URL:

https://cloud.bluestacks.com/api/getdownloadnow?platform=win&win_version=10&mac_version=&client_uuid=9b8e7ded-34f8-4b57-9def-f0c3e751f024&app_pkg=&platform_cloud=%257B%2522description%2522%253A%2522Firefox%2520140.0%2520on%2520Windows%252010%252064-bit%2522%252C%2522layout%2522%253A%2522Gecko%2522%252C%2522manufacturer%2522%253Anull%252C%2522name%2522%253A%2522Firefox%2522%252C%2522prerelease%2522%253Anull%252C%2522product%2522%253Anull%252C%2522ua%2522%253A%2522Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A140.0)%2520Gecko%252F20100101%2520Firefox%252F140.0%2522%252C%2522version%2522%253A%2522140.0%2522%252C%2522os%2522%253A%257B%2522architecture%2522%253A64%252C%2522family%2522%253A%2522Windows%2522%252C%2522version%2522%253A%252210%2522%257D%257D&preferred_lang=en&utm_source=&utm_medium=&gaCookie=&gclid=&clickid=&msclkid=&affiliateId=&offerId=&transaction_id=&aff_sub=&first_landing_page=&referrer=&download_page_referrer=https%3A%2F%2Fwww.bluestacks.com%2F&utm_campaign=homepage-dl-button-en&user_id=experiment_variant&exit_utm_campaign=bsx-install-button-home-en&incompatible=false&bluestacks_version=bs5&device_memory=undefined&device_cpu_cores=4&extra_data=%7B%22campainId%22%3A%226822fab72359dd001a885bf8%22%2C%22deviceDetails%22%3A%22windows%22%2C%22renderer%22%3A%22ANGLE%20(Intel%2C%20Intel(R)%20HD%20Graphics%20400%20Direct3D11%20vs_5_0%20ps_5_0)%2C%20or%20similar%22%7D

Full analysis: https://app.any.run/tasks/f74c28c2-d9c8-4f9e-b771-2320febb90a4
Verdict: Malicious activity
Analysis date: July 19, 2025, 20:41:41
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
Indicators:
MD5:

D4E4E2867141B8C9E5C82F8532CB0805

SHA1:

464A2696A967A84A5E9E867D430F699A8AE29709

SHA256:

721EA802C719FA6476B95E244D6C551CC67A7BC28B30B13D1AF103513756EBD7

SSDEEP:

24:2Ujzgnu6f5+LwYk7N+n1RRRk0waPw2YBdWW/h+Y9uMyrmu2S8BX4iF:Ef5+kV7NcRkPJdWWJZyrmu2SI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksServices.exe (PID: 6036)

    • Opens a text file (SCRIPT)

      • cscript.exe (PID: 7864)
      • cscript.exe (PID: 4512)
      • cscript.exe (PID: 5352)
      • cscript.exe (PID: 5476)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 1352)
      • cscript.exe (PID: 1300)
      • cscript.exe (PID: 1336)
      • cscript.exe (PID: 8632)
      • cscript.exe (PID: 8656)
      • cscript.exe (PID: 7904)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 9148)
      • cscript.exe (PID: 7432)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 8024)
      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 7096)
      • 7zr.exe (PID: 4724)
      • BlueStacksServicesSetup.exe (PID: 592)
      • 7zr.exe (PID: 5436)
      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksInstaller.exe (PID: 5712)
      • BlueStacksServices.exe (PID: 6036)

    • Reads security settings of Internet Explorer

      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 8024)
      • BlueStacksInstaller.exe (PID: 8068)
      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • Bootstrapper.exe (PID: 7360)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 7096)
      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksServicesSetup.exe (PID: 592)

    • Reads the date of Windows installation

      • BlueStacksInstaller.exe (PID: 8068)
      • BlueStacksInstaller.exe (PID: 7240)
      • Bootstrapper.exe (PID: 7360)

    • Application launched itself

      • BlueStacksInstaller.exe (PID: 8068)
      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksServices.exe (PID: 6036)
      • updater.exe (PID: 4148)
      • updater.exe (PID: 4152)

    • The process creates files with name similar to system file names

      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 7096)
      • BlueStacksServicesSetup.exe (PID: 592)
      • 7zr.exe (PID: 5436)

    • Drops 7-zip archiver for unpacking

      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 7096)
      • BlueStacksServicesSetup.exe (PID: 592)
      • 7zr.exe (PID: 5436)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksServicesSetup.exe (PID: 592)

    • Process drops legitimate windows executable

      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 7096)
      • 7zr.exe (PID: 4724)
      • BlueStacksServicesSetup.exe (PID: 592)
      • 7zr.exe (PID: 5436)

    • Executing commands from a ".bat" file

      • wscript.exe (PID: 984)

    • The process drops C-runtime libraries

      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • 7zr.exe (PID: 4724)
      • 7zr.exe (PID: 5436)

    • Starts CMD.EXE for commands execution

      • wscript.exe (PID: 984)
      • BlueStacksServicesSetup.exe (PID: 592)
      • BlueStacksServices.exe (PID: 1520)
      • HD-LogCollector.exe (PID: 8464)
      • BlueStacksServices.exe (PID: 6036)

    • The process executes VB scripts

      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)

    • Creates a software uninstall entry

      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksServicesSetup.exe (PID: 592)
      • BlueStacksInstaller.exe (PID: 5712)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 984)

    • Searches for installed software

      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksInstaller.exe (PID: 5712)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • cmd.exe (PID: 1352)
      • BlueStacksInstaller.exe (PID: 5712)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • cmd.exe (PID: 1352)
      • BlueStacksInstaller.exe (PID: 5712)

    • Get information on the list of running processes

      • BlueStacksServicesSetup.exe (PID: 592)
      • cmd.exe (PID: 4912)
      • BlueStacksServices.exe (PID: 1520)
      • cmd.exe (PID: 620)
      • cmd.exe (PID: 2384)
      • cmd.exe (PID: 8404)
      • cmd.exe (PID: 8392)
      • cmd.exe (PID: 8908)
      • cmd.exe (PID: 8900)
      • cmd.exe (PID: 8644)
      • cmd.exe (PID: 8704)
      • cmd.exe (PID: 8700)
      • cmd.exe (PID: 8368)
      • cmd.exe (PID: 9112)
      • cmd.exe (PID: 8924)
      • cmd.exe (PID: 8584)
      • cmd.exe (PID: 6776)
      • cmd.exe (PID: 8884)
      • cmd.exe (PID: 9176)
      • cmd.exe (PID: 5980)
      • cmd.exe (PID: 8064)
      • cmd.exe (PID: 3400)
      • cmd.exe (PID: 8232)
      • BlueStacksServices.exe (PID: 6036)
      • cmd.exe (PID: 6724)
      • cmd.exe (PID: 6516)
      • cmd.exe (PID: 6732)
      • cmd.exe (PID: 6344)
      • cmd.exe (PID: 5168)
      • cmd.exe (PID: 3436)
      • cmd.exe (PID: 432)
      • cmd.exe (PID: 6224)
      • cmd.exe (PID: 2672)
      • cmd.exe (PID: 1236)
      • cmd.exe (PID: 2620)
      • cmd.exe (PID: 1260)

    • Drops a system driver (possible attempt to evade defenses)

      • 7zr.exe (PID: 5436)

    • Reads data from a binary Stream object (SCRIPT)

      • cscript.exe (PID: 7864)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 4512)
      • cscript.exe (PID: 5352)
      • cscript.exe (PID: 1352)
      • cscript.exe (PID: 5476)
      • cscript.exe (PID: 1336)
      • cscript.exe (PID: 1300)
      • cscript.exe (PID: 8632)
      • cscript.exe (PID: 9148)
      • cscript.exe (PID: 8656)
      • cscript.exe (PID: 7904)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 7432)

    • Gets full path of the running script (SCRIPT)

      • cscript.exe (PID: 7864)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 4512)
      • cscript.exe (PID: 5352)
      • cscript.exe (PID: 5476)
      • cscript.exe (PID: 1336)
      • cscript.exe (PID: 1300)
      • cscript.exe (PID: 1352)
      • cscript.exe (PID: 8656)
      • cscript.exe (PID: 9148)
      • cscript.exe (PID: 8632)
      • cscript.exe (PID: 7904)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 7432)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • cscript.exe (PID: 7864)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 4512)
      • cscript.exe (PID: 5352)
      • cscript.exe (PID: 5476)
      • cscript.exe (PID: 1352)
      • cscript.exe (PID: 1336)
      • cscript.exe (PID: 8632)
      • cscript.exe (PID: 1300)
      • cscript.exe (PID: 8656)
      • cscript.exe (PID: 9148)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 7904)
      • cscript.exe (PID: 7432)

    • Writes binary data to a Stream object (SCRIPT)

      • cscript.exe (PID: 7864)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 5476)
      • cscript.exe (PID: 1352)
      • cscript.exe (PID: 1336)
      • cscript.exe (PID: 1300)
      • cscript.exe (PID: 8656)
      • cscript.exe (PID: 7904)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 8632)
      • cscript.exe (PID: 9148)
      • cscript.exe (PID: 7432)

    • Connects to unusual port

      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksServices.exe (PID: 6036)

    • Creates/Modifies COM task schedule object

      • HD-ComRegistrar.exe (PID: 8472)

    • Lists all scheduled tasks in specific format

      • schtasks.exe (PID: 8648)

    • Detected use of alternative data streams (AltDS)

      • HD-Player.exe (PID: 1828)
      • HD-Player.exe (PID: 7944)
      • HD-MultiInstanceManager.exe (PID: 6360)
      • HD-Player.exe (PID: 6228)

    • Checks for external IP

      • HD-Player.exe (PID: 1828)
      • HD-Player.exe (PID: 7944)
      • HD-Player.exe (PID: 6228)

    • Uses SYSTEMINFO.EXE to read the environment

      • HD-LogCollector.exe (PID: 8464)

    • The process executes via Task Scheduler

      • updater.exe (PID: 4148)
      • PLUGScheduler.exe (PID: 4140)
      • PLUGScheduler.exe (PID: 4144)
      • updater.exe (PID: 4152)

    • The system shut down or reboot

      • HD-Player.exe (PID: 7944)
      • HD-Player.exe (PID: 6228)

  • INFO

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6492)
      • msedge.exe (PID: 6472)

    • The sample compiled with english language support

      • msedge.exe (PID: 6472)
      • msedge.exe (PID: 6492)
      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 7096)
      • 7zr.exe (PID: 4724)
      • BlueStacksServicesSetup.exe (PID: 592)
      • 7zr.exe (PID: 5436)

    • Application launched itself

      • msedge.exe (PID: 6492)

    • Checks supported languages

      • identity_helper.exe (PID: 7664)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 8024)
      • BlueStacksInstaller.exe (PID: 8068)
      • HD-CheckCpu.exe (PID: 8136)
      • BlueStacksInstaller.exe (PID: 7240)
      • HD-CheckCpu.exe (PID: 7568)
      • HD-CheckCpu.exe (PID: 5500)
      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • Bootstrapper.exe (PID: 7360)
      • BlueStacksInstaller.exe (PID: 5712)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 7096)
      • 7zr.exe (PID: 4724)
      • HD-ForceGPU.exe (PID: 4800)
      • BlueStacksServicesSetup.exe (PID: 592)
      • HD-GLCheck.exe (PID: 1932)
      • HD-GLCheck.exe (PID: 7880)
      • HD-GLCheck.exe (PID: 3884)
      • HD-GLCheck.exe (PID: 6352)
      • HD-GLCheck.exe (PID: 4012)
      • HD-GLCheck.exe (PID: 1828)
      • 7zr.exe (PID: 5436)
      • HD-CheckCpu.exe (PID: 2324)
      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksServices.exe (PID: 3964)
      • BlueStacksServices.exe (PID: 6620)
      • BlueStacksServices.exe (PID: 1592)
      • 7zr.exe (PID: 8708)
      • 7zr.exe (PID: 8216)
      • HD-GLCheck.exe (PID: 9060)
      • HD-GLCheck.exe (PID: 8220)
      • HD-CheckCpu.exe (PID: 3540)
      • HD-ComRegistrar.exe (PID: 5476)
      • HD-GLCheck.exe (PID: 9076)
      • BstkVMMgr.exe (PID: 8904)
      • BstkSVC.exe (PID: 8756)
      • BstkSVC.exe (PID: 8296)
      • HD-ComRegistrar.exe (PID: 8472)
      • BlueStacksHelper.exe (PID: 7424)
      • ffmpeg.exe (PID: 6312)
      • HD-Player.exe (PID: 1828)
      • ffmpeg.exe (PID: 8760)
      • BstkSVC.exe (PID: 8368)
      • ffmpeg.exe (PID: 2144)
      • HD-LogCollector.exe (PID: 8464)
      • HD-GLCheck.exe (PID: 7152)
      • ffmpeg.exe (PID: 2552)
      • HD-Player.exe (PID: 7944)
      • BstkSVC.exe (PID: 6532)
      • ffmpeg.exe (PID: 8788)
      • ffmpeg.exe (PID: 1268)
      • ffmpeg.exe (PID: 1332)
      • ffmpeg.exe (PID: 1336)
      • updater.exe (PID: 4148)
      • updater.exe (PID: 4264)
      • BlueStacksServices.exe (PID: 6156)
      • BlueStacksServices.exe (PID: 6036)
      • BlueStacksServices.exe (PID: 6320)
      • BlueStacksServices.exe (PID: 6692)
      • HD-MultiInstanceManager.exe (PID: 6360)
      • BstkSVC.exe (PID: 6244)
      • HD-GLCheck.exe (PID: 6928)
      • HD-Player.exe (PID: 6228)
      • ffmpeg.exe (PID: 6780)
      • ffmpeg.exe (PID: 6444)
      • ffmpeg.exe (PID: 5840)
      • ffmpeg.exe (PID: 6372)
      • PLUGScheduler.exe (PID: 4144)
      • updater.exe (PID: 4152)
      • updater.exe (PID: 5084)

    • Reads the computer name

      • identity_helper.exe (PID: 7664)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 8024)
      • BlueStacksInstaller.exe (PID: 8068)
      • BlueStacksInstaller.exe (PID: 7240)
      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • Bootstrapper.exe (PID: 7360)
      • BlueStacksInstaller.exe (PID: 5712)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 7096)
      • 7zr.exe (PID: 4724)
      • BlueStacksServicesSetup.exe (PID: 592)
      • HD-GLCheck.exe (PID: 1932)
      • HD-GLCheck.exe (PID: 7880)
      • HD-GLCheck.exe (PID: 3884)
      • HD-GLCheck.exe (PID: 6352)
      • HD-GLCheck.exe (PID: 4012)
      • 7zr.exe (PID: 5436)
      • HD-GLCheck.exe (PID: 1828)
      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksServices.exe (PID: 6620)
      • BlueStacksServices.exe (PID: 3964)
      • 7zr.exe (PID: 8708)
      • 7zr.exe (PID: 8216)
      • HD-GLCheck.exe (PID: 9076)
      • HD-GLCheck.exe (PID: 8220)
      • HD-ComRegistrar.exe (PID: 5476)
      • HD-GLCheck.exe (PID: 9060)
      • BstkVMMgr.exe (PID: 8904)
      • BstkSVC.exe (PID: 8296)
      • HD-ComRegistrar.exe (PID: 8472)
      • BstkSVC.exe (PID: 8756)
      • HD-Player.exe (PID: 1828)
      • BlueStacksHelper.exe (PID: 7424)
      • ffmpeg.exe (PID: 6312)
      • BstkSVC.exe (PID: 8368)
      • ffmpeg.exe (PID: 2552)
      • HD-LogCollector.exe (PID: 8464)
      • BstkSVC.exe (PID: 6532)
      • HD-GLCheck.exe (PID: 7152)
      • HD-Player.exe (PID: 7944)
      • ffmpeg.exe (PID: 1336)
      • PLUGScheduler.exe (PID: 4140)
      • ffmpeg.exe (PID: 1332)
      • BlueStacksServices.exe (PID: 6036)
      • BlueStacksServices.exe (PID: 6156)
      • updater.exe (PID: 4148)
      • BlueStacksServices.exe (PID: 6320)
      • HD-MultiInstanceManager.exe (PID: 6360)
      • BstkSVC.exe (PID: 6244)
      • HD-GLCheck.exe (PID: 6928)
      • HD-Player.exe (PID: 6228)
      • ffmpeg.exe (PID: 5840)
      • ffmpeg.exe (PID: 6372)
      • PLUGScheduler.exe (PID: 4144)
      • updater.exe (PID: 4152)

    • Reads Environment values

      • identity_helper.exe (PID: 7664)
      • BlueStacksInstaller.exe (PID: 8068)
      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksInstaller.exe (PID: 5712)
      • BlueStacksServices.exe (PID: 1520)
      • HD-Player.exe (PID: 1828)
      • BlueStacksHelper.exe (PID: 7424)
      • HD-LogCollector.exe (PID: 8464)
      • HD-Player.exe (PID: 7944)
      • BlueStacksServices.exe (PID: 6036)
      • HD-Player.exe (PID: 6228)

    • Create files in a temporary directory

      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 8024)
      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 7096)
      • 7zr.exe (PID: 4724)
      • BlueStacksServicesSetup.exe (PID: 592)
      • BlueStacksServices.exe (PID: 1520)
      • reg.exe (PID: 8600)
      • HD-LogCollector.exe (PID: 8464)
      • BlueStacksServices.exe (PID: 6036)

    • Process checks computer location settings

      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 8024)
      • BlueStacksInstaller.exe (PID: 8068)
      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksInstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_MDs1LDM7MTUsMTsxNSw0OzE1LDU7MTU=.exe (PID: 7096)
      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksServices.exe (PID: 1592)
      • HD-Player.exe (PID: 1828)
      • HD-Player.exe (PID: 7944)
      • BlueStacksServices.exe (PID: 6036)
      • BlueStacksServices.exe (PID: 6692)
      • HD-MultiInstanceManager.exe (PID: 6360)
      • Bootstrapper.exe (PID: 7360)
      • HD-Player.exe (PID: 6228)

    • Disables trace logs

      • BlueStacksInstaller.exe (PID: 8068)
      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksInstaller.exe (PID: 5712)
      • BlueStacksHelper.exe (PID: 7424)
      • HD-LogCollector.exe (PID: 8464)

    • Reads the machine GUID from the registry

      • BlueStacksInstaller.exe (PID: 8068)
      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksInstaller.exe (PID: 5712)
      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksHelper.exe (PID: 7424)
      • HD-LogCollector.exe (PID: 8464)
      • HD-Player.exe (PID: 1828)
      • HD-Player.exe (PID: 7944)
      • BlueStacksServices.exe (PID: 6036)
      • HD-MultiInstanceManager.exe (PID: 6360)
      • HD-Player.exe (PID: 6228)

    • Creates files or folders in the user directory

      • BlueStacksInstaller.exe (PID: 8068)
      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksInstaller.exe (PID: 5712)
      • BlueStacksServicesSetup.exe (PID: 592)
      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksServices.exe (PID: 3964)
      • HD-Player.exe (PID: 1828)
      • HD-Player.exe (PID: 7944)
      • BlueStacksServices.exe (PID: 6036)
      • HD-MultiInstanceManager.exe (PID: 6360)

    • Checks proxy server information

      • BlueStacksInstaller.exe (PID: 8068)
      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksInstaller.exe (PID: 5712)
      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksHelper.exe (PID: 7424)
      • slui.exe (PID: 6460)
      • HD-Player.exe (PID: 1828)
      • HD-LogCollector.exe (PID: 8464)
      • HD-Player.exe (PID: 7944)
      • BlueStacksServices.exe (PID: 6036)
      • HD-MultiInstanceManager.exe (PID: 6360)
      • HD-Player.exe (PID: 6228)

    • Reads the software policy settings

      • BlueStacksInstaller.exe (PID: 8068)
      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksInstaller.exe (PID: 5712)
      • BlueStacksHelper.exe (PID: 7424)
      • slui.exe (PID: 6460)
      • HD-Player.exe (PID: 1828)
      • HD-LogCollector.exe (PID: 8464)
      • HD-Player.exe (PID: 7944)
      • HD-MultiInstanceManager.exe (PID: 6360)
      • HD-Player.exe (PID: 6228)

    • Reads product name

      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksServices.exe (PID: 6036)

    • Creates files in the program directory

      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • BlueStacksInstaller.exe (PID: 7240)
      • BlueStacksInstaller.exe (PID: 5712)
      • 7zr.exe (PID: 5436)
      • 7zr.exe (PID: 8708)
      • 7zr.exe (PID: 8216)
      • HD-ComRegistrar.exe (PID: 5476)
      • BstkSVC.exe (PID: 8756)
      • BstkSVC.exe (PID: 8296)
      • HD-Player.exe (PID: 1828)
      • BstkSVC.exe (PID: 8368)
      • HD-Player.exe (PID: 7944)
      • BstkSVC.exe (PID: 6532)
      • PLUGScheduler.exe (PID: 4140)
      • BstkSVC.exe (PID: 6244)
      • HD-MultiInstanceManager.exe (PID: 6360)
      • HD-Player.exe (PID: 6228)
      • PLUGScheduler.exe (PID: 4144)

    • The sample compiled with chinese language support

      • BSX-Setup-5.22.91.1029_nxt.exe (PID: 5500)
      • 7zr.exe (PID: 5436)

    • Manual execution by a user

      • BlueStacksServicesSetup.exe (PID: 592)
      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksHelper.exe (PID: 7424)
      • HD-Player.exe (PID: 1828)
      • HD-Player.exe (PID: 7944)
      • BlueStacksServices.exe (PID: 6036)
      • HD-MultiInstanceManager.exe (PID: 6360)
      • HD-Player.exe (PID: 6228)

    • Launching a file from a Registry key

      • BlueStacksServices.exe (PID: 1520)
      • BlueStacksServices.exe (PID: 6036)

    • Reads security settings of Internet Explorer

      • cscript.exe (PID: 7864)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 4512)
      • cscript.exe (PID: 5352)
      • cscript.exe (PID: 5476)
      • cscript.exe (PID: 1336)
      • cscript.exe (PID: 1300)
      • cscript.exe (PID: 1352)
      • cscript.exe (PID: 8656)
      • cscript.exe (PID: 8632)
      • cscript.exe (PID: 9148)
      • cscript.exe (PID: 7904)
      • cscript.exe (PID: 7016)
      • cscript.exe (PID: 7432)
      • cscript.exe (PID: 6228)
      • cscript.exe (PID: 6776)
      • cscript.exe (PID: 6168)
      • cscript.exe (PID: 6744)
      • cscript.exe (PID: 6332)
      • cscript.exe (PID: 6200)
      • cscript.exe (PID: 1416)
      • cscript.exe (PID: 5984)

    • Reads CPU info

      • BlueStacksInstaller.exe (PID: 5712)
      • HD-Player.exe (PID: 1828)
      • HD-Player.exe (PID: 7944)
      • HD-Player.exe (PID: 6228)

    • Reads the time zone

      • HD-Player.exe (PID: 1828)
      • HD-Player.exe (PID: 7944)
      • HD-MultiInstanceManager.exe (PID: 6360)
      • HD-Player.exe (PID: 6228)

    • Reads mouse settings

      • HD-Player.exe (PID: 1828)
      • HD-Player.exe (PID: 7944)
      • HD-Player.exe (PID: 6228)

    • Process checks whether UAC notifications are on

      • updater.exe (PID: 4148)
      • updater.exe (PID: 4152)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
681
Monitored processes
308
Malicious processes
31
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs bluestacksinstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_mds1ldm7mtusmtsxnsw0oze1ldu7mtu=.exe bluestacksinstaller.exe hd-checkcpu.exe no specs conhost.exe no specs bluestacksinstaller.exe hd-checkcpu.exe no specs conhost.exe no specs hd-checkcpu.exe no specs conhost.exe no specs bsx-setup-5.22.91.1029_nxt.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe wscript.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs msedge.exe no specs msedge.exe no specs bluestacksinstaller_5.22.91.1029_native_6e4eacf15b7aa9db788eed6a029197ec_mds1ldm7mtusmtsxnsw0oze1ldu7mtu=.exe bootstrapper.exe no specs bluestacksinstaller.exe 7zr.exe conhost.exe no specs bluestacksservicessetup.exe hd-forcegpu.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs hd-glcheck.exe no specs conhost.exe no specs hd-glcheck.exe no specs conhost.exe no specs hd-glcheck.exe no specs conhost.exe no specs hd-glcheck.exe no specs conhost.exe no specs hd-glcheck.exe no specs conhost.exe no specs msedge.exe no specs hd-glcheck.exe no specs conhost.exe no specs hd-checkcpu.exe no specs conhost.exe no specs 7zr.exe conhost.exe no specs bluestacksservices.exe bluestacksservices.exe no specs cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs bluestacksservices.exe cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs bluestacksservices.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs cscript.exe no specs cscript.exe no specs cscript.exe no specs tasklist.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs cscript.exe no specs cscript.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs msedge.exe no specs cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs 7zr.exe no specs conhost.exe no specs 7zr.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs hd-glcheck.exe no specs conhost.exe no specs hd-glcheck.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs hd-glcheck.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs hd-checkcpu.exe no specs conhost.exe no specs hd-comregistrar.exe no specs msedge.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs hd-comregistrar.exe no specs bstksvc.exe no specs bstkvmmgr.exe no specs conhost.exe no specs bstksvc.exe no specs cmd.exe no specs bluestackshelper.exe cmd.exe no specs conhost.exe no specs conhost.exe no specs hd-player.exe tasklist.exe no specs tasklist.exe no specs schtasks.exe no specs conhost.exe no specs bstksvc.exe no specs ffmpeg.exe no specs conhost.exe no specs ffmpeg.exe no specs conhost.exe no specs ffmpeg.exe no specs conhost.exe no specs ffmpeg.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs hd-logcollector.exe reg.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs hd-glcheck.exe no specs conhost.exe no specs hd-hvutl.exe no specs systeminfo.exe no specs conhost.exe no specs hd-player.exe tiworker.exe no specs bstksvc.exe no specs ffmpeg.exe no specs conhost.exe no specs ffmpeg.exe no specs conhost.exe no specs ffmpeg.exe no specs conhost.exe no specs ffmpeg.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs msedge.exe no specs shutdown.exe no specs conhost.exe no specs plugscheduler.exe no specs updater.exe no specs updater.exe no specs bluestacksservices.exe bluestacksservices.exe no specs cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs bluestacksservices.exe hd-multiinstancemanager.exe bluestacksservices.exe no specs cmd.exe no specs cmd.exe no specs cscript.exe no specs cscript.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs cscript.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs bstksvc.exe no specs tasklist.exe no specs tasklist.exe no specs hd-glcheck.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs hd-player.exe ffmpeg.exe no specs conhost.exe no specs ffmpeg.exe no specs conhost.exe no specs ffmpeg.exe no specs conhost.exe no specs ffmpeg.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs cscript.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs shutdown.exe no specs conhost.exe no specs plugscheduler.exe no specs updater.exe no specs updater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
432C:\WINDOWS\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""C:\Windows\System32\cmd.exeBlueStacksServices.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
432tasklist /FI "IMAGENAME eq HD-Player.exe"C:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
516\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
592"C:\ProgramData\BlueStacksServicesSetup.exe" C:\ProgramData\BlueStacksServicesSetup.exe
explorer.exe
User:
admin
Company:
now.gg, Inc.
Integrity Level:
MEDIUM
Exit code:
0
Version:
3.0.9.173
Modules
Images
c:\programdata\bluestacksservicessetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
620C:\WINDOWS\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""C:\Windows\System32\cmd.exeBlueStacksServices.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
852\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
984"C:\WINDOWS\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs" C:\Windows\SysWOW64\wscript.exeBSX-Setup-5.22.91.1029_nxt.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.812.10240.16384
Modules
Images
c:\windows\syswow64\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1068\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeHD-GLCheck.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1136\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeshutdown.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1236C:\WINDOWS\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""C:\Windows\System32\cmd.exeBlueStacksServices.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
Total events
258 045
Read events
257 824
Write events
179
Delete events
42

Modification events

(PID) Process:(6492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\590626
Operation:writeName:WindowTabManagerFileMappingId
Value:
{0711D596-243D-4CE1-AFCA-55A4E6F2EBD2}
(PID) Process:(6492) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
F501FF8DE4982F00
(PID) Process:(6492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\Commands\on-logon-autolaunch
Operation:writeName:Enabled
Value:
0
(PID) Process:(6492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\590626
Operation:writeName:WindowTabManagerFileMappingId
Value:
{855DA7B8-F09C-4123-BE6A-B7342AFB7920}
(PID) Process:(6492) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
3C1D188EE4982F00
(PID) Process:(6492) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
Value:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
Executable files
514
Suspicious files
717
Text files
688
Unknown types
0

Dropped files

PID
Process
Filename
Type
6492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF18d378.TMP
MD5:
SHA256:
6492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
6492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF18d397.TMP
MD5:
SHA256:
6492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF18d3a6.TMP
MD5:
SHA256:
6492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF18d3a6.TMP
MD5:
SHA256:
6492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF18d3b6.TMP
MD5:
SHA256:
6492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
158
DNS requests
106
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6472
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:X4ch8uMZ1s1VqscQOSTX5eJD_oD2Z3Dybbzjs8OnkkM&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
6492
msedge.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
4892
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6492
msedge.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6492
msedge.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA3yJEHnoky8tf6ecFgkLrk%3D
unknown
whitelisted
1268
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7008
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7008
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7696
svchost.exe
HEAD
200
208.89.74.19:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1753166845&P2=404&P3=2&P4=nOZCgWFbDUyOYQ5PNr9y9Ed6AfYNR8LWeCalSUWIwtDQuiZEgjdp%2f6qeEIbnwonRfAGYkqGXWQ5jft9XMK3BVA%3d%3d
unknown
whitelisted
2940
svchost.exe
GET
200
2.23.197.184:80
http://x1.c.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2464
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6472
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6472
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6472
msedge.exe
34.160.86.181:443
cloud.bluestacks.com
GOOGLE
US
whitelisted
6472
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6472
msedge.exe
2.23.227.199:443
copilot.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.238
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
cloud.bluestacks.com
  • 34.160.86.181
whitelisted
copilot.microsoft.com
  • 2.23.227.199
  • 2.23.227.211
whitelisted
ak-build.bluestacks.com
  • 23.50.131.197
  • 23.50.131.201
  • 2.16.168.112
  • 2.16.168.108
whitelisted
update.googleapis.com
  • 142.250.185.67
whitelisted
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
  • 2.16.241.218
  • 2.16.241.201
whitelisted
edgeassetservice.azureedge.net
  • 13.107.253.45
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
1828
HD-Player.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
7944
HD-Player.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
2208
svchost.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
6228
HD-Player.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
Process
Message
BSX-Setup-5.22.91.1029_nxt.exe
C:\Program Files (x86)
BSX-Setup-5.22.91.1029_nxt.exe
closebtn
BSX-Setup-5.22.91.1029_nxt.exe
CustomInstall
BSX-Setup-5.22.91.1029_nxt.exe
btnSelectDir
BSX-Setup-5.22.91.1029_nxt.exe
DirText
BSX-Setup-5.22.91.1029_nxt.exe
BtnOneClick
BSX-Setup-5.22.91.1029_nxt.exe
BtnInstallFinished
BSX-Setup-5.22.91.1029_nxt.exe
C:\Program Files (x86)
BSX-Setup-5.22.91.1029_nxt.exe
showInstallPage
BSX-Setup-5.22.91.1029_nxt.exe
0%
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://cloud.bluestacks.com/api/getdownloadnow?platform=win&win_version=10&mac_version=&client_uuid=9b8e7ded-34f8-4b57-9def-f0c3e751f024&app_pkg=&platform_cloud=%257B%2522description%2522%253A%2522Firefox%2520140.0%2520on%2520Windows%252010%252064-bit%2522%252C%2522layout%2522%253A%2522Gecko%2522%252C%2522manufacturer%2522%253Anull%252C%2522name%2522%253A%2522Firefox%2522%252C%2522prerelease%2522%253Anull%252C%2522product%2522%253Anull%252C%2522ua%2522%253A%2522Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A140.0)%2520Gecko%252F20100101%2520Firefox%252F140.0%2522%252C%2522version%2522%253A%2522140.0%2522%252C%2522os%2522%253A%257B%2522architecture%2522%253A64%252C%2522family%2522%253A%2522Windows%2522%252C%2522version%2522%253A%252210%2522%257D%257D&preferred_lang=en&utm_source=&utm_medium=&gaCookie=&gclid=&clickid=&msclkid=&affiliateId=&offerId=&transaction_id=&aff_sub=&first_landing_page=&referrer=&download_page_referrer=https%3A%2F%2Fwww.bluestacks.com%2F&utm_campaign=homepage-dl-button-en&user_id=experiment_variant&exit_utm_campaign=bsx-install-button-home-en&incompatible=false&bluestacks_version=bs5&device_memory=undefined&device_cpu_cores=4&extra_data=%7B%22campainId%22%3A%226822fab72359dd001a885bf8%22%2C%22deviceDetails%22%3A%22windows%22%2C%22renderer%22%3A%22ANGLE%20(Intel%2C%20Intel(R)%20HD%20Graphics%20400%20Direct3D11%20vs_5_0%20ps_5_0)%2C%20or%20similar%22%7D