7b921e644eeeecc49608d720e00bf7cc4ba9b410f8cfea52d5e6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\AlternateServices.bin

Filesize
26KB

MD5
7e3c7405c5442bc0761593216fd32dc8

SHA1
77ad0672ac33263f4b145d7e10662776a29bcb8e

SHA256
b84d2e99e26f44c79d4ddc136f8d48478ded545b15dd25b38d7feeee67841011

SHA512
50c18f327b796d4f1d06fa946f4ea9cb1897a9e8f95f55dd91362a0ffa65f893f9db88f64344dc42f6d221c7b1b6bb7a0fb619d6dd61cd371a64b1abe8378c29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
c0bd5865a28a2b2552b644e7714005f6

SHA1
139f61ea3ae4c69d0dc7953848102a36198d9610

SHA256
c66350cfa7bc06aec3c89c36c42c8c8bd8b6b48b4e96e6a98da966d0637207e6

SHA512
30e329100b3e2c6452d797529c92d03788d12d548e3e071b21f6ec6ca483fbcd9ef5ce66f4c72594e05675c175a48cdaf8232448e46280d7198ae90317f79a3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
47133c10825359d8de64fc16e1c8ade3

SHA1
4b4d988598f2bc0c5c215f92530e7fda6b5d0275

SHA256
7f84f870ef3becabc820a2e6606fee482c3957042ca36ea25b89a49b81b2ab8d

SHA512
6f829d2be3a6ce6e84729806341fa4c0312bf6caea62e892d276b9fbc584c27c059f70417ec592d9b99a1960c00375faffa561429a697e39f84140debb2ac9a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
edaa83647e84a0779e3fbcdb363419ee

SHA1
578dae5058a1807e4f12140a2b3cc5efaddfc88f

SHA256
e8b194fd643200af857150b4c9f734ed92ff20cd9608ef492c76f10d00d9ee3a

SHA512
2e52d9b2f1695032814e785ede1f12a1d5cd13a95e2b666868146ef441287faf14345ffd5dc5b896835877d106d78a048a81e79ab73e090392b0174858a12d41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
01e326e845933809b4bdd778840b179d

SHA1
7365de2cc31f47e0e75d6324f9dc6091dad8f187

SHA256
4f5983343e96d2f22de558e5685ccaefe7b500dfa460bfcbc27bf8c3815b525d

SHA512
c49d584f34c920a28924f0a9d3e09f23411ca9b24421a936794f6518a4d25f2b047c10941c05d92cf5760ad833432e9033d9a78cbc9594e21264939c17852f20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\events\events

Filesize
4KB

MD5
a4dbd1164c26362ae9ad5ebfc3d4962c

SHA1
cd94e768280da04d5c46c48b22c3cafef6a2e4a1

SHA256
b87a7eef5eb39040f6a09908b3773c5a9ef1696b3ba5b7f46d8949a12bcb0db6

SHA512
d402f67f4da40897e67d6c77e8f094478c9e9b9a9b20cf184406602071ddc6a169f35e1280857143cea54855750ddb7e78efdf13b046765e7db66be46ac7596d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\pending_pings\4d20b9fe-6d5c-478f-ae1e-f31249a60f60

Filesize
2KB

MD5
5fee0bb492452bbe59e9f59ebb1eadfd

SHA1
a7fb5036493aa81d3689b87a7d52929d62c97c5a

SHA256
28d129aaa4fe0edb3fa3385bf37ca231fff6cefed8ba706e6fd4bd7131ea8fc7

SHA512
ee8f2bca55ad6060b147daeef3a18c600f3ff773a8a8d092d5431ad210868d0fe85eb8d0a8b72501a08f4f225edcd8e31f6f416c5beaab8fb347cde69bf8084a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\pending_pings\5fd39e1e-ba81-4038-a267-157eeab71370

Filesize
16KB

MD5
2c26e8009cddd54d4836e54d0fc104d1

SHA1
6be42ca1df378291efde40bdeb85b44fc32129ee

SHA256
ae36536a1a1de78ceec6a7402bb5c41de78256c6be2b2538008ab743af9bb31c

SHA512
8739c0eacefc4e2e56c47beec69b604369ff40607d436c40bd1f7dc0bbffc05699d4ad8e77e135491ffdc0693d381c6777fc3938817ef821fd38c3b6e2fb5604

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\pending_pings\78739eef-ceaa-4ad7-b054-61620d25c83a

Filesize
235B

MD5
2bd60e272ea4fe5ef7b888c9da3c11bc

SHA1
f25c333fa11c8d84903a12e8933dfb3d850e9f2e

SHA256
30b1396f9c07035b86e0436315f514f1b872068e009b85094d5b8e6681ab1faf

SHA512
e11a73e2b6d31d778c6351b8abbd76ebbfc41ae6baa6f4e9b83b661d7a02bfcf7a2e54d014698a9651a9d17751f2cf8d7f822f17e17e3d69281180e0943dddce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\pending_pings\d6974970-4689-4c8b-be70-77bf98396f79

Filesize
235B

MD5
65e2186fcbfa811bfae6613d18436cd7

SHA1
fcff31aadb0083113dad4f7bf1117a0c5c6f3c10

SHA256
24e73b4e7c30e73346ab0834f6e0438418b18bb93350e2fff0abc068a8c37f4e

SHA512
e0ab0ddd45a9098731907a4b79567fc5e49216d0723deb08ffd83c4d94d1edd7afaa975d5aab43af19d3635fbc08d5b1fdc7334726228a54ecae04119f70f659

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\pending_pings\f2262174-f6f2-4c28-91cf-a06f44a01a62

Filesize
886B

MD5
9b1b49f7cc2f2cf3afd46c02232d5386

SHA1
ba10ba2e61d9659423571241f1e1b93f4c8ce460

SHA256
83340c2648cc3c1c06cb4cc16da5bda6b600e75dc7d33a9c9f6feee4ace6de31

SHA512
703f5a2fad927cdae2af509b891828c98b0f601c9a2903fba6d28a3256cd5f0ceb51146415e5f0f24842a4ccce1847a02eda58dda1201b36b0767f37a9774caa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\datareporting\glean\pending_pings\fee69f03-52a4-4a72-82b6-6d0e491c40a1

Filesize
883B

MD5
a0df37e12a7da1ddfbd4203d2d6368a2

SHA1
30e7a40721c10235f06e86db051c838d906ee1e3

SHA256
80bf116a38f434370e8891a30870a9b555069e48d97d58eb678abd4a5daee5a6

SHA512
1c007fbe74778234a58f56bd8db795336bbba156b9216926dfebb85664d22022ebc413fcd960bcd81d9d167450a50588f0dd1eb2fd59d6d51f179107dcf788eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\extensions.json

Filesize
16KB

MD5
c243b4ee501e7a38825441abc740de9e

SHA1
87abe4070dbcdad80e3829c669f454eeb276f689

SHA256
19db19fed29dcf63fdcc6cf7d92f4b36399b23bfe834bc40eab5221cfeda7223

SHA512
5abaa91663b056ef5836cfb66ac330c5fd14f0adc2b186e4be459710d647157d4f06b84cc60d63e5ef44affd8969295a73c897b8be56472170fbde86cf089f32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\prefs-1.js

Filesize
7KB

MD5
70c235a911fac3de0eb66ea3fad32d17

SHA1
9daf2e8457466c8dd04f0b2e354c4d0811b9cbdc

SHA256
f10e98d57124e3b4fa32641b6f28581fca5ce863a1656fae281318256a164060

SHA512
3d08fa5e32e52ebdf7f71e029335bf800238425d9106d05704f5c2b6e79da015a77892676fdb5407d8de1d5241f15f1900d7abeff09b6fdad6c4728ebf0e3839

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\prefs-1.js

Filesize
6KB

MD5
44243922d2734e045a796955f7edc7c0

SHA1
22027106611c3410fb68727fc9cb3420325e127a

SHA256
dd2696049c7d2759c17d92c933ca45051aab32604de98d4c3ea7cdd9c7ec7820

SHA512
bcf09539a04d2413b1a9c494978d26768636d8df7757a816820a65537d13e901d069d1e9d4fd974673a54352a253a1675d9d7e1c937c0545d55b94ec408803f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\prefs.js

Filesize
6KB

MD5
70451b12bd52dd57aa0896f0522cefdb

SHA1
57c98c3d67a6bfa6be0289f8a90a249c578dbc9a

SHA256
f6bb8455522c6a398e7b76d2beec27a884028b4fff583590edf8e4aa0e94b29b

SHA512
535a2537b053a01c07ab09455187f4eac327676263f9e140a9e9f75f14f23b6f5b4f46a5dbb4d5add0d0343134f3f342840aafbe9b80250ef34725205718782b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\prefs.js

Filesize
7KB

MD5
61ab60fd9a257b462e7b5dafcfdad684

SHA1
a0d944f6abdbb8fb22c17d0df9a9ca37d640d564

SHA256
30790eec421dc6fbe215709af59702656de2bd12a6a53af2c14a32072aba028e

SHA512
abec155a7258cb1ab56b6df4906ec01d66f4767bcf40c02c02717fa7219558dd6c5a277219e5db89ac4bafd830789f4d94e125a8b0f67406af655c654b953e7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
3fc2a55ea1fee10e727a218b1a650069

SHA1
4dcf8d56d4b8f3a91dff52215598d2cc0c481047

SHA256
0168e26b60dd476e8eb974747fd2ca3fcba1c03d147dd2a6368253c22e849ac0

SHA512
b819e9c22aa88d8d999d967578a5130c4803470fb56985944d63edb485e89e67d177e55d5c626059fa84839290ee9a06e4c271d87c3040aa167ec172a4c3570e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
9ed635cc13aefebbc471241d60b7461f

SHA1
4e4173ba53d102653fa446d994edc6072905bab1

SHA256
9c44e839f835907a99877baec39bf26284b63ae44374dad403af39394a1d3887

SHA512
c3f1c34dacc1bc720aa2410f2bee4392ff9f3228b83a8a6373dc46e9ae2dae8fdaa1edf8facb92b7316d5720d57dc740d42052421b254a5fde2357d6ea196a5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
1b9eba358a91cdd9aab4f430ddc4e543

SHA1
7194ced31454a5033b66f7bc6f467ee7cc3ab3d5

SHA256
e2cc0f4a6d9613187b03340ef4c8b959358ec31f84ff3de3d4f4fac511bc7e42

SHA512
ad262e094c0d02180370949b291a06b24fb8a2f47cdf6d900772dc6cdd1ec8bb8b8f8b3fdb370a348853fbd717de2df213e68d6020f58597199bb76c5a8b17b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
8a9b435c025cf157830e76da97df72eb

SHA1
bc321dd486de485f0cb422e3ee9a1aa0dd0d74bd

SHA256
028cadbee130ebba2cbfe89c4c90c42c77137a943b7f702d1cdd45607ca47cec

SHA512
af50c290c7c080f7e3b4849b724817034f36883a7b640fc15555fbeb8cca34eb074e522d62e1cd5c0bbabe61757647f85dba138a394d4311f77b3fd991899daf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
4b5f13d37cc4de293b220a9aa54cdca3

SHA1
6993f14ec37a98826f41c8307eb1756168be9bed

SHA256
8c1a65c6b38d11ae55038d839cde8ab4e4d9ec16c4cecad5ee46b282767e92e0

SHA512
31a4f666a233b249d5322e3559d68a961e306edfba0158cf9c4c23652bba90ce82141bc9096baefbe76e7c5a25b9c4c2428ddb518996f59447ef71569235d320

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
913b8ab31e1fd4fd0514f95edec3aecc

SHA1
b615f5fca68f6c4baf353156779a777c44705d2c

SHA256
7e5d90e639216ebc0fc8a608bb3e1478bb70342caceacf5579887d51020878f8

SHA512
c0cf2cd2f34643e368ea14147292e764d2cf2626d6a57b86c82bf38b82e37b1096912f1fb8fdb6ceab06eae1794bcf8b07640b370119e31d94e3a95abbc566fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\storage\default\https+++www.youtube.com\cache\morgue\45\{67fa3dd4-4eb9-4b48-a533-af82e3a7e22d}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\storage\default\https+++www.youtube.com\idb\4070839745yCt7-%iCt7-%r7e5sap4o.sqlite

Filesize
48KB

MD5
cd57860eabcb492ab40d91fe94565ead

SHA1
7de920eb02153e41de875948dad25b32d98ce039

SHA256
c579c037287a9a298d32765fc196f8f1dba8d9bf6260400ac90d4f1339e60787

SHA512
066369f6f9595e4e40afaaa801105f231c3e5efaf6e0c34a0f243bd55aa8edaba72434fd95b92319c63069c1b1b6ccbcad76472254812887cb82ca8ca9d297ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6xthhun8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.5MB

MD5
8daa2b80cb8473e3deaa782b4503eb8f

SHA1
643423bf3ca0866f568b1cc13b360aa0d8042c04

SHA256
fa5f2b5c42859c5d3bbfcdad97411af649908c25d9d7e26f658197dd0783f2c0

SHA512
09384679831b675cf96afcb1cd51147bde669cf51c5761935bd1a4f0671563669051b2375117a0b685f2e017e7ae440f0b996d01d659d980df621aedad04bf5d

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\74da0739-013a-4a03-80c1-f97aa914514b.tmp

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Local State

Filesize
389B

MD5
8f56581a8a11966edc0ca5aa0b31a610

SHA1
d4f85af5520bb6853477ae51dff6fd8a343e0613

SHA256
7becd4697df664c43783d0015741d3b1c7278ec2b2111b7f5f8940370aa757ab

SHA512
02858a9d60adc66f0b9cf88040e5100433f1490317fd2129481466df0eab67bbb520dd0d9c5489ceea570dfb30abd441dab6265ca032fa5a388003e54272e08e

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
524B

MD5
18427afa97ac791a4b73d13c1ddfa1a1

SHA1
989219338e6162c1efa49bfa148b205d1dffdd54

SHA256
1509ed9a675dde6ae43dbc962b5944d420080d7b5489c1a2a44d460af2193648

SHA512
297e30aa7b071f4b17bed50294d8e5f519614d8aef604ac63da72467db13fe307e00c97db8fce297e492b77bb08a4d7ae552e2cdd8782d682e6c834e633d40d5

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\fc390c54-8d91-4d0b-82ad-e24827185718.tmp

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
92B

MD5
f57ce28778ac0394d09f76a57d8f8169

SHA1
b0db202b771d3a49c28095a7328f1cc6fdb2091f

SHA256
7af86774209f7b8bca6950a926c2db764cf907e6d353ad374e2fc5ea5bc66284

SHA512
bfe78ae4876307bdb7e4a18414194462d6cf8a0255afd08601de0ec657e348917c0c0189c4fe94c8fde5f44c42c95dbf71e1bca3ba4710fe74f936acf112e52c

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-3194867796847006

Filesize
119B

MD5
30ba7e09a5ede8132d74afd99a2ee3b2

SHA1
dabb6eb552e30318a4eb20570ffad810405a8a8c

SHA256
5db5471b09c6a0d454b4511a53901dc411b36dcb83997ae89cadca8e8c9a5444

SHA512
fb47e9cde4ae4afb25fd79b7035d6336ae7c7fe1bf4f2bb0bf920267e21a806a68c9706cd89a6ac91e52c535cec2a582670b8d9e86d9990e4d5c95fa6c08ceaa

Download Submit
C:\Users\Admin\Desktop\Work - Chrome.lnk

Filesize
2KB

MD5
8d2ea24c0b3e8f8d4d282a59825958ab

SHA1
f155c24720a58daa2c28df91c0b12c0ab6f075bc

SHA256
8be6d309595ac39ebc3fbbbe05166c71a2f8ca2b0eb7b72d313df04f4cc49d30

SHA512
707b000d7997639102cf3b2a79c774290e5b8b3bf31eb47c0b9e904ad67ef7f610532206f7b4acf8d82dd6e204ccd35310c38c4f869c3ef86825116c282fe0cd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 108609.crdownload

Filesize
919KB

MD5
2887e43ad15505deb2d4e4e2c9498b95

SHA1
f3e160d2bdf82acb454d6f38b688e00b72c4d494

SHA256
7c2bc3fba73630ae6b2f4ce234e4aef619066c5e4df25408d5635dd749a610f4

SHA512
cfc254131c72ddba0c7c23395776689933dd7e82ebe39fc55b4db2dc70d730c699d200bafa299d67e71057ccf7e2bb9899890cfbf7b58a9576a71d2947e40915

Download Submit
C:\Windows\System32\storage.json

Filesize
51B

MD5
aa9ab927f7bc1bc84ada9519e58f9650

SHA1
a9515474d15f9cd43c4f1c30b2c7041d6c6b05c4

SHA256
3cb23b535845ddd6fd6160dbb5fb6b14096161d3e632e0dc424a788875c85094

SHA512
b5bb47ea20ec20587e29dd3b6f8f68e7f8ac567e087b1e432320c3264769ae5e03b16693f5c9d4ba38a0c67d2f2a071b3ee7d104e75cbfaa0aa9342515f0085c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\128.png

Filesize
4KB

MD5
d056cec3b05d6a863ddfa7ee4c1c9f0c

SHA1
dcd15b46dea9d234f13d7f04c739a2c516c973f1

SHA256
ff702ca753a7e3b75f9d9850cc9343e28e8d60f8005a2c955c8ac2105532b2c9

SHA512
751274949b04c7cdc5e8f5f20fd062bfe130f1415eee524d9d83bcf1a448fbfb4b82dff8bbf7495250a852779c3d11ac87e33275508a4064f9d52417f4ca230f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\af\messages.json

Filesize
772B

MD5
7bc8fed14870159b4770d2b43b95776b

SHA1
4393c3a14661f655849f4de93b40e28d72b39830

SHA256
aa12205b108750cf9fa0978461a6d8881e4e80da20a846d824da4069d9c91847

SHA512
7e943b672700edd55bfd2627f4f02eb62eee283e29f777f6660fbdbf04f900757272c5fb8a0c8744c197a53eadacd943598b131fa2d9594d39e20baa2a9b79f1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\am\messages.json

Filesize
1KB

MD5
83e0e58d0752ff7c3f888e6406413b84

SHA1
14a8981e4355301bb3073db6d7ffb337ef8482e3

SHA256
64e01bc292ba2ea1699576fcc445367047520ee895e290ccee20c24c9336d8ef

SHA512
fc772bd3d6ac64110562aaca7d320f49ffba4e1f9ac2e10456fcb75e172d086d3ce8996cfc64b33b2ecdf4f6b96e38905e671c1e6ba5205fede9af4a183812c4

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ar\messages.json

Filesize
2KB

MD5
c825621044e4d5c504404dae9752285c

SHA1
68c1e29daf042487cb76629abcdc03f16fccc92a

SHA256
47652115cbb912907f405992fcfc64f987642158f0cb35c9d6e0d4742d833802

SHA512
4aef3e7a747e290be8ba10e22e670c1c2dc653d4311020a4fd3060205fd88bb5d13d9edf388fc18919abe353c62d6841a4ef87e38064430299e52ca16c81941e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\az\messages.json

Filesize
1KB

MD5
c603747b8578c1324dd262565f643e06

SHA1
5cd18bb971af007d9a589377a662688daafe7519

SHA256
614470da3c5034ace649f1786beaaad2c94f4475bcc8858390b721f06fb7bf64

SHA512
59a5b29459e6a10628ab95ed620ab159dacde2d98dc2c3dc7949d0e5e253f2be7a21cb13f0ee8ae0e2f85191a520c9daf797fd93b27c39f53b1faa8aef1b706a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\be\messages.json

Filesize
3KB

MD5
68884dfda320b85f9fc5244c2dd00568

SHA1
fd9c01e03320560cbbb91dc3d1917c96d792a549

SHA256
ddf16859a15f3eb3334d6241975ca3988ac3eafc3d96452ac3a4afd3644c8550

SHA512
7ff0fbd555b1f9a9a4e36b745cbfcad47b33024664f0d99e8c080be541420d1955d35d04b5e973c07725573e592cd0dd84fdbb867c63482baff6929ada27ccde

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\bg\messages.json

Filesize
3KB

MD5
361b516edf253851044dae6bad6d9d6f

SHA1
d64c297cf1977cd8ad5c57d9b0a985a4de4fd54b

SHA256
22bc37b47ce8a832f39701641dc358357676e9be187a93a4c5d4b016e29238ae

SHA512
b2614c53e93e705a93b82db9fcf5259ca44b10b5e5237967a34f68607ab2380ea0c8e5df4ffd941d914617fa3538fd40c18df7d3c9808c5f652852f01e214c77

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\bn\messages.json

Filesize
2KB

MD5
b1101fac65ce2faa3702e70fd88957d2

SHA1
06ebd889fad9ee2d5d5083b10abf7b2a4d0e1724

SHA256
3e3ceaa214d8079b02c9c941635f5d45e621236d9c3f82e06ac604f0772670e8

SHA512
398d03bd3b51e2789d0573f5e4792c13193c36539e8fa35261bc3b9a991a155635e6d44a9999b42d3dfa264e3fc329e11dd65d6e1408c4076a49576e7e5ef4ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ca\messages.json

Filesize
843B

MD5
fbb841a2982166239d68907361f41f61

SHA1
4a8d76a6fe1bb111fdbdfd42d1af0019a97fc540

SHA256
de6d7b7c2427ec4e738407d7834b71941f69166b030355e00f325ff1391df5a1

SHA512
8db540b4c9e250d3781797238b1d16ad820c568edc563bfb912872ab99950def7e89ee432c696ba9876e3d7b24a4e4c26fa5b0fa9e76a54e11ae63996e02a561

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\cs\messages.json

Filesize
953B

MD5
48663a88dcf0ef6c9fade9bee4935b91

SHA1
af7cad1498bb4b0f05c1468abe3563d0182a97b4

SHA256
5a701d67910ba6c7ccedc26e02fa707cc86a1be57cd7d36290a3d268732a42c7

SHA512
3c3e5b9e56535efe1e20d6024b6fa46d3ea969c971d5ec8f5af1c933c1feb75d25e7f26c9e2bb8d200bca70ea1f1bd7e93e4e1c09dbc447340cdbeefa91cc33f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\cy\messages.json

Filesize
806B

MD5
a86407c6f20818972b80b9384acfbbed

SHA1
d1531cd0701371e95d2a6bb5edcb79b949d65e7c

SHA256
a482663292a913b02a9cde4635c7c92270bf3c8726fd274475dc2c490019a7c9

SHA512
d9fbf675514a890e9656f83572208830c6d977e34d5744c298a012515bc7eb5a17726add0d9078501393babd65387c4f4d3ac0cc0f7c60c72e09f336dca88de7

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\da\messages.json

Filesize
764B

MD5
0e451c9c8453577e513aabf630c275f2

SHA1
5912cc58aa82bc75691540c8aeaca7c68641539e

SHA256
94cddb998c2c5ab40b6f074c359a60e6eebaaa2d52a9649c22f4ea4c1b9936f2

SHA512
a89dcc1ec8c79e7cf702692e20ebc952907b2fb1d76a3beef60d7415baee24e055e2988b55e12ce00bc112c115ddd9d46d63bf0a1c511fffb041da7054391f80

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\de\messages.json

Filesize
927B

MD5
5daf77ae7d2b7dbef44c5cf7e19805ee

SHA1
48c06099aee249dd05b268749836e3021e27cfb5

SHA256
22e2828bfdbb9c340e7806894ae0442bd6c8934f85fbb964295edad79fd27528

SHA512
b9fe759ba6a447ebf560e3ac6c79359e0ad25afca1c97da90f729dcd7af131f43c1f4bfcb2cd4fe379fff2108322cf0849a32995b50188b52258bfff9e5ca34d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\el\messages.json

Filesize
3KB

MD5
32886978ef4b5231f921eb54e683eb10

SHA1
9e2626e158cbd26a2a24a50e4e8cfd98a49984e9

SHA256
728d8cbd71263680a4e41399db65b3f2b8175d50ca630afd30643ced9ffe831f

SHA512
416832f007470bf4d9d915410b62bd8159029d5ddabed23d2bbc297e4bbae46f4346feb68c54163428a6932c537967ae9ef430b9fac111f15cfb001a480799b3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\en_GB\messages.json

Filesize
708B

MD5
c4e77421f3361277f7e3aa3472b5eb10

SHA1
f8ddd7cd0cce742e68443d173196471e8a23bd83

SHA256
c7255e9b784c4b8df7df7b78f33a5737a9ab7382f73465351597b1da9b3d5fe7

SHA512
6c11cccbfa6e841d90fa5b41f46de5489359335dd59ccb06d5148e7d2ce3af1422b93eb574360be4695e69d851befed8a2588dd411a7b0a553cb621238d474d4

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\es\messages.json

Filesize
878B

MD5
59cb3a9999dfbd19c3e3098f3b067634

SHA1
bcfdf1c9c7f5d0ce35d7918060ce704a99803bf4

SHA256
02168993a23e074e0800cbb338fe279f99ef420e326bf92916ffed83c1f06533

SHA512
9968acb9821bfff6f427aabfcde3023f5a6f588bbfc0efd2275f201930ec5e16d64ff228c76f77958d36091a3dbd510e95385f0cb99a3e4dde693f34e9e3ebf5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\es_419\messages.json

Filesize
880B

MD5
94bc2d5609f6d670e181e1ff0d041869

SHA1
58d2c17878e7b6e73daa544b8ca7774e5d902a17

SHA256
e848603b7a73a88e3fe7bffa20e83397f5d1e93e77babb31473cc99e654a27b7

SHA512
04bf79f675888c79b270c82e3a0e7a07e24205e2159e2d98eb4585aee5c0d14c6be3a3d169d4ea702a74a76f9e622e70a181dcd9ae0cb9f2472550fb33e9565e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\et\messages.json

Filesize
914B

MD5
b18007bfc2b55d2f5839a8912110b98d

SHA1
842ecac418424b2fff4db81e4385d59e098b65de

SHA256
7ccc7b17bfe01c3c7dd33eff8f80d0b57fc9b175815e766c9c1c1e893725e20f

SHA512
166937891553597d585d17fda2e7ff2bffbd3731841ea6cdcb7add528a55aa7c257fc191d029dd1f57afd4349194c0cc7413c3752641e8217d465674b62b8ae0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\eu\messages.json

Filesize
838B

MD5
29a1da4acb4c9d04f080bb101e204e93

SHA1
2d0e4587ddd4bac1c90e79a88af3bd2c140b53b1

SHA256
a41670d52423ba69c7a65e7e153e7b9994e8dd0370c584bda0714bd61c49c578

SHA512
b7b7a5a0aa8f6724b0fa15d65f25286d9c66873f03080cbaba037bdeea6aadc678ac4f083bc52c2db01beb1b41a755ed67bbddb9c0fe4e35a004537a3f7fc458

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\fa\messages.json

Filesize
2KB

MD5
e578e08ee604158d674982ba060396fd

SHA1
fd601092203317fe9f576fbfd675e274001efa80

SHA256
e758273c25fbad804fe884584e2797caefbbd1c2877dfd6f87ab1340cd25252e

SHA512
131c75cdbc4a40068cf97d7becad08f49e77a9bda3fb1cc50501b0007273ee5c6eae2f84047d97f72b6fd9f28f65ae544eb807057a54a6e009b9bd8fb8ca4df1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\fi\messages.json

Filesize
840B

MD5
1d4778e02337674d7d0664b5e7dfcbbe

SHA1
fe1763ac0a903a47446a5896a2d12cce5d343522

SHA256
a822b0e66d04644d1cfbd2517736728438743162c3213f15d986e2db85bd0213

SHA512
771c7ba7f93a6e9db94593897d495e190e58a9b9c490523cc410059e72538005e2de96864dbbed8bd1f01eaa4d1cd022443dddbf759a606e2903c9ddecac43fe

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\fil\messages.json

Filesize
799B

MD5
f954b2e970dc96e5889499db7392fd59

SHA1
39f56f0ebfe92c96e8bf91f82cc4fddbed1e0aaf

SHA256
41ce6a7b18364efecced0419b42165d4f86c43643bbe1043014d4142cf86186a

SHA512
23610477834ff51e93fe9467df997f9aeee63ce3a8a51464b87b1828dce25d50e0bf2f28df139ec59e6c6425b81613258de211735ab2e470dc63c9cb5a1860e0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\fr\messages.json

Filesize
902B

MD5
85718fe4820c674c5305d33dfb5cbddc

SHA1
d4170743349f3e037718fde17bc63a369c2e218a

SHA256
6713b69b6c9e80b03e0a9d4a7d158197b0c7ec8a853c64c0af0b1a05ce54d74c

SHA512
678e934f8d4a1bf0b98844b796eaa2471a78911d4020bf755871650dd0adad6bf7b475d9e5bf68b6a911ed330308a08698706d9460df003648b612d97848e652

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\fr_CA\messages.json

Filesize
901B

MD5
681422e3fcf8711af8eefbb75a607c8e

SHA1
3d3576a989c8010a397888429476f2800052e79a

SHA256
af889c1deb6f9248961c2f8ba4307a8206d7163616a5b7455d17cead00068317

SHA512
2546c274749a75c09e8255b6fa53a080a14bb141c748a55ebd530b6f2ac8adca3111320511628d4eec2b39a8710578ff16929b06ffb1f9c2093d3f1ee4c6f601

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\gl\messages.json

Filesize
927B

MD5
cc31777e68b20f10a394162ee3cee03a

SHA1
969f7a9caf86ebaa82484fbf0837010ad3fd34d7

SHA256
9890710df0fbf1db41bce41fe2f62424a3bd39d755d29e829744ed3da0c2ce1d

SHA512
8215a6e50c6acf8045d97c0d4d422c0caacb7f09d136e73e34dba48903bb4c85a25d6875b56e192993f48a428d3a85ba041e0e61e4277b7d3a70f38d01f68aab

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\gu\messages.json

Filesize
2KB

MD5
86de754c2d6b550048c9d914e55b5ff0

SHA1
5b6654101b3596742be06b18ef2a5d81da569ee5

SHA256
cc3e9077fcc9bd0dfc5dd3924c6c48b8345f32cee24fccc508c279f45b2abe61

SHA512
3a8d326b91141b18cb569a93bcd295075e94a0488f2ffe5afb80a4cb36e4523e28c87d91a64ed255445470ad6c8a34948fe091e709e8097dcdd06eba1cc52887

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\hi\messages.json

Filesize
2KB

MD5
4a9c9f947b479e5d89c38752af3c70ea

SHA1
799c5c0ba3e11ad535fa465ab87007c36b466c6a

SHA256
14895bf43ce9b76c0ff4f9aef93dbe8bb6ca496894870cf0c007b189e0cef00e

SHA512
293d9fd5b207c14d1ffc7945f80d3c2dc2d5450bdf1e7b7962767b8d330c9255da16dfa677234198569f4ddfd00bce82d70086df974afe512769597039e21cf9

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\hr\messages.json

Filesize
863B

MD5
eb6c5133c1fe7f9e8e4449a917d185d9

SHA1
9be42ac75487a77dfbbf01ea2098886e69956356

SHA256
985976b776e729835e047c81d3d731a6c488a6459aa8918dbc8ec808c0bf73a1

SHA512
1aba115b30c99e786845c137ecb8beec4b5162c59d10724dcc083ff6b91a47af45ca850fc0b3072d44be189b31abb67423c88369171b0c411ccf7ae884fd831e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\hu\messages.json

Filesize
1KB

MD5
fb8d08676aa88683f27a2759c5837529

SHA1
80badd0de6a8d87a8e14232f71fbcbe231eee443

SHA256
cf26310b073b0891996ecd761c6cb53f00193dee524213a9fb34225d636ec4b7

SHA512
5c4307b653cd841af14a4b57f225938be54d718c979fa4008513461fa6f8409bc82e050f0b32e587f8e52d5580aa7c6d667aa94b30a588cb87de585b015fe176

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\hy\messages.json

Filesize
2KB

MD5
55de859ad778e0aa9d950ef505b29da9

SHA1
4479be637a50c9ee8a2f7690ad362a6a8ffc59b2

SHA256
0b16e3f8bd904a767284345ae86a0a9927c47afe89e05ea2b13ad80009bdf9e4

SHA512
edab2fcc14cabb6d116e9c2907b42cfbc34f1d9035f43e454f1f4d1f3774c100cbadf6b4c81b025810ed90fa91c22f1aefe83056e4543d92527e4fe81c7889a8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\id\messages.json

Filesize
718B

MD5
3fefe403f5f537d9a2d28ab36b2c1a94

SHA1
dd674520092f333aff63138f660987fbd8fa51e0

SHA256
35872a3343d4b4768fe4702a8dc18b749933e81210db13466ad172bd2880f6eb

SHA512
45182775ac13b1f9406bc9595e822f24a9d8b854254e0d71514e1d99625b12b9cd8bc3226f04b1dfc79248f786f925b9b88a70e0d57bdf9a8dc48d79175ec60d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\is\messages.json

Filesize
954B

MD5
caeb37f451b5b5e9f5eb2e7e7f46e2d7

SHA1
f917f9eae268a385a10db3e19e3cc3aced56d02e

SHA256
943e61988c859bb088f548889f0449885525dd660626a89ba67b2c94cfbfbb1b

SHA512
a55dec2404e1d7fa5a05475284cbecc2a6208730f09a227d75fdd4ac82ce50f3751c89dc687c14b91950f9aa85503bd6bf705113f2f1d478e728df64d476a9ee

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\it\messages.json

Filesize
756B

MD5
88a9acd41521d1d00b870e2da3044a88

SHA1
36716937ce047463dbfa5cf1f5ef4277fe354d9e

SHA256
3377a873db531113d79919e7a89369a79a602bac6ae09b9864b9378dc285f345

SHA512
a56ffa200c5f8b312d8ed77ea40df931b86074adf1577941726d184497531d1c89d77382983f01797604e6a5c34029fa88f3aae0d52c368e2046c0c6f21cd956

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\iw\messages.json

Filesize
2KB

MD5
26b1533c0852ee4661ec1a27bd87d6bf

SHA1
18234e3abaf702df9330552780c2f33b83a1188a

SHA256
bbb81c32f482ba3216c9b1189c70cef39ca8c2181af3538ffa07b4c6ad52f06a

SHA512
450bfaf0e8159a4fae309737ea69ca8dd91caafd27ef662087c4e7716b2dcad3172555898e75814d6f11487f4f254de8625ef0cfea8df0133fc49e18ec7fd5d2

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ja\messages.json

Filesize
1KB

MD5
113a674f2e4c66cc4d2a9c66ed77adea

SHA1
f5d38b743efa022d6f886bacd3afa850557e2762

SHA256
c1094a1d8457e782f229910b70fc7aece356aa779a423e869104946814660d35

SHA512
e7cd847d87dfea3228a1899aab7f27f59d7ba2919e81520501a9236c55fcdea418f1d29c3c9eb36e34cdfba3278e3bbd149ddf324c94295e029031fcd5a75677

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ka\messages.json

Filesize
3KB

MD5
83f81d30913dc4344573d7a58bd20d85

SHA1
5ad0e91ea18045232a8f9df1627007fe506a70e0

SHA256
30898bbf51bdd58db397ff780f061e33431a38ef5cfc288b5177ecf76b399f26

SHA512
85f97f12ad4482b5d9a6166bb2ae3c4458a582cf575190c71c1d8e0fb87c58482f8c0efead56e3a70edd42bed945816db5e07732ad27b8ffc93f4093710dd58f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\kk\messages.json

Filesize
3KB

MD5
2d94a58795f7b1e6e43c9656a147ad3c

SHA1
e377db505c6924b6bfc9d73dc7c02610062f674e

SHA256
548dc6c96e31a16ce355dc55c64833b08ef3fba8bf33149031b4a685959e3af4

SHA512
f51cc857e4cf2d4545c76a2dce7d837381ce59016e250319bf8d39718be79f9f6ee74ea5a56de0e8759e4e586d93430d51651fc902376d8a5698628e54a0f2d8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\km\messages.json

Filesize
3KB

MD5
b3699c20a94776a5c2f90aef6eb0dad9

SHA1
1f9b968b0679a20fa097624c9abfa2b96c8c0bea

SHA256
a6118f0a0de329e07c01f53cd6fb4fed43e54c5f53db4cd1c7f5b2b4d9fb10e6

SHA512
1e8d15b8bff1d289434a244172f9ed42b4bb6bcb6372c1f300b01acea5a88167e97fedaba0a7ae3beb5e24763d1b09046ae8e30745b80e2e2fe785c94df362f6

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\kn\messages.json

Filesize
3KB

MD5
f55ce2e64a06806b43816ab17d8ee623

SHA1
27affcf13c15913761d0811b7ae1143e39f9eea4

SHA256
5fa00c465c1c5eed4bea860ceb78da9419ea115347ba543ddb0076e5c188feed

SHA512
a0e7d0f7beeca175c67a783adf5ff614c8e3b731311f82bc24eb0f0798938d79f15a5cfa012b3cf06d7a138d88e6f78eb3d3d57a3edebb60116de2dc706e2b0f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ko\messages.json

Filesize
1KB

MD5
e71a91fe65dd32cac3925ce639441675

SHA1
91c981f572497a540c0c2c1d5fb28156d7e49416

SHA256
57f81a5fcbd1fefd6ec3cdd525a85b707b4eead532c1b3092daafd88ee9268ec

SHA512
2b89c97470bae1d55a40f7f1224930480d33c58968f67345ca26e188ff08cf8b2f1e5c5b38ecfdbf7ebfd9970be0327cbfc391cf5e95e7c311868a8a9689dfb6

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\lo\messages.json

Filesize
2KB

MD5
e20d6c27840b406555e2f5091b118fc5

SHA1
0dcecc1a58ceb4936e255a64a2830956bfa6ec14

SHA256
89082fb05229826bc222f5d22c158235f025f0e6df67ff135a18bd899e13bb8f

SHA512
ad53fc0b153005f47f9f4344df6c4804049fac94932d895fd02eebe75222cfe77eedd9cd3fdc4c88376d18c5972055b00190507aa896488499d64e884f84f093

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\lt\messages.json

Filesize
1002B

MD5
8047409dcc27bfcc97b3abce6dab20ef

SHA1
d85f7a7a3d16c441560d95ce094428973cbad725

SHA256
b42ebfe071ef0ec4b4b6553abf3a2c36b19792c238080a6fbc19d804d1acb61c

SHA512
4dffe23b4168a0825dc14ed781c3c0910702e8c2b496a8b86ca72fdbba242f34fe430d6b2a219c4a189907e92b1a7b02ce2b4b9a54088222f5af49878e385aa4

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\lv\messages.json

Filesize
959B

MD5
20fa89ba92628f56d36ae5bd0909cb15

SHA1
52d19152e2d5848ebaf0103d164de028efecdbb7

SHA256
80d64f03dc2cc5283faf1354e05d3c3cb8f0cc54b3e76fdae3ad8a09c9d5f267

SHA512
5cb534fdba0f66a259d164040265c0e8a9586bb41a32309f30b4aab17e6a99f17baf4dada62a93e34cc83d5ec6449dd28800ee41c2936631484cc95133e3956f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ml\messages.json

Filesize
3KB

MD5
ce70315e2aaeda0999da38cc9fe65281

SHA1
d47fc92d30ec36dcc102d5957bb47a6c5b1cd121

SHA256
907f2709d1d3c8fa26294938f4080bc477e62281c4c50a082c22db0195cda663

SHA512
af5c78feaacb689d9d50d0196ba9428e4f02b07876995e8b77e3bc0fee7fbf43f3ad2848d58940f193966c54f13652476e1fcfd6a827465caad32b0b2d3f97e2

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\mn\messages.json

Filesize
2KB

MD5
83e7a14b7fc60d4c66bf313c8a2bef0b

SHA1
1ccf1d79cded5d65439266db58480089cc110b18

SHA256
613d8751f6cc9d3fa319f4b7ea8b2bd3bed37fd077482ca825929dd7c12a69a8

SHA512
3742e24ffc4b5283e6ee496813c1bdc6835630d006e8647d427c3de8b8e7bf814201adf9a27bfab3abd130b6fec64ebb102ac0eb8dedfe7b63d82d3e1233305d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\mr\messages.json

Filesize
2KB

MD5
34ce3fa84e699bce78e026d0f0a0c705

SHA1
5c56d09af53d521fe4224a77aa66e61a3b0165ca

SHA256
275e7fadb93a810328e3adead8754dd0a19a062d5d20a872f7471ffab47aa7b3

SHA512
3a6cd2ea06b664689f089d35fcfa41b36c22b1d77cf78f66d0f5dcdc52a6bb29f7566d377b81edce6001b71cb7f1e1247d3d71965baa2e8ea9e6deaa208cf25b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ms\messages.json

Filesize
796B

MD5
db4d49231c88c11e8d8c3d71a9b7d3d4

SHA1
4829115ace32c4e769255cf10807f3bdb1766f44

SHA256
9b32c491d0bfebdca1455f73c3c6f71796d433a39818c06c353da588de650f81

SHA512
c8b4a982abf61eabb1b7280f3e10fdf1350b20f38ca9878f33ddaf979fd617ca8e5ff4df6099c395fbae86c8affbae77653ba9cb736af22466e3cb85d4d92e56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\my\messages.json

Filesize
3KB

MD5
342335a22f1886b8bc92008597326b24

SHA1
2cb04f892e430dcd7705c02bf0a8619354515513

SHA256
243befbd6b67a21433dcc97dc1a728896d3a070dc20055eb04d644e1bb955fe7

SHA512
cd344d060e30242e5a4705547e807ce3ce2231ee983bb9a8ad22b3e7598a7ec87399094b04a80245ad51d039370f09d74fe54c0b0738583884a73f0c7e888ad8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ne\messages.json

Filesize
3KB

MD5
065eb4de2319a4094f7c1c381ac753a0

SHA1
6324108a1ad968cb3aec83316c6f12d51456c464

SHA256
160e1cd593c901c7291ea4ecba735191d793ddfd7e9646a0560498627f61da6f

SHA512
8b3e970a2beb8b6b193ad6ab9baa0fd8e1147cb5b9e64d76a6d3f104d636481621be52c2d72c588adf444e136a9b1350ac767255d2e680df44e9a1fb75e4c898

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\nl\messages.json

Filesize
771B

MD5
d448e11801349ab5704df8446fe3fa4c

SHA1
6e299363c264fa84710d6dbeaedc3b41b7fe0e42

SHA256
e98c5cfe277a338a938e7277deec132f5ea82a53ebdb65ff10e8a2ff548ac198

SHA512
49c2c05207c16f1c9393f9473cc77fd28e1b1f47686ae1eeb757676019a0ad4a6478e5a76004911f4ae299b3b7331cb6dfdca3eed2078baa5da901ea44cc4668

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\no\messages.json

Filesize
758B

MD5
66439ba3ed5ba0c702ef94793e15de83

SHA1
2b3ca2c2be15207deae55e1d667c9dcdc9241c74

SHA256
b3ece279943b28c8d855ec86ac1ce53bdfb6a709240d653508764493a75f7518

SHA512
8b393f3be96020181a12a16fafdae9df555b09a7b03cc855009b26a48b0c7d583476a72bb28224e419d300013fe272316c2cb35de8d67dbab454b7cae8df6b94

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\pa\messages.json

Filesize
2KB

MD5
97f769f51b83d35c260d1f8cfd7990af

SHA1
0d59a76564b0aee31d0a074305905472f740ceca

SHA256
bbd37d41b7de6f93948fa2437a7699d4c30a3c39e736179702f212cb36a3133c

SHA512
d91f5e2d22fc2d7f73c1f1c4af79db98fcfd1c7804069ae9b2348cbc729a6d2dff7fb6f44d152b0bdaba6e0d05dff54987e8472c081c4d39315cec2cbc593816

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\pl\messages.json

Filesize
978B

MD5
10ba7fe4cab38642419be8fef9e78178

SHA1
fddd00441dccff459f8abca12ba1856b9b1e299b

SHA256
6538f562bd1baa828c0ef0adc5f7c96b4a0eb7814e6b9a2b585e4d3b92b0e61d

SHA512
07e490d44f8f8a2bdc2d4ad15753ad16e39d17693219418b02820d26558fbe3fce8a8583bae0ed876acc6326080867d05a732cd9a4c24b620753b84bda4ac031

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\pt_BR\messages.json

Filesize
832B

MD5
8e24ec937237f48ac98b27f47b688c90

SHA1
bf47d23436a890b31799fff14a1d251720eced00

SHA256
a6ad5d5fb7c90736e04f898970d2cc9d423415b54b8e572f18c05d6ebaf46f68

SHA512
060f9713be6cd4262e0c490e50198a33026b00a80c8a3c7c87f2b05893280e1b32d1df2536054f4544f7a014ecbaf5f2e299b49dd6f45705cabfff068ef50d31

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\pt_PT\messages.json

Filesize
855B

MD5
aa431ec252b4339a49d172c6b9292ba3

SHA1
26fd7003368d5342620464a53af547ddea7c7328

SHA256
156fc7ba9b5728908e1a74950b97474f73d8f58933d345c8eeea8284565c8357

SHA512
c47c2e530ee2dd0bcc1ed1c2f8c54aeea3dcfac277bd85026dcc6c07e2da693b35577bac4924c45bb8423ad9aaecba324eec74291ef5cf2586a8b0b9f0084cba

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ro\messages.json

Filesize
930B

MD5
ee122cf26ebe1ad0cc733b117a89ff3b

SHA1
a7c21e40ab7c934b35d725b3e21e4cb8ea85bc1e

SHA256
4ecedb9c1f3dd0d0e3aeb86146561b3d7e58656cbdbed1a39b91737b52ec7f2c

SHA512
4866fbea6c8698eb3c8923b9875186c800519488784683c18e5e6523681c52429e7ba38a304e0d1b17a3997a2f4c8c3a5e9fb518466a910b119f65d7dd62b77d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ru\messages.json

Filesize
2KB

MD5
f70662272a8fc9141a295a54002f644f

SHA1
23397edad4bcc4a1bb8f43f9c2d1f08a7e3332b0

SHA256
df379187b7f6de700e5c53420336e6b31b7dc31015f77b2b256256bcf9be54b7

SHA512
b6ca9a8f1a83c71ed8eb8f46a102662d22eb13700660cf5c8841e5fe92dcad11a252555f169ffc4d6a97c399dd514cdeacbbcc27fe39da784bd9c1ebe85f4508

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\si\messages.json

Filesize
2KB

MD5
b8a4fd612534a171a9a03c1984bb4bdd

SHA1
f513f7300827fe352e8ecb5bd4bb1729f3a0e22a

SHA256
54241ebe651a8344235cc47afd274c080abaebc8c3a25afb95d8373b6a5670a2

SHA512
c03e35bfde546aeb3245024ef721e7e606327581efe9eaf8c5b11989d9033bdb58437041a5cb6d567baa05466b6aaf054c47f976fd940eeedf69fdf80d79095b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\sk\messages.json

Filesize
947B

MD5
a46e08b45be0532e461e007e894b94f4

SHA1
387b703c55af0cf77874a1b340969ece79c2705e

SHA256
5e886e7b616fbff3671dab632d1b6d8dceeff9004218485f1b911dcd8c9694a3

SHA512
388992752bd1efaebbd420fd5a8f2c6c775f2be4c61d690b46a418c72abaffe44ff8a4c332b45a8b75a243ae8d61f3d6da6e55fa768d17d2635079b03442a55f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\sl\messages.json

Filesize
855B

MD5
9cdfa5371f28427f129d200338c47494

SHA1
19653347e92967564bd8df14fde2eea2dc87bceb

SHA256
75d018cc8525605ddc591f6bfe5bdaa2efb164934e9d5438972651f8c818d581

SHA512
e6122fd5c8d387a999ef57c877bb70c896c1012b592333bcf2b93e44f7e8ba487f264e83cdefbbde972040cf6dc8f14a4a9e0e0bca85cf1f9eaa35b817dd2869

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\sr\messages.json

Filesize
2KB

MD5
c2026342237e7686b1932af5b54f8110

SHA1
5af235b29947c7f770070f0a693979d9191fadb5

SHA256
a3eb276fbd19dce2b00db6937578b214b9e33d67487659fe0bf21a86225ece73

SHA512
2ce6fffa4ea16aac65acc8b5c1c9952eae1ac8891589266735c3ef0a0d20e2fa76940e6401d86eef5c87a1d24c1cc9a1caaf1c66819c56505b0b2860bfe5acfe

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\sv\messages.json

Filesize
800B

MD5
f008f729147f028a91e700008130da52

SHA1
643fff3dc0694fd28749768314150b30572caa54

SHA256
5f4229d18e5606330146ee13bdf726e10c1e06cbb15368c47f1ae68abe9ce4ba

SHA512
f5890cc08a9a40366cfffbbdb9b14e8083897a2950deb4bb23566d641dd4b06ab02479a2b83bd5001c179abff889506a3292cd92e31a6b92cad917dff760ab27

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\sw\messages.json

Filesize
840B

MD5
84eb1d6e827e40c578469eaab778e368

SHA1
3f53de16ab05f7e03ae6c8605c2339043c1a385f

SHA256
2c6b42d122943dc0ca92a33074d1a607351d3bc7f9768e174617fa7011a3de9f

SHA512
7a7ce81fa8be309d347ae0975fd6fcd904bc1ee86342dc0e88e789e7cf5967edd0ddccb9ba156510e74b025a23d479b6058101ffbb648c5d30c311f5ba1dfc6b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ta\messages.json

Filesize
3KB

MD5
24626ad7b8058866033738380776f59b

SHA1
a6abd9ab8ba022ea6619252df8422bf5f73b6a24

SHA256
3fc7f56f6d6d514b32547509b39f6380fc786efbcca4b9859f204456ca2e7957

SHA512
4fa2f084175d71923ae3186c8195781e1946f6c19b1a4bf659d3ae2dc45f1ac2f84d794b4487ec5e030ea899ee1decf07b3cdd3eb0d3dda996c5ff8a272cf97a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\te\messages.json

Filesize
3KB

MD5
50ab4deabad394d13c265b8b80d9f9c3

SHA1
ce9c786cc92359ca34483bd57ce121f699920ddb

SHA256
90868a8a4a4dbf48770c14a161faea406ef9a453b75f4cb7a53c1b4e96a88599

SHA512
3ba6498cde1fe4c8f012a75ee546e9793b812cb7306c927054427fc697cb729549196f8e45db1a7a7dd1e485e6a3d3950168e33b03b669f5d4676c372f519a6f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\th\messages.json

Filesize
2KB

MD5
0875b0bad81161ccf2c16e13ee49af9d

SHA1
686663983a022689dedf5ba22c0f169e1a654e64

SHA256
d299aa0c4f29c5c8248a1c51afdb7439f4cf7bc28ee02408a598f8aad9f70810

SHA512
d569dfda9f0851fb0d5b2b8454704461e0185b573f3839416f3237f2d89c372e58fdce7d871f44f6f3777c7f4177009bb1fd3cdbe2f4f3d62015bd130851e8ae

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\tr\messages.json

Filesize
1KB

MD5
3104bcd0d4ad6b47fe36f36c1b5aa333

SHA1
36ec46c7230487c0d26e185aa82f340d8312a265

SHA256
ac2894cea6332450095a7f8fc9b97550da87e4b4b6e6fb95df1a1f49f25e0e35

SHA512
873a8e1ec1eb2b482794c51dbfdd5b96cb9e8e2b5a74db3c3b54ae78a396585faec402a054ff332551b5ebcfc4a57bfc5bd92d08f9f73acb433efe9a18d89cd3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\uk\messages.json

Filesize
2KB

MD5
ae938164f7ac0e7c7f120742de2beb1e

SHA1
fc49041249eaef40632f27faa8561582d510d4e3

SHA256
08978a1425dec304483bbb7dd0e55a7d850c4561abd41bac1be5d93d70465174

SHA512
b3f252885f9d7e4d74a5880b5fa60447511d4e2dce64db8ede5bd1b144f0f09a3c784649c2e1623a034ddd50b6b7ff990a3a6fc58c3ae124646c31f35b0b20fd

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\ur\messages.json

Filesize
2KB

MD5
f6e8fca4fd1a7af320d4d30d6055fa6d

SHA1
1c4aae49c08a0e4ee3544063c10fe86e7fdab05e

SHA256
504549057a6a182a404c36112d2450864a6cb4574cd0e8f435ca556fac52ab0a

SHA512
241e8505658e09d5559ec3a91fc6d1a88ba61f1b714d3cfc0e498e13908ba45aed8b63b483ecc5008a5ab07b24e1d123192fbd90b4a2289d52ad7bef4a71c9e7

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\vi\messages.json

Filesize
1KB

MD5
1e54afbacca335be3a050920ddfbe863

SHA1
fabd5e9d6bda46c9708a0ee26302156ca413a1dc

SHA256
f1da95e1d58e933050cd8a4fea12f3d1b9a2759479ffdb74fdc1cfbf89568327

SHA512
dfe60c51c043da92dec81fedb250dc60bcd97daba831261de92cdee35c0760610c1d436d04d74b65ef0a22e8cdf5201e3dde176cd9b7d5ccf1cc1ff9c884870c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\zh_CN\messages.json

Filesize
1KB

MD5
e910d3f03f0349f5c8a6a541107375d5

SHA1
2f3482194c98ecbd58a42bd29bb853267c49a39a

SHA256
3893c066a36fe95f06f3c49091a20290d4e071183755f40af05455660beda2dc

SHA512
387ca0727ad0869041296182f17555f55552245d38284a1d5d2652b72959cc94dd345f8a1d6d15f7f5477817df9afa045f2267269d0d66938c7d401b4ca2eb4b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\zh_HK\messages.json

Filesize
1KB

MD5
524e1b2a370d0e71342d05dde3d3e774

SHA1
60d1f59714f9e8f90ef34138d33fbff6dd39e85a

SHA256
30f44cfad052d73d86d12fa20cfc111563a3b2e4523b43f7d66d934ba8dace91

SHA512
d2225cf2fa94b01a7b0f70a933e1fdcf69cdf92f76c424ce4f9fcc86510c481c9a87a7b71f907c836cbb1ca41a8bebbd08f68dbc90710984ca738d293f905272

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\zh_TW\messages.json

Filesize
1KB

MD5
b571e4cefd96a2651ffb6621c4d3d1b4

SHA1
9fce97192139d1ec0885fd62a059fa81e473f9c5

SHA256
16b8f7be42b982d5ad9f638e71da38d134394b9bab9255f73cf514abbfaaf146

SHA512
6a315031b7c3e7b2cdee7a835aaad7fceb07d2889e4401e3be6b3a8c6492a47a9a065aab85fe2a69a1eca6bfe4a733f8ccfe8c5ec2fef681aadb77c9f5e57eff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\_locales\zu\messages.json

Filesize
912B

MD5
71f916a64f98b6d1b5d1f62d297fdec1

SHA1
9386e8f723c3f42da5b3f7e0b9970d2664ea0baa

SHA256
ec78ddd4ccf32b5d76ec701a20167c3fbd146d79a505e4fb0421fc1e5cf4aa63

SHA512
30fa4e02120af1be6e7cc7dbb15fae5d50825bd6b3cf28ef21d2f2e217b14af5b76cfcc165685c3edc1d09536bfcb10ca07e1e2cc0da891cec05e19394ad7144

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\offscreendocument.html

Filesize
97B

MD5
b747b5922a0bc74bbf0a9bc59df7685f

SHA1
7bf124b0be8ee2cfcd2506c1c6ffc74d1650108c

SHA256
b9fa2d52a4ffabb438b56184131b893b04655b01f336066415d4fe839efe64e7

SHA512
7567761be4054fcb31885e16d119cd4e419a423ffb83c3b3ed80bfbf64e78a73c2e97aae4e24ab25486cd1e43877842db0836db58fbfbcef495bc53f9b2a20ec

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\offscreendocument_main.js

Filesize
121KB

MD5
5656f8678589cf436a2e5c532a036a73

SHA1
af8b89f2c1596298b1652be2b0c83ec25ffcfb21

SHA256
73e898c9a5efe3a6b8c13b53880b55dd588ca09d543ecb102d965eac32bb12d0

SHA512
7d2b0a2a65c607f0a7445e0afbb31497d0d020a4a439935e49d14de4539e555c76c03c3f60fbc78cef300ee168ebff4132d7b2ecb17acebb66ded18720c46aaa

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping12612_497022986\page_embed_script.js

Filesize
338B

MD5
c14d617e06059a9951c38413f8d3cbc4

SHA1
1418d66bda6097888b1467316b349df77ddcc0db

SHA256
fbd9369840ec4d8f3102cd865c5186e0c65de80d67fbaa244cb7513ba839de36

SHA512
80b14b7cc8a62f482ac5e5ab7dc9c74411fe3c9bb5675536889a552187bc10aead89110ff0479d37c81ce367474d9b7af059059622b019cb17731efc84f5284b

Download Submit
memory/428-12478-0x0000000000750000-0x0000000000778000-memory.dmp

Filesize
160KB

Download
memory/428-12479-0x000000001B440000-0x000000001B52E000-memory.dmp

Filesize
952KB

Download
memory/2092-3145-0x00007FFCE63C0000-0x00007FFCE7470000-memory.dmp

Filesize
16.7MB

Download
memory/2092-3144-0x00007FFCE78B0000-0x00007FFCE7B66000-memory.dmp

Filesize
2.7MB

Download
memory/2092-3142-0x00007FF78F470000-0x00007FF78F568000-memory.dmp

Filesize
992KB

Download
memory/2092-3143-0x00007FFCF9C60000-0x00007FFCF9C94000-memory.dmp

Filesize
208KB

Download
memory/2772-3049-0x00007FFCC89D0000-0x00007FFCC89E0000-memory.dmp

Filesize
64KB

Download
memory/2772-3052-0x00007FFCC6610000-0x00007FFCC6620000-memory.dmp

Filesize
64KB

Download
memory/2772-3053-0x00007FFCC6610000-0x00007FFCC6620000-memory.dmp

Filesize
64KB

Download
memory/2772-3090-0x00007FFCC89D0000-0x00007FFCC89E0000-memory.dmp

Filesize
64KB

Download
memory/2772-3093-0x00007FFCC89D0000-0x00007FFCC89E0000-memory.dmp

Filesize
64KB

Download
memory/2772-3092-0x00007FFCC89D0000-0x00007FFCC89E0000-memory.dmp

Filesize
64KB

Download
memory/2772-3091-0x00007FFCC89D0000-0x00007FFCC89E0000-memory.dmp

Filesize
64KB

Download
memory/2772-3050-0x00007FFCC89D0000-0x00007FFCC89E0000-memory.dmp

Filesize
64KB

Download
memory/2772-3051-0x00007FFCC89D0000-0x00007FFCC89E0000-memory.dmp

Filesize
64KB

Download
memory/2772-3048-0x00007FFCC89D0000-0x00007FFCC89E0000-memory.dmp

Filesize
64KB

Download
memory/2772-3047-0x00007FFCC89D0000-0x00007FFCC89E0000-memory.dmp

Filesize
64KB

Download
memory/2816-3179-0x0000000009700000-0x0000000009710000-memory.dmp

Filesize
64KB

Download
memory/2816-3184-0x0000000009700000-0x0000000009710000-memory.dmp

Filesize
64KB

Download
memory/2816-3182-0x0000000009700000-0x0000000009710000-memory.dmp

Filesize
64KB

Download
memory/2816-3177-0x0000000006870000-0x0000000006880000-memory.dmp

Filesize
64KB

Download
memory/2816-3181-0x0000000009700000-0x0000000009710000-memory.dmp

Filesize
64KB

Download
memory/2816-3180-0x0000000009700000-0x0000000009710000-memory.dmp

Filesize
64KB

Download
memory/2816-3185-0x0000000009700000-0x0000000009710000-memory.dmp

Filesize
64KB

Download
memory/2816-3186-0x0000000009700000-0x0000000009710000-memory.dmp

Filesize
64KB

Download
memory/2816-3183-0x0000000009700000-0x0000000009710000-memory.dmp

Filesize
64KB

Download
memory/2964-12481-0x0000000000300000-0x0000000000356000-memory.dmp

Filesize
344KB

Download
memory/2964-15309-0x00000000221B0000-0x00000000221D2000-memory.dmp

Filesize
136KB

Download
memory/2964-15308-0x000000001F8A0000-0x000000001F8A8000-memory.dmp

Filesize
32KB

Download
memory/2964-12482-0x0000000020040000-0x00000000200C0000-memory.dmp

Filesize
512KB

Download
memory/4328-3604-0x0000000000010000-0x00000000000B2000-memory.dmp

Filesize
648KB

Download
memory/4328-3609-0x000000001C300000-0x000000001C338000-memory.dmp

Filesize
224KB

Download
memory/4328-3610-0x000000001B920000-0x000000001B92E000-memory.dmp

Filesize
56KB

Download
memory/4328-3611-0x000000001AE10000-0x000000001AE18000-memory.dmp

Filesize
32KB

Download
memory/4328-3607-0x000000001C3A0000-0x000000001C8C8000-memory.dmp

Filesize
5.2MB

Download
memory/4328-3605-0x0000000002420000-0x0000000002488000-memory.dmp

Filesize
416KB

Download
memory/6100-3099-0x00007FFCC6610000-0x00007FFCC6620000-memory.dmp

Filesize
64KB

Download
memory/6100-3101-0x00007FFCC6610000-0x00007FFCC6620000-memory.dmp

Filesize
64KB

Download
memory/10956-13212-0x00007FFD070E0000-0x00007FFD070E1000-memory.dmp

Filesize
4KB

Download
memory/10956-13211-0x00007FFD06990000-0x00007FFD06991000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads