Analysis
-
max time kernel
1799s -
max time network
1756s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
30-05-2024 12:39
Static task
static1
Behavioral task
behavioral1
Sample
Opengl32.dll
Resource
win11-20240508-en
General
-
Target
Opengl32.dll
-
Size
4.0MB
-
MD5
630c7f2d200c659991ea1a7763b11887
-
SHA1
0583504cb0253e3f372b7fa95db2647e56e5a171
-
SHA256
fedd3ec33986d3d13386e3528a583bd1e071d622781419d55aadb21af7be860b
-
SHA512
2ec14549ac10d3969e004fc15dce138288364c8316defdea1e2a2d668347c41963b6481127d89746922677627b4a05814ffb899fb3ca7de100a9404f9515c964
-
SSDEEP
49152:wXebgHvKE1c0Sa/0UvqBC2zM3rH83yL1fElvTAejzfM4dZkW6PC2JqmByer3nnzg:/2NvdhLlg1/ko+BVg
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 8 IoCs
pid Process 9060 netsh.exe 6956 netsh.exe 7356 netsh.exe 8336 netsh.exe 1408 netsh.exe 8792 netsh.exe 8872 netsh.exe 9108 netsh.exe -
Executes dropped EXE 34 IoCs
pid Process 3136 BlueStacksInstaller_5.21.206.1006_native_06b66a5b2de093109f66c0225981074a_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe 3292 BlueStacksInstaller.exe 2128 HD-CheckCpu.exe 3032 HD-CheckCpu.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4556 Extreme Injector v3.exe 7256 BlueStacksInstaller_5.21.206.1006_native_06b66a5b2de093109f66c0225981074a_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe 8084 Bootstrapper.exe 5888 BlueStacksInstaller.exe 5808 7zr.exe 6044 7zr.exe 6436 HD-ForceGPU.exe 6248 BlueStacksServicesSetup.exe 2052 HD-GLCheck.exe 6668 HD-GLCheck.exe 6424 HD-GLCheck.exe 7212 HD-GLCheck.exe 1012 HD-GLCheck.exe 5100 HD-GLCheck.exe 5124 HD-CheckCpu.exe 4196 7zr.exe 5272 HD-GLCheck.exe 5656 HD-GLCheck.exe 1304 HD-GLCheck.exe 7684 7zr.exe 7268 BlueStacksServices.exe 5972 BlueStacksServices.exe 7992 BlueStacksServices.exe 6512 BlueStacksServices.exe 844 7zr.exe 5496 7zr.exe 2592 HD-CheckCpu.exe 5644 7zr.exe 7468 BlueStacksServices.exe -
Loads dropped DLL 64 IoCs
pid Process 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden" BlueStacksServices.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 204 raw.githubusercontent.com 221 raw.githubusercontent.com -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\system32\storage.json BlueStacksServices.exe File opened for modification C:\Windows\system32\storage.json BlueStacksServices.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Setting_hover.svg BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\translations\qt_lv.qm BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\iconengines\qsvgicon.dll BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files\BlueStacks_nxt\Assets\installer_flash_background.jpg 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\msvcp140_2.dll 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\private 7zr.exe File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\et.pak 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\settings\Icon_Back_Default.svg BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\translations\qt_uk.qm BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\www\images\nxt-noNetwork.svg BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\Qt5Multimedia.dll BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libcolorthres_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\audio_filter BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\account\Default_img.svg BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\LocalAPK\icon_upload_disabled.svg BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\language\tr.qm BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libmagnify_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libmotiondetect_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\HD-DataManager.exe 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\mediaservice\wmfengine.dll 7zr.exe File created C:\Program Files (x86)\BlueStacks X\cef\locales\en-GB.pak BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\SideBar\add_pressed.svg BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\www\js\index_cef.js BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\aws\aws-c-common.dll BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\Microsoft.WindowsAPICodePack.dll 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\Search\loading.svg BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\MyGame.svg BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\codec\libvorbis_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\misc\liblogger_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\Search\loading.svg BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\www\js\localize_cef.js BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\CloudMode BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\platforms BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\account\frame.svg BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\MyGames\no_game_image.png BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\www\js BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Shapes\qmldir 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libblend_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files\BlueStacks_nxt\Assets\installer_logo.png 7zr.exe File created C:\Program Files\BlueStacks_nxt\HD-ComRegistrar.exe 7zr.exe File created C:\Program Files\BlueStacks_nxt\Qt5QmlModels.dll 7zr.exe File created C:\Program Files (x86)\BlueStacks X\cef\locales\ca.pak BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\account\Choose_img6.png BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Setting_on.svg BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\access\libfilesystem_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nb.pak 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\Search\mini_cloud.svg BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\Tutorial\PremiumGames\Icon_title.svg BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files\BlueStacks_nxt\HD-Apn.dll 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\services_discovery BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\es.pak BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\imageformats\qicns.dll BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bg.pak 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_output\libvdummy_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files\BlueStacks_nxt\Qt5Xml.dll 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\wallet\topbar_icon.svg BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\imageformats\qjpeg.dll BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\access\libhttp_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\librv32_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\SideBar\add.svg BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\es-419.pak BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libsimple_channel_mixer_plugin.dll BSX-Setup-5.21.206.1006_nxt.exe File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nb.pak 7zr.exe File created C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorBack_Disable.svg BSX-Setup-5.21.206.1006_nxt.exe -
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 7440 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 BlueStacksInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString BlueStacksInstaller.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe -
Enumerates processes with tasklist 1 TTPs 64 IoCs
pid Process 8112 tasklist.exe 1904 Process not Found 6780 Process not Found 3728 Process not Found 7584 tasklist.exe 8756 tasklist.exe 4520 Process not Found 2912 tasklist.exe 7820 tasklist.exe 7600 tasklist.exe 680 tasklist.exe 5604 tasklist.exe 3748 tasklist.exe 768 tasklist.exe 6164 tasklist.exe 6480 tasklist.exe 7012 tasklist.exe 9140 tasklist.exe 920 tasklist.exe 3380 tasklist.exe 1476 tasklist.exe 1396 tasklist.exe 7432 tasklist.exe 1480 tasklist.exe 4360 tasklist.exe 2312 Process not Found 7752 Process not Found 9156 Process not Found 7876 tasklist.exe 3848 tasklist.exe 5528 tasklist.exe 9012 tasklist.exe 6340 Process not Found 5060 Process not Found 8220 Process not Found 7620 tasklist.exe 6160 tasklist.exe 7552 Process not Found 2188 Process not Found 6084 Process not Found 5288 tasklist.exe 7420 tasklist.exe 6576 tasklist.exe 2228 Process not Found 7440 tasklist.exe 7292 tasklist.exe 7872 tasklist.exe 4552 Process not Found 3780 Process not Found 2380 Process not Found 484 Process not Found 7056 tasklist.exe 7212 tasklist.exe 7900 tasklist.exe 5100 Process not Found 5672 tasklist.exe 5188 Process not Found 2740 Process not Found 1008 tasklist.exe 1172 tasklist.exe 7328 tasklist.exe 5804 Process not Found 9176 tasklist.exe 5992 Process not Found -
Enumerates system info in registry 2 TTPs 12 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615467212513977" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "4" Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000000000001000000ffffffff Extreme Injector v3.exe Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\4\NodeSlot = "6" Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\FFlags = "1092616257" Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a00000002e37a3569cced2119f0e006097c686f60700000028000000e0859ff2f94f6810ab9108002b27b3d902000000a00000002e37a3569cced2119f0e006097c686f602000000780000002e37a3569cced2119f0e006097c686f60400000088000000 Extreme Injector v3.exe Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\IconSize = "16" Extreme Injector v3.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\ BSX-Setup-5.21.206.1006_nxt.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\4\MRUListEx = ffffffff Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1" Extreme Injector v3.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\NodeSlot = "5" Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\Mode = "4" Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 Extreme Injector v3.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\ BSX-Setup-5.21.206.1006_nxt.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 050000000400000003000000020000000000000001000000ffffffff Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3" Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96" Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0" Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByKey:PID = "0" Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0" Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0400000003000000020000000000000001000000ffffffff Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\bstsrvs\shell\open BlueStacksServices.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78} Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1" Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 Extreme Injector v3.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol BSX-Setup-5.21.206.1006_nxt.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell Extreme Injector v3.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257" Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\bstsrvs\shell\open\command BlueStacksServices.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\bstsrvs\shell BlueStacksServices.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{8EC7FA22-70A0-40A8-8AB3-0BEF51CB1024} chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" Extreme Injector v3.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239} Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\5\MRUListEx = ffffffff Extreme Injector v3.exe Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\bstsrvs\ = "URL:bstsrvs" BlueStacksServices.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff Extreme Injector v3.exe Set value (data) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3 = 14002e80d43aad2469a5304598e1ab02f9417aa80000 Extreme Injector v3.exe Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Music" Extreme Injector v3.exe -
NTFS ADS 3 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\BlueStacksInstaller_5.21.206.1006_native_06b66a5b2de093109f66c0225981074a_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\Extreme Injector v3.exe:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\Opengl32.dll:Zone.Identifier chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3040 rundll32.exe 3040 rundll32.exe 3500 chrome.exe 3500 chrome.exe 3292 BlueStacksInstaller.exe 3292 BlueStacksInstaller.exe 3292 BlueStacksInstaller.exe 3292 BlueStacksInstaller.exe 3292 BlueStacksInstaller.exe 3292 BlueStacksInstaller.exe 3292 BlueStacksInstaller.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 4200 BSX-Setup-5.21.206.1006_nxt.exe 5576 chrome.exe 5576 chrome.exe 4556 Extreme Injector v3.exe 4556 Extreme Injector v3.exe 4556 Extreme Injector v3.exe 4556 Extreme Injector v3.exe 8084 Bootstrapper.exe 8084 Bootstrapper.exe 8084 Bootstrapper.exe 8084 Bootstrapper.exe 8084 Bootstrapper.exe 8084 Bootstrapper.exe 8084 Bootstrapper.exe 8084 Bootstrapper.exe 5888 BlueStacksInstaller.exe 5888 BlueStacksInstaller.exe 5888 BlueStacksInstaller.exe 5888 BlueStacksInstaller.exe 5888 BlueStacksInstaller.exe 5888 BlueStacksInstaller.exe 5888 BlueStacksInstaller.exe 6248 BlueStacksServicesSetup.exe 6248 BlueStacksServicesSetup.exe 3444 tasklist.exe 3444 tasklist.exe 2308 chrome.exe 2308 chrome.exe 7468 BlueStacksServices.exe 7468 BlueStacksServices.exe 1664 chrome.exe 1664 chrome.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 4556 Extreme Injector v3.exe 2184 taskmgr.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 652 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe Token: SeShutdownPrivilege 3500 chrome.exe Token: SeCreatePagefilePrivilege 3500 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 3500 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 5576 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2308 chrome.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe 2184 taskmgr.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4556 Extreme Injector v3.exe 1012 HD-GLCheck.exe 5656 HD-GLCheck.exe 4556 Extreme Injector v3.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3500 wrote to memory of 1664 3500 chrome.exe 94 PID 3500 wrote to memory of 1664 3500 chrome.exe 94 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 1260 3500 chrome.exe 95 PID 3500 wrote to memory of 844 3500 chrome.exe 96 PID 3500 wrote to memory of 844 3500 chrome.exe 96 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97 PID 3500 wrote to memory of 3604 3500 chrome.exe 97
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Opengl32.dll,#11⤵
- Suspicious behavior: EnumeratesProcesses
PID:3040
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4860
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb72d1ab58,0x7ffb72d1ab68,0x7ffb72d1ab782⤵
- Suspicious behavior: EnumeratesProcesses
PID:1664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:22⤵PID:1260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:3604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:12⤵PID:1588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:12⤵PID:4620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:12⤵PID:4012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:2996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:1148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:4028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4304 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:4928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:2712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4796 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:12⤵PID:1088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4784 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:12⤵PID:2996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3356 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:12⤵PID:1252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4664 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:12⤵PID:848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3252 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:12⤵PID:1876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5104 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:12⤵PID:808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2536 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:2564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵
- Modifies registry class
PID:3740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:3768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5484 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:3608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5504 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:2640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵
- NTFS ADS
PID:2404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5684 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:4076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 --field-trial-handle=1840,i,10924606061545706808,6258723391390845447,131072 /prefetch:82⤵PID:4808
-
-
C:\Users\Admin\Downloads\BlueStacksInstaller_5.21.206.1006_native_06b66a5b2de093109f66c0225981074a_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"C:\Users\Admin\Downloads\BlueStacksInstaller_5.21.206.1006_native_06b66a5b2de093109f66c0225981074a_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"2⤵
- Executes dropped EXE
PID:3136 -
C:\Users\Admin\AppData\Local\Temp\7zS04C95069\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zS04C95069\BlueStacksInstaller.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3292 -
C:\Users\Admin\AppData\Local\Temp\7zS04C95069\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS04C95069\HD-CheckCpu.exe" --cmd checkHypervEnabled4⤵
- Executes dropped EXE
PID:2128
-
-
C:\Users\Admin\AppData\Local\Temp\7zS04C95069\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS04C95069\HD-CheckCpu.exe" --cmd checkSSE44⤵
- Executes dropped EXE
PID:3032
-
-
C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.206.1006_nxt.exe"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.206.1006_nxt.exe" -s4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4200 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"5⤵PID:8608
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c green.bat6⤵PID:8732
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="BlueStacksWeb"7⤵
- Modifies Windows Firewall
PID:8792
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="Cloud Game"7⤵
- Modifies Windows Firewall
PID:8872
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"7⤵
- Modifies Windows Firewall
PID:9108
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"7⤵
- Modifies Windows Firewall
PID:9060
-
-
-
-
-
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.21.206.1006_native_06b66a5b2de093109f66c0225981074a_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.21.206.1006_native_06b66a5b2de093109f66c0225981074a_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -versionMachineID=a2fe08dc-68a2-4b98-87f3-efc7fd04894b -machineID=4f5ceff1-0acb-4c87-9543-e5f03a4de18e -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.41.206.1001 -country=US -isWalletFeatureEnabled4⤵
- Executes dropped EXE
PID:7256 -
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\Bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\Bootstrapper.exe" -versionMachineID=a2fe08dc-68a2-4b98-87f3-efc7fd04894b -machineID=4f5ceff1-0acb-4c87-9543-e5f03a4de18e -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.41.206.1001 -country=US -isWalletFeatureEnabled5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:8084 -
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\BlueStacksInstaller.exe" -versionMachineID="a2fe08dc-68a2-4b98-87f3-efc7fd04894b" -machineID="4f5ceff1-0acb-4c87-9543-e5f03a4de18e" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bs5" -bsxVersion="10.41.206.1001" -country="US" -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.21.206.1006_native_06b66a5b2de093109f66c0225981074a_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -md5=06b66a5b2de093109f66c0225981074a -app64=6⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5888 -
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\" -aoa7⤵
- Executes dropped EXE
PID:5808
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\" -aoa7⤵
- Executes dropped EXE
PID:6044
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-ForceGPU.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"7⤵
- Executes dropped EXE
PID:6436
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe" 1 27⤵
- Executes dropped EXE
PID:2052
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe" 4 27⤵
- Executes dropped EXE
PID:6668
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe" 2 27⤵
- Executes dropped EXE
PID:6424
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe" 1 17⤵
- Executes dropped EXE
PID:7212
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe" 4 17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe" 2 17⤵
- Executes dropped EXE
PID:5100
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-CheckCpu.exe" --cmd checkSSE47⤵
- Executes dropped EXE
PID:5124
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa7⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4196
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\\HD-GLCheck.exe" 27⤵
- Executes dropped EXE
PID:5272
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\\HD-GLCheck.exe" 37⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5656
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\\HD-GLCheck.exe" 17⤵
- Executes dropped EXE
PID:1304
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa7⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:7684
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa7⤵
- Executes dropped EXE
PID:844
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe" x "C:\ProgramData\Pie64_5.21.206.1006.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa7⤵
- Executes dropped EXE
PID:5496
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"7⤵
- Modifies Windows Firewall
PID:6956
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes7⤵
- Modifies Windows Firewall
PID:7356
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"7⤵
- Modifies Windows Firewall
PID:8336
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes7⤵
- Modifies Windows Firewall
PID:1408
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\HD-CheckCpu.exe" --cmd checkSSE37⤵
- Executes dropped EXE
PID:2592
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"7⤵PID:9140
-
C:\Windows\system32\sc.exesc.exe delete BlueStacksDrv_nxt8⤵
- Launches sc.exe
PID:7440
-
-
-
C:\Windows\SYSTEM32\reg.exe"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\qsy25qe3.iyw\RegHKLM.txt"7⤵PID:7340
-
-
C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS85C1EAAA\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\qsy25qe3.iyw\*"7⤵
- Executes dropped EXE
PID:5644
-
-
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1932
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5576 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb72d1ab58,0x7ffb72d1ab68,0x7ffb72d1ab782⤵PID:5588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:22⤵PID:5040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:2344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:7188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:12⤵PID:7180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:12⤵PID:7208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4172 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:12⤵PID:2804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4324 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:7192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:7676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:6908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:4592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4472 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:12⤵PID:8220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3548 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:12⤵PID:8916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2852 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:12⤵PID:4832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4904 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:12⤵PID:6168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:6460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2344 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:12⤵PID:6660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4816 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:12⤵PID:6768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2940 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:12⤵PID:6812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5552 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:2004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2576 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:4944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵
- NTFS ADS
PID:7556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:1388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5056 --field-trial-handle=1944,i,3796428382437334830,14342464425484644732,131072 /prefetch:82⤵PID:7116
-
-
C:\Users\Admin\Downloads\Extreme Injector v3.exe"C:\Users\Admin\Downloads\Extreme Injector v3.exe"2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4556
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:7224
-
C:\ProgramData\BlueStacksServicesSetup.exe"C:\ProgramData\BlueStacksServicesSetup.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:6248 -
C:\Windows\SysWOW64\cmd.execmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"2⤵PID:6756
-
C:\Windows\SysWOW64\tasklist.exetasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3444
-
-
C:\Windows\SysWOW64\find.exefind "BlueStacksServices.exe"3⤵PID:2312
-
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
PID:7268 -
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1680,i,10420504207939223201,2516584438162389337,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Executes dropped EXE
PID:5972
-
-
C:\Windows\system32\cscript.execscript.exe2⤵PID:2416
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1968 --field-trial-handle=1680,i,10420504207939223201,2516584438162389337,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵
- Executes dropped EXE
PID:7992
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices2⤵PID:5916
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices2⤵PID:6048
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A2⤵PID:8264
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A2⤵PID:4388
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"2⤵PID:6196
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2600 --field-trial-handle=1680,i,10420504207939223201,2516584438162389337,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Executes dropped EXE
PID:6512
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5424
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7388
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6816
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7432
-
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"2⤵PID:3240
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt2⤵PID:2180
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5456
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7828
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2064
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7844
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3372
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6936
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6844
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7004
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4724
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5380
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4288
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6276
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8272
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1048
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5356
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3240
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2744
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4660
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7852
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7692
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4780
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:1976
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1016
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3796
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5456
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6532
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6564
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6468
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7900
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6488
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8132
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8988
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5912
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8200
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6040
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8352
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8476
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8664
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:9212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9192
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6220
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6396
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6360
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1544
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7528
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2824
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6920
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8532
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3792
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9108
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5308
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8344
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6920
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7096
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8428
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5604
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6252
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6604
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6416
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2160
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2180
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2828
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8520
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2220
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5908
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6740
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2336
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6624
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8460
-
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2440 --field-trial-handle=1680,i,10420504207939223201,2516584438162389337,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:7468
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7408
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8416
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7524
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9140
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5720
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5824
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7400
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7892
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6028
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8720
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3924
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6008
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4276
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2740
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4268
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4360
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5976
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8236
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7620
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7956
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:920
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6076
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5136
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6468
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7624
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8640
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8284
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8292
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2864
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8452
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2248
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6904
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5340
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:392
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8840
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6600
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5288
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2068
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6412
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5152
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5500
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3396
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7072
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4676
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9044
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5596
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5860
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7416
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:3848
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1112
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6396
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8604
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7440
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6316
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8564
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7108
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3224
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7704
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6432
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6340
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7560
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5692
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2884
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5216
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6980
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7884
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5144
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6400
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2828
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8428
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:684
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6932
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8580
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:2912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8104
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3412
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7380
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1144
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3040
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8032
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7776
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5424
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7800
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4572
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7432
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6936
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6552
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3928
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8700
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8444
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8484
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4316
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5228
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5744
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7504
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2416
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5244
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4000
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7524
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4632
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4652
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4208
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5720
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7036
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5936
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7316
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2008
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7744
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6696
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8436
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4048
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5084
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4360
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7692
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:9152
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2680
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6920
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6892
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8324
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:724
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6060
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:9128
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8672
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2228
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7768
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8640
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7284
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9012
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8932
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6376
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:440
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6460
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:9136
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8840
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9088
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8920
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6380
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8584
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:1744
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:976
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7048
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6488
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4992
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5376
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9176
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4676
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6072
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5860
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3884
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7416
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6360
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2264
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8612
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5952
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6300
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7968
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8812
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2224
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9040
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7876
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2156
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6472
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5260
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4420
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1956
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5240
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3360
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4884
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7056
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6384
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6888
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2300
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5140
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6932
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2808
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2032
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3412
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8136
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:3380
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3040
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8816
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7256
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5004
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7204
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4004
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8244
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8696
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7084
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6836
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8508
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5944
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8804
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3344
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8400
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3604
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5508
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8772
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7152
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7524
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3240
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2016
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5856
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7428
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:924
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7200
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8536
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8420
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2100
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8396
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6248
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6680
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3004
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5188
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4268
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9152
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7820
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6040
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6480
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7360
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7584
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4232
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7236
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6720
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2228
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7640
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5304
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8556
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9144
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5180
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1884
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2248
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2656
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1484
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2716
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5712
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8760
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:1008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7148
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6380
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3348
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:1840
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5484
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6644
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4512
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4592
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1672
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2836
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:1184
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9168
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3396
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6656
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3076
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5560
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3420
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2096
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5584
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7232
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8796
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8148
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8716
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8564
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6844
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5400
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2004
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7876
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8592
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1492
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4352
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5192
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8764
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:444
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7152
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6840
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7716
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7944
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8284
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2812
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9132
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:9204
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8920
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7436
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7676
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1840
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2560
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:6576
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2592
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6516
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3848
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8224
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5352
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5324
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9048
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6300
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9164
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6764
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6784
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7580
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5312
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4296
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:928
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2004
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5108
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7796
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6732
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2624
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1956
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8900
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5192
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6648
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8144
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8160
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6704
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6184
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1560
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4864
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3404
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8832
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:384
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:560
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8392
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8788
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7208
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5656
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8696
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7572
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6324
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4760
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5224
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6208
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4804
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1356
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5764
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:1476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8288
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8108
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8344
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6772
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6680
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6508
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5808
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8532
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:1536
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7356
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5572
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7764
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5328
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7540
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7360
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7336
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7392
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7912
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6076
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1500
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7804
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4088
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6684
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2020
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8260
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7836
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2492
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8740
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9012
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4040
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3196
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4984
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6268
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5544
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6156
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5564
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1796
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5296
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6308
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8584
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8492
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7492
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5924
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3016
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1716
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4436
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1484
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:980
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7028
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8048
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2836
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4288
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7684
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8628
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2992
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3372
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8184
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2088
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7800
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5528
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5340
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:680
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7224
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6540
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6088
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2188
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5284
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6576
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1540
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6516
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9036
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8200
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4708
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6544
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5992
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7832
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9164
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7292
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6784
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6700
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5312
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5916
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2004
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5496
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4352
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7352
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6804
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5604
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3900
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5388
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8128
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4784
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2804
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6564
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:484
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7776
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7432
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6468
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2312
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4864
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8520
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8832
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8460
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2940
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8788
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2856
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5232
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7176
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7524
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5672
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8892
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5856
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7840
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8208
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:776
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8600
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5784
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5720
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:1872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7200
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:1480
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3004
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:1172
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4048
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8432
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4268
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6020
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7356
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4920
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6136
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8660
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7544
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1388
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8540
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8824
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1800
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5304
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1732
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1364
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6052
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1108
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8320
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6392
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:576
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3744
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8292
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6660
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2520
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6652
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8508
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4160
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7124
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6264
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3444
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6380
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:724
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9072
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1468
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6976
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6276
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3508
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2716
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:1484
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5804
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5364
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5152
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8736
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3896
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6104
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6928
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4180
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4192
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5964
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3968
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2904
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8468
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6480
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4036
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4720
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5320
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4364
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7488
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4272
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8032
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4676
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6516
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1012
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4516
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1904
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5796
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3608
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5644
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7232
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6544
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6284
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9120
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6852
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6700
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5400
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3224
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7876
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5100
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4588
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5980
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2624
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2368
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8632
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8160
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6004
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8876
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2444
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:3748
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:400
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5568
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6232
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2312
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8016
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6100
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:8112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8460
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2072
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6944
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1916
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6936
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5656
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6324
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4208
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7844
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5160
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:768
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1028
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8768
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7020
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5736
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8720
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5156
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:6160
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8044
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5060
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:4360
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1420
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6020
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3644
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4876
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1712
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8660
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:916
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8376
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1404
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7824
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6008
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7392
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2748
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6272
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:8756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6720
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:564
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7252
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7960
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5776
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7708
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8260
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8912
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5180
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4040
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2128
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5956
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7660
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4160
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3076
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:1396
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3124
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8636
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6900
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8732
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9024
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1744
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6416
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1116
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6276
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2308 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb72d1ab58,0x7ffb72d1ab68,0x7ffb72d1ab782⤵PID:1908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:22⤵PID:1688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:6820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1568 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:5420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:2228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:5324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3412 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4272 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:9032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4416 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:1460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4296 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:1740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4340 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:7400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2696 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:8748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3196 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:8472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3968 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4300 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:6960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4792 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4544 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:4512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5012 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4980 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:4672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5312 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:6276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5460 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5484 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:5680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5604 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5764 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:3056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6036 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:4732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6068 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:3212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5136 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6500 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6656 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:3360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6664 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:8900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6932 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7076 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6184 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5880 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7508 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:4600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7268 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:5548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6180 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:6532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6324 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:6056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8368 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:4664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8888 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:8380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9088 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:8344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7776 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:4884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8776 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:3636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9320 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9488 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:6288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9480 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:5980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9840 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵
- NTFS ADS
PID:5604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8160 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:2368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9872 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10040 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:6296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10196 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:6168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10208 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:6840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9220 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:1568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6476 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:2516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9100 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6452 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6436 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:4832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6408 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6480 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6444 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6392 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10556 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10572 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10584 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10612 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10620 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:6968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=10636 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10652 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=10680 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=10700 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:5032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=10716 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:2780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=10728 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:3888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=10764 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9880 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:82⤵PID:7000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=12056 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:7884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=9816 --field-trial-handle=1784,i,12748355815498783709,10478152960153136241,131072 /prefetch:12⤵PID:8764
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5220
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004881⤵PID:8944
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}1⤵PID:4236
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:7116
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:2184
-
C:\Windows\System32\de62tr.exe"C:\Windows\System32\de62tr.exe"1⤵PID:8300
-
C:\Windows\System32\de62tr.exe"C:\Windows\System32\de62tr.exe"1⤵PID:5856
-
C:\Windows\System32\de62tr.exe"C:\Windows\System32\de62tr.exe"1⤵PID:7844
-
C:\Windows\System32\de62tr.exe"C:\Windows\System32\de62tr.exe"1⤵PID:7452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=de62tr.exe de62tr.exe"1⤵
- Enumerates system info in registry
PID:1040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb84d93cb8,0x7ffb84d93cc8,0x7ffb84d93cd82⤵PID:5184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:22⤵PID:6464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:32⤵PID:8180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:82⤵PID:5140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:8076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4112 /prefetch:82⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3896 /prefetch:82⤵PID:6624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:8220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:82⤵PID:7016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵PID:7200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:9152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:8824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:8988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:8292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:9144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:8156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14734455015511099387,5619241298623672177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:5612
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5880
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5976
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Modify Registry
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
477KB
MD53e87b8d3d4bb1f46ad53ded8a0f80394
SHA1d39ab0c3ad977c5e8d062430182ee5f553bd8ab5
SHA2563bf06249f29891e55512fb81e8cf628d143729d095042a9c38987f3a3170f80f
SHA512e420039536de388702e08d7e4bc7f969931c80ce5bc3c7b7553ead80b3dcde10e810262dadc7fa85e785611c1ec0a7723bdd1ce26436ef62a5f53b1734793215
-
Filesize
569B
MD5e7fdf6a9c8cae1fc1108dc5a803a1905
SHA12853f9ff5e63685ebb1449dcf693176b17e4ab60
SHA2568ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e
SHA512a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9
-
Filesize
653B
MD576166804e6ce35e8a0c92917b8abc071
SHA18bd38726a11a9633ac937b9c6f205ce5d36348b0
SHA2561bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90
SHA51293c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005
-
Filesize
569B
MD53221ac69d7facd8aa90ffa15aea991b0
SHA1e0571f30f4708ec78addc726a743679ca0f05e45
SHA25692aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537
SHA5125e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328
-
Filesize
653B
MD5dfddf8d0788988c3e48fcbfb2a76cd20
SHA1463bb61f0012289e860c32f1885a3a8f57467f2e
SHA2569585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d
SHA512e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca
-
Filesize
812KB
MD5fbaba140f30a11e5ff4f97d921de6d45
SHA1d12360b79d9fe7ddc5380a22539dc7d4768ff5f3
SHA2564889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16
SHA512cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5
-
Filesize
538B
MD5ce144d2aab3bf213af693d4e18f87a59
SHA1df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa
SHA256d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3
SHA5120f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe
-
Filesize
412B
MD5ea22933e94c7ab813b639627f2b38286
SHA1c5358c5cb7fb1a0744c775f8148c2376928fb509
SHA256d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20
SHA512ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964
-
Filesize
15KB
MD56db7460b73a6641c7621d0a6203a0a90
SHA1d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3
SHA256d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd
SHA512a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852
-
Filesize
15KB
MD55ceab43aa527bc146f9453a1586ddf03
SHA188ffb3cadccb54d4be3aabf31cf4d64210b5f553
SHA2567c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0
SHA5128a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e
-
Filesize
9KB
MD57a2e5c21140aa8269c2aafd207f5dbaa
SHA14e0d9e7e1b09e67eba10100d73dc51623517821e
SHA2563d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35
SHA51263f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde
-
Filesize
176B
MD562d7f14c26608f8392537d68f43dece1
SHA1add4f30e7c3af4f7622e6bc55d960db612f3bb0a
SHA256a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d
SHA512e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4
-
Filesize
392B
MD5ca0a329097316832e4a6ea5d870c9268
SHA14a36b93361d3dc9df9b00313f2c2b394be9e1e72
SHA2564b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2
SHA51251f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271
-
Filesize
169KB
MD557576ba4f76189d704b68ab21583cfe9
SHA1834fc69f89a55731dace7c03ff2f81c08dec1ad2
SHA2568fbba4e524ea8f482a2fc249902e82fd0c988a6fab6fdd687ca35c00dc11bb6a
SHA5124975020da7307c8e3debad790b4a534fcb24ce5aa53d1add37bfe553b25024bacb5d2fef4a8d267c31191356b71364c1a67dac0e6995c4efa7e1d257ab9ac2a0
-
Filesize
223KB
MD5b225257a1a9e0db8c43e6f223aff3e05
SHA12020e10c83bcc26b3f97125315fce5bdb53578dd
SHA256b9af9fabbccfc04919d47da0378d5a6117572219e7e57edef1b85b9fa1832d95
SHA51244644536ea53c84f87475144d511458606cc6922fb769f096b36cc1e816b28663aac193e1c46521c917a18c5081f7ab3df2b30af27620e7b510ad5cd235bc05f
-
Filesize
131KB
MD5169706218f98a42594a8c5c5a65771fe
SHA1b8ded94180212578d86a031eb71ef93dcffe1a26
SHA2563803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697
SHA5121c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448
-
Filesize
10.0MB
MD503205e5952ea7b803839ecfe3bb000d6
SHA174146e76e31fd1e75ae1c34fa8194bc291b34a40
SHA2568364e6c6bf5744357199de0de3f6ba30846ccda70288675b75059e6fd52241f3
SHA512badb8843f9a483329cc4f559f95bd07a8cc1f9383e0e67dddacf74e586541067ca452a7fc28b63dcd28edc434c3be8ddc733dcbad0e06d973dafc99242f0b192
-
Filesize
2.4MB
MD5aed2766cd70116ab1e0c430001a30b8f
SHA1a06c62b35c333412dd61c493d6a6520a8c04537c
SHA2564ed3a10f1bbc40b9a2ce3b8cb6dab6f00fe922d0c0e1c6ab5adfd8617cec9389
SHA512a1ca058b88c1a6839b2e329b08423ee115800864f580f832bbc4f4720f0965984f893d210437951bd79dcfd3b917137b0b2e8f381e50d2a1bc2de37ca5555961
-
Filesize
191KB
MD58615f18dea34c152e8aeb8f4e01fd17b
SHA1032b7bab09943cc5c8a380b0aba29652d5539153
SHA256e7e2cd13fa9fbaa33c537e8eecfd542e4ce4a621bc0b94159ef9e6e4541652a6
SHA5122a68ba854d473883f20e1a26375fa39b689cd39d2e284a963b07f25fa3eb6865ff3d8fea2241af23ffc731b83e20ec5b8147486de0a507e83413f75d71eab248
-
Filesize
250KB
MD5de5e6a97c80d698256369b10255ce45d
SHA18d4b979a8c2ee33c2dbc01ed13a165b455a5fdfc
SHA256669f9d3388438377c440419e5c62973362e33e84a5b247ddd0dd4568da75eb13
SHA5125609ca5053f581e636c0fe10def704f076c7acf5d958e235991fec32a2ddebd72b312f36a6648d2462766d1cb141f3df12d39df1a344e0dfb4a9e2946dcf1206
-
Filesize
420KB
MD52a8ca8692a60fe8d33d51d99c9084a9d
SHA1919d8adacce240fd394d6faf2aa41d2e5b8460ec
SHA25673f0a7c7632313613814b3ccf5962962aff99de940e084e0b609ecbad1ec1d44
SHA512080e56cce041226592e7fa816fe8c5e362a1f172a8c671bda4092ff127f0cbe8238c40d41751099f6bac8f02c71faccc011df270b1c1bb8b772286ab95f5f1ea
-
Filesize
441KB
MD5143ffa8ca3ac0e6dca9a8b3e8ba3f3f5
SHA16186940350b3fdd936f6ce41f3091bbca397e9a2
SHA2563f35466a80f4ca5a5167b2d3a3278e75afd90821206ac98801210a2117c913e2
SHA512a12b5e3ae821e08aa76657cf84bd79def6f8fdb413e908b13944f6c2bc1aa9724193d0a9a0abd5dc0b87e0845d61b021d39024a5048443531dafa19de707944e
-
Filesize
475KB
MD5154217351d415b13dca71e28727902c4
SHA1096a1640b5e83a7b20afdfa7cfe2507b4128e0a5
SHA256da4bb8513745180a0eb26228a315786a6bfb98d6594173491d25cdf9d59c5bcf
SHA512f1676a8b05c00588308c57b2290c00a6d844811e9ad4495ba94d62ae71a8c58d504ccd2697cfbf822fd5c2ce6423f76da8a901b4eae55095dc4b9667d9c2a8eb
-
Filesize
624KB
MD5304432105fbe28b1625f0d7b6be3e7bf
SHA12d5474854bc0bca3f3ead1b9199d76ef533f0850
SHA256ac282f17c5f25b55d368d06b305b89b614949d41c2a1377f1dd5aecb57d1ca8e
SHA5128ab35cf2069f70a3a99dde98a7b7782821000abcefa97eaeb07b8a717d26a7b6c5461d5bcd39110b47db98aad9c56e463ca2707b7e6b71cda1092b8cf3a91ab8
-
Filesize
294KB
MD5a2c61a98fe7407ded9ece126c4c9d057
SHA1c7d64d8bdc2fd9e7f1c62dff79e0e56e13f9cd69
SHA2564d583b753104ae98a1e5858bfe38dfa3195d477128441ca59c882d158d52ebf8
SHA5127522ee10397140b5eb45ec3d5cb32e9212a7d3cae8fbc377b270872aaf6c7077e7b13465f6005a85b5fdd4d2e86b1731c3366ddfb2e4bccae4ae2d1a178e0b1c
-
Filesize
303KB
MD5c0bb82986abc67281d8067e5f20625c7
SHA1e7cc8888dd95d9edf226893f0e4c12e572bf6bf8
SHA256217718dd6d64f45da33db0629e6d56da8084ae0fd8123eafda909e662a5e5b50
SHA51280f4542345cc6e0d3589aeb76e0e5f19a824f2d3186d397c8fb71c1e9d6c056108df7f9a192a6515eb9ee43505b7844c0bf76b77596adcaa3c0ee783dd590ad9
-
Filesize
271KB
MD55eba7377be8e34dd03db766300039ed2
SHA1b3460fa050b93454b9e05586d86d7cf67881f557
SHA25694157ad608b35b29dd176a3106caa4613ed6d4c20268ce00ac4ccf13a9950f94
SHA5127d24210b60fe38b42fc6a4437ffb1e06333b7084025efe462b66e086cdee953254a1d6fec69ab3c8569118156f3a4a957aed5259e1432772ab46cf7905aa4385
-
Filesize
292KB
MD501cc5b8a05a435482dc692baef032d3a
SHA1229a4d1c9aea9111bb46895d096dfcaf488b8d4a
SHA25653d5743a2606d6b553e8dbff871f2f1d3d53666baeb9ecca5b1ed624d48d5835
SHA512082654e8385811d4e0f35544c017704b0f13638f850947d76c9abe093333fdaf9d1d08c184bb8107d16b0eae6ebcbe0c522ed18138dcee30a71d9d75ea8c3488
-
Filesize
522KB
MD526afc001a706679413f5deaa3c6603e4
SHA1c9d780d930775cfc17cf9160712a2e90ca55106e
SHA2564c2a3552e84fdd08852073d25c99727c4270160260d159572715c7d37e5861bc
SHA512743380b99f6d55ad892296e8361b74cf90254403fef15de37c3e5fc302bae2991f5bb4ae21ba84bddc30da3b5b31fb4e741b0c524feede1656bcd2d531d76ea1
-
Filesize
239KB
MD506da37b66f4dbbe8c5ae1bd7e4addc99
SHA1ac190bbb14b76d14143dcc088f460d1be2ba2886
SHA25660f87ec2b06329bdea7f835a61e9893fae147343f133caa2bfa5215797881ee0
SHA512c436359e259c0a1cdc0dea1bb9ecd2bc22fe1124d76b9deac7e8c7751d97d66cbe61739aecef650908ed05363156fa11453490a9c9f23c74c683ac4e8c7c8c3e
-
Filesize
242KB
MD51e958f35257ef1e2e5115d860602a593
SHA1688afb781ce3c4c9a55fee9696145260d2ce1400
SHA2564a65112f4d03cf38abf2ccff5e3fe8e161cb3e47d588b510504007c9bb876b37
SHA512a996e8708f4e92794cf3eb6b7780d9ac8e567b1359aface4fd50d427630e4219678f4cdcd58764123ab6baf12a9c87a08b6ba5767fa8f6042a7319fb45b72a27
-
Filesize
289KB
MD5f21b0783d062082ee46aa573eff68df0
SHA184f62d15eb68858245e56bef0cf317e273918044
SHA256859cb8ad8666e97a47f0e24df4ae85aad80002fbf842b4e68afd0a308d6597fe
SHA512d87e2d51cedba8ba4eba3b0fd390bfb32b25c5cda98a0d6465b5ae351dc745a67ac174c223e7def8b02c9f00729244026e895791add2611680579dfec4b7b07b
-
Filesize
293KB
MD503265b1a7f6a996513067866d55f3bcb
SHA1427eecd7810cf24c8758dc9beae18afc9d8969a0
SHA256516234550bfda93687b28c5cb3b7b5362212bf41b900d790ade52747bcf766da
SHA512d6ace0340666eaffe28f57fb070eb4504460bd47517cf3c0b9c07671a605ec017c4fb45a38fbb96b9c54887dcee639b41ef03b2fd85ed9a666af56dbb73023dc
-
Filesize
261KB
MD573e6f20f0c75a9beb72798167f8c6f91
SHA1d01932a69626d23e8ce9e9bc240f6d99dd155fb4
SHA256ff1b0d50f6f067b291199578b6a7757797bd7fdc6b0ac472c9361076bf9eadaf
SHA51298966566211bba402352607a0622dca7f64ad4c056cec2b40cb70572cd1ce5ed92556490b4399a32ed1c04a14d80a3841fd1a758225120ee416c68e9314316db
-
Filesize
422KB
MD5f913ea1db8c9c99bff701ceeaf8138f3
SHA16bef3ff865b3a95dc1900ba3c94c5bf556c695a1
SHA256b4e0d3f7cb858ce12b5a75a71ef14f2a36494cd4138181b29f6fb3d6bd386c4c
SHA512edca9b945c6dc90586f6d20e73316f620d5fff61f3ad4fd35c7e9064f55b1988cc77d372a97d100cbf572a2906cd193777a18ace98fabadea1604df42c8823a5
-
Filesize
269KB
MD5f55358f58eb17b4bc6abb19592c1aba7
SHA16dc1d99757bc5a447b9761a4a0c90a2be521c6b0
SHA256cf3b9a857c63022d671f4cc335728c270935628f085ac9a17568a2529daeb4c1
SHA512d7cb03ec31a3cd8c7f13e1bae1439fbba3b76636f1f254ba5376c5da82b9a98e93684fc3cab3bbe8a4c892ba42f17c0db1eec1531950e17932aee16007081aab
-
Filesize
301KB
MD5f5257136ed900e1715979c9a96de292d
SHA1217cbe02931f6466bdbdb27c85c876b851610b23
SHA25698a20cd0e9fae36f22de4a4db7b515532b4327e6d475d4e39ae93ea45b76cd90
SHA512c38828d2736ba26ad0bff9976adc9d3910df7a417aad8cf6e3cf6383688a56ad2581cbda520403d44b010562b56d6107211385fc80988ac57e930199415ca654
-
Filesize
318KB
MD575575474726cc8d98def90e0dbddcb0f
SHA13e62e3b73bab73597a01c3ece5871c64b142391f
SHA256d37509844342371b4026b720dc00f77ff88fe2e7c2b27861e3ca66b10e76ca94
SHA51237e8e5cc44ee4433b0206cd1baedb955947d0fdf172e69a28fb7bc09f2a57c4f27fb45c12a0a49753281cb2e2a92792b67d568f3cd4f90c9c87337249d031fc0
-
Filesize
596KB
MD5e245057bea15117bed15bc3ee2911d74
SHA1c8e2d5f85a974fa989c0d0f64121d2836a13bb84
SHA2564ea64678c7c551c2b2088b9417bcc76218822f3213e9b8028d618864035b97a5
SHA512a72a1c259332f279f976403034c9d2356a437a1677c0e20c243f23ac246a8ab65bf150a610867687eef48a0b7c87d23f0e357ef21bb1791386790243803ee70f
-
Filesize
368KB
MD58c02d30c68c4abb4b1a7c2493d8fde51
SHA12cbe2f537d59971296f2180d146d9c2905d2a76f
SHA256e37f0e2516799f320e4ac1a872d0ab7108c4f63d9ad33a17a4008923c7f93e9a
SHA5129155cb07b6a23d7f73bf8f68af44ee3bc1e25c6ca643c2f8d64a808d3f78076e3ee60f68d3be9cfe3a6dcfbbfd4595e58c897cb4f8b92272e8ffb443cdf6f3a6
-
Filesize
618KB
MD561838bdf13a1d60545d15e9cc49866be
SHA164bec7fe42caf53f192b58e4e5b068e56d835cec
SHA2569a399dd9dac62ea30d700f94e83dd79d54827eac8b9cbce0343ad2dc0f4809a1
SHA5127e9e0c3aabebd6f0c221918b6790d096824ee1c5f7338a21ac489952b8260b1e59be423005ce34bd5039cb38fa7c9197cf48b77974ed8f6b7ab2a2472e3daecf
-
Filesize
290KB
MD5a621446d9e94b0d47935bf3310c385b5
SHA15cb954846bd2a2c477cb28b99545cd9bc0fbe990
SHA25693f7fbaf2c7e5f52187fc4a2b5726387e84decebd1efd8b922665bb831e5b842
SHA51280c5ddea81bf8d1721a2c6cf094cb2c99a10a9aa443193bb2942360de9783da75292eaa341711700281626cc0c8a8f9dc071bd8bb589444f764ea307c4b9de37
-
Filesize
312KB
MD53c70ba470c8503cae9407540d070f506
SHA10b841228d28e8605c37df79f1a3714402d2b18df
SHA2560770854f32f041df5ee0190164aa24a1ad06e199c79efd46f3ab65e12129023e
SHA512ded69524127431d1b6a68bcf85119079a57d3aae5c5be7fd8f215090ecc74570b899e8ec70d6cf74da49833d903f8ec2cbb06738a1c917efc5e19a44167183c1
-
Filesize
259KB
MD5fc2cd7f4af1976579f6b0eae3ab2d874
SHA1c4e434b9d0d95a505947c97d396b05c9a18f3983
SHA25648b670c94216623a0c81ad611cc3b47a47dc9368215e065fd02448b4ebf808ef
SHA5129e355bcfcc31535755233cdd7a521b0bc68f897d85a22da658e3fe5bfa388ce8d8dfa7c01087ea04cd268d44d43862c5acf5b305e45b4572dcb25884e45a4535
-
Filesize
285KB
MD556c13472d7efdb4466d5189af2d06ce6
SHA184025c148e10e1885125893dd286d0f9e751e101
SHA2567114d3e0c7de30f25c789a1dcc7c50e85985b8ff35afce4600128e85318b4af4
SHA512fa9b17d387585a281ef1582b8596cb61dc79658bf3b121f6fb6355bd6584c517d938e21d1a0b1be6491c01e5c15c2da666d9f77000a12a2da137c040046957f8
-
Filesize
351KB
MD59705a8fcead214aa619f1be816135ea0
SHA1f10d22cdbf5d7960aeaa13c98cf8f7de41034760
SHA256c8db5560edd42f1a6acc4efd10865ce39c15dadd3b7dbdaaa28922e1f9c86320
SHA5126d82ae6023e48ef54d6903a13b6f07069fdd5c87aa0e7b1219c0797bf49cc789170b3677d572fb1b63feda138e624f71e7175022eb7928db0dd413cc8652c6af
-
Filesize
693KB
MD52e9a1e91aa149308dde43e0b357e1c8a
SHA1d657811a3b3dabe519fb7b5fad46977674234f51
SHA2562a0411a1368fd5f342581b00fb3b451f89ad593fa49f0f79fd9abd5ee0d5f5e1
SHA512d7b612562fb04a89dac28f51e691f42af39cf61bbd2199c4f652a3096330a99084c0f410bf0c449403031b9a264769ba2932cdae8b0c49bcf92b5ae7a4e8fe9b
-
Filesize
296KB
MD52a0bc83152bfbc0f365d3a85fd1e1832
SHA19b972a8e823ff6f161ca2aadac11043b054b3146
SHA256ae1cdf9a4cef3a86d3550f7501e5c650cc1e0924c9ab84900df702ea7e351f8f
SHA5122c3ae97d3c78310cafe92620c0438dde4c624353cd682f3087c92050870d768e6f7071248e55d03232739a2dd94c7694975b0b329f1ffc6148221a18effa9088
-
Filesize
313KB
MD57769b6273b1519ea1a8ac9f059e78c93
SHA16d8807f4af484041bac83d5d8873d639d5f07d0e
SHA256e88897c766d8746b9ad859123742dc84b4dc9e6bd05d10a9262b15055a67758a
SHA5129c91942cb73bc0c2dfdd94a93759520d9a3ac7f6b43ac826d00d2ff46c6335ed87126024bfa955e9c9e744d437a832188d66ad238ae66378a23210b9d1e740ae
-
Filesize
310KB
MD517b9ff8c299fff962e9b9bc0d5f2f15b
SHA16224d9bf81c4771033e14477da0a652336326036
SHA2567e4a42d3cc06b7c9cfebad08391de3a275ec129ac20d36ec90ac136ee88223f0
SHA5128bd3f102b933b94cd0da09e77c78369a156e2ac22f29888ac0c9db8d9d4e2a7e4eeac99942ae7a8785c6207a0277c374c1727712a932922c10646e3fec609963
-
Filesize
728KB
MD5df01088842b8c05568fce402a69bb595
SHA14b97c244ee85efb9c35b69f65f64d9cfcb2d25aa
SHA2569f1fe59eb3d0da8d36715d63da958b5773ced3967e04c5314b3d5aaad2f3c579
SHA512b434a12884f7a1d417c02de2fd27955e6af2329d8d8d0db9781675a16396556b89e2f46dc951e070c4077073e126d492a5db7a077b7ac3b1f80fe4fab4d68125
-
Filesize
584KB
MD5f40f6817a07049b8589310b7dba04534
SHA193afea27adbd165aa1e3261cb67d5ab719ea02db
SHA2565429e2696d32638253c4372cc427b3fa154d7c997dc13aab90411fdf98c8f6d3
SHA512450039cebfebd9b5dd012c2980587e78b64e777bb2ed7cebd1f3174b5e88f0a018cbd60af18ef3eaeeecf9729b420a0216a0b167867be4a2814744217bbf84e6
-
Filesize
269KB
MD5901240b9cb3a7a635c2d56d6ff1b3966
SHA1c1fdd4ccf213bf1822696061d64930f47a017cdf
SHA256a750d091e4ca00bdc647ca36c2a22cf9199126c69607fc14f468f6b3b588e55e
SHA5122b316bc8d5f27f6f90434fa61d270a28f5aef2b9808b1467697c5671aedcfd99d7cf99d72f11d05dee06e73949ab2b22627ea1e925ce8b1ec65b4cd43d03eca4
-
Filesize
264KB
MD55c901b43287edab65f05464dbad3e301
SHA1d76444677a7eeafdfe0bc27a0ff892f028144d67
SHA2560bdd86ed3444e7e5508dfe4ec483673c2744925accaa5529bff4037cd1b0c2ed
SHA51246fbe41905a44fe034f3b0798459a2b5bfb4ac408bb90fb5f0f9e82c91407e4b6eddaa82173c0926784881acee514da71284ed02decb49d99cb235784d072da2
-
Filesize
275KB
MD5884f7faf0e79d04c6536506d6f95eab1
SHA139334913aa447b35012a8d7100e7f91e805c7e9d
SHA256b4d9d873df0ab126f4a312755fde331d4d246519f1757f32087b36714ef4249f
SHA51277a4379e148c7886950b92bdf8959c12c8695b7121be89142f4d4190cf32c43b8accb77f0c40718cd3c7e3ac0f90e99f3dcf5992140a5769821fc2adac988e18
-
Filesize
301KB
MD541ad390a8cc5fbd5b1f352e838b42ce1
SHA19efa8f2e5a0312e83f737929765a86112a874272
SHA256979c4336b428df84e37a2a51a7c5f311ac33ef6e4edc309c138ab2866dd065c0
SHA5121beb3c66c5b4f9d128e8badcaa8b9dfa9908d74ea910c40a7cde8be3b9b704525e7ddf1e646013cfecf7c66585975b8a8e640b43b27771335bbaa90158f45d01
-
Filesize
285KB
MD54792f1e39c6875d8aa5e911f16ed638d
SHA1c04ecb497096be4173f9aae3f0ae6accc8324156
SHA256a39bf79dce50c0ef227c3f326728d12c7675a79ab5d4b891fc56913bcbe83e5e
SHA5125fabf0e030f94c959eac797ae401f28b76ad63816e88d26e3875168978d7448317e3f86aa99b15c0ff266505c5dcb30124c796c6c46c0b90e09ce21b77324d69
-
Filesize
288KB
MD50db54f0f25ec3a19dff541ba223bd5b4
SHA1dc1f0c9b1c2578490af5923df179a92814c04904
SHA256ff89da2b21c03475373f3839615c570d15b9929fa2cea991105915ef4e648d69
SHA51296060c6c548085f019f3f127c4250ae6620c2b4f206da9203db94a7d2146c945b5384a661494ad886ceb35cf3f45500302b01009e08b43e549e17ddc318bc48c
-
Filesize
297KB
MD514ee5c1a362e753a5c44b11343430fdb
SHA1b87e4750d5319c5c695f1581feaacdd71abe0cda
SHA256ac3134a201073f6482a4cceb29a745104325ac76b7ad0d262ac7567584f450a1
SHA512ed647aa3f3ccd5033e41c8cbb8f85d1bd0dbf783472668abb9a7e83ce5ce05706b9d67d5cfb4c28791414e77b5ea9ca5335189545ee79475d3f7cf58c1f12377
-
Filesize
477KB
MD53d28ef9e25426b08409db5379cfd55e3
SHA125fefc87d6233da5b287dbbf04a63c34cb9c5571
SHA256b81a0b0175225dbdf35150dcc0c36154cfc042c1525df216d68034f0ae609057
SHA512210b8bf28519c1e1576dfaa76260ceb6fe5dc46d23a6c74f1eaba9e08abb310b34989f0e667b6839999f765cb9bb77d35636db63ba082d471c6b73819b357995
-
Filesize
308KB
MD5b37b81799942fc174e05b6aac03ea4c3
SHA1788d6d10c82614465628f79bbe1f2346839a582e
SHA256579a167528badf2a6feafbab487bd2314dd6107d0cc87df17a88ae325ef16319
SHA51231bb82eb4434665a1b22a21e3e91b48fb2fe78913aac18475f8f328f05fafb2e4bffdd1565b8f48c67061fbf760ad217300882b5871d1753255d969be2b49b44
-
Filesize
294KB
MD54138dc422fc6a5afb1a855ffe0caba32
SHA18b23cb3c91167908e181eb0ce9d730ca5b3179e7
SHA2567904fb9153a65105690d76ebda6e9edef2852b868f6a8d2e989b2013d40ffc3b
SHA512a578919421c6458fd187d5985d721257cfb7bc3404f174dff413c211f29cb2d4552699fe10f0c01a651e224c1c7f3189706aaf71107187120a4260214881e531
-
Filesize
451KB
MD597ef86fc3b66a0a3aa4e1be4555369f0
SHA1bbe68527d0c4c9e6624920d548c0ab0c09dbac88
SHA256d5a48e324fba0fe6ad0b08da12fa2f4b9279b6271d36710663b3462794a0c7fb
SHA512fd7802060a8891df3ad2df1252e0fe09f227c7ca81715917fe0020277d28788326d9798cb62acb8820f4701fb18627f78b6d22d9ee8ee402abcfeb4704718ef3
-
Filesize
266KB
MD5f2bf46d97477489d80659d0be53d9d05
SHA1a76378ec45dcdef0c596aebe8a4cf36dd3f9c01c
SHA256196265eea8a2d8746953564b11d64dfc38acc9b17d3e38965f3ae1ba78841e32
SHA512d65d27d04beacb20d3367af016ef55bea774c782475271e0a0573d2bff2912835d96a803c216ca5f43b56d142e6a77b41a67f35c5bc704c10f5e2aee5d6b7348
-
Filesize
273KB
MD5e99bc71c3caeae580ef7060155ddd0ff
SHA1d6986e1fe1dd6c110b05f44f84e956ecac188b97
SHA2564282f200af58345ac756dbf88d0b898d26750f5aa16b7d2557b4d31c0ec126c8
SHA5126bef16c9633387a3a0557cb644f152210d75157ac9b8ab1af6b94bdbdfb48b2511d0adc84d269ad16a439415ec46b78ff9a2e743bf72238cc5f25a4ce5bbd7f0
-
Filesize
703KB
MD548554783d89587fe96d94cc1afb58248
SHA1be0843e27225df82cbb27f017acb7bac27c92c5e
SHA256df0d976ad84bd0dc165f341ca9c5dfe7995a4f676c1c0a09d7a4716747e94896
SHA5122ec38646a550e86bd6634247de2a49be20e9f3c09820284da82f7aaa6ceabe32920c4395d3bcd728e3370f8342627a9a9f12b6a222de145213efe57239183784
-
Filesize
658KB
MD5079fbd6adf806504199dd0b05c87c697
SHA14fec8c3bae9b48f92e35b609fc3977eda5de2039
SHA256ee2697e8850803f08bee80e461833bd9f4232532c3f569f56521b1320c99e5e2
SHA512722c6f3f6f61a8eea6965eae290e580a3263b894e07f7aac08fb6cca67e668db92a874728e32764ee0c10f5307b753d1589b8cae5c8a39edb29c7253591c017d
-
Filesize
556KB
MD5433dbeabe2d4c70255f1685ece8fb97b
SHA1966c16c364b4f3ae6ccb8c5019c0b6bca75b593e
SHA256dedb178d79730bb0282605f7bbc6e410b03ee7bdcee1a64c08d9e9c442f49942
SHA512b5f3d434f71b62136647700e7d4c4e207bafeeb20cdb03019c6cd6580e61f88f596a4f2a0ca77b010f38b41a3eaf5df8e2a00e06764db17244083cb95703213c
-
Filesize
282KB
MD51a505f3f30511c2b05eb29ee0e0bff26
SHA108d4002d32dc5ea8a9476495786f5d5c1bae7ea6
SHA25627627a61c6857b80b5eec4f6720b585f82b38271b7470c00a444735beee254e0
SHA512d925f59cc9af4d55ad5daee42094ddf5d120eae816cddb56e906cd8da47039502f7608e9c4af77994ee7db585697fb26dbbd1c2e7c0bee4e3b194c9eee80eeff
-
Filesize
478KB
MD5e21f45d7685b75be483013e1e8dc8237
SHA18f4cdd3dea580d7671117e9c49891212ab950686
SHA256dd57df6e7b591b3bd6663743c52f4c5f3a7a24e90fd8045b03479707f25702b3
SHA512b29d8c67a259e4221e9cbb082f41a1b008f665e18dac568c7ac75fd40ee1e1e00df8bcd65825fbac63d51b1bf555c5c3752b96a9c8a4a153cd325377a165a048
-
Filesize
332KB
MD5561050669f78bd04d0431de3eb98d160
SHA1028a78bbaabe19ac338648ac95a8b944254e8d3d
SHA256922eb514cc20dbb44f41745c9e793756f8b46892504207e75de188be0aca6333
SHA5122df7ff472a616c9271da813a66c6bd98809d788c7dc752ff0f3f68423f245cadd6945a5424af740b17d14f4f6935a2f2bf030b369dc8a39fa6e968d7f2a1897d
-
Filesize
245KB
MD554415acf2d54c65718c99ed78b4bf3e5
SHA1311937480b01256a1e50d0556df9b4f9f9a46424
SHA2563648945ec3205f590da62f76af957d8a4175890e6ddb5fd1103beeaf66728c7a
SHA5124eba5d0f1be81e72699d8429252877096524b4e27fd7d8ac480ec13cb60a83f4b8288823299c1c4e210699278588662e578814b8061bd5b72b5179b956624fc9
-
Filesize
245KB
MD5c709c2e92d4c0a1a2fd30f5350bed636
SHA131c8463300bdfe0238f167451a1adffc4fa899a3
SHA25637a8707ce5a07b4363579e2d411a1c641913ed1e0377ae1e8cdf70146cee889e
SHA51238f8da72ecbf73f10a8109ba51f162e77b0f567f7415fe2fa17a2bd7677d9562ff8bd5c136251f44c192c7618cdf72684dfe11070f478255828a5bcc5df8c01d
-
Filesize
447B
MD5b09525b48c0023f893d6b64d06add4b1
SHA110ecd439ea04e02eefe17f6c110d0c0a78a1db21
SHA256caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e
SHA512c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f
-
Filesize
577B
MD547ff3e4cc15b8c4a07e3ceb6cb619b62
SHA10318e54c613b8ff00f54d843e90ef88310c1a96f
SHA2564786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a
SHA5120212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e
-
Filesize
480B
MD522efccf38e15df945962ac85ac3aa3b7
SHA1b94a8615dc92982e1637680446896080f97c2564
SHA2560ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92
SHA51241a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee
-
Filesize
25KB
MD57a7d65e41e785a7a848f0b021cc0c0d7
SHA19d61357d9aaec43adb92b95dd63103c566aa2083
SHA256e02e378326e351980325f9cbf4e27327ac03aabf85286e7636c99220da950806
SHA5128f67d2e4ef55abffdc1062997cab7a44cc81e42b16174d88dad41939992903b7a9ce9c7775db10835d30cf4aaecfac7c8d6f2cd1611f17e40d3c66ee0fb928cb
-
Filesize
14KB
MD59fb07e066cc2f213a64d35a97a8c2922
SHA1a70db989f5c562bc69caad89a1402c8ad7c9b80e
SHA25665e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90
SHA51281680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c
-
Filesize
22KB
MD5a9ce4896a111f0ea2149e25ddfcf27aa
SHA15f242727905a3f30263793e3095fff8fe7a3a0f2
SHA256941d60fe4e4f1a66166e8fe75f885ab1086a4037a4627004e391d7493e3e8911
SHA51205d0f13214d60fc4533652f5b1dc161f3f14c8b194d74e45a34412f97267fd69b7b19f1f647f348ebfbbd2551c4060e36e746a6a79963db7e78cd95c92dc4d3e
-
Filesize
21KB
MD55f5cacda94bb2384f9d6bdece58ac526
SHA1c10f095a312e623b79c42ab7ca3f48130b348d62
SHA2562b698fd5d6f4fd959c4a24b47b02c2e1a9f51a72a66cfab3ed72d8f667d221cd
SHA5121ca9373b2eff0620d02249ab82fe46644f6452db36a2b61334cc258d2e9910200c33543f7794e0bdc69761f5b86aedacca0fe6491293ecd1df2992eaa5aaae99
-
Filesize
22KB
MD56b1fc0b4e861692c83e8f36848e7faad
SHA179e064008b2c2bcc63146664cdf1a63f1d5ab58f
SHA256f5684f68c50b3f8f5c1ce0e1266e003f2099d3ae401c848b2cd30260a998feed
SHA5120a15eded536ea683c4493af1f45f8bcfdc24ae69747386a6747dfb2bd3475f88f4d15d2ac77515eb5ce75b65870f2fe2337bdef0fae5758edd72684683a9180d
-
Filesize
20KB
MD5623b1aacfbaf85b09a4e0c180e9ef178
SHA1e41bfa201d627d093bf446eb39fab268528e5e32
SHA256ce6bf3cbca52a1ae369199ee190272f6842a45e64da9ab6cac8b48842aa099ca
SHA51283b91c326561b725483fa703d7bfc66a3eafc55a25772bb22251bc88869a30bf11c2c5aeabd5a07da8fd7f2d2b93ab2ba47edaf025f8055f6ebf07df99f9b77e
-
Filesize
21KB
MD5ea49ac9605d0ddbff07b0e19d6d34517
SHA1c17fef2467a8973db193de95f7b66e6f511529d5
SHA256408c2ff8977fd6fba4ece99f547182394ab62d22401454344f48ea085707ebbf
SHA512e45a6d19a570f496a30eb2b39991a04743d491ff85b29390e52be2a5e146f7819c2197cd0b0357120a0c5ad9c792059584e6c4fe8f8098ecaf435aad6a44731f
-
Filesize
25KB
MD5da7a6902f658d02dffe24e7b29ae25a8
SHA12942cfd645e7de104aadb45d65976c073dd54a64
SHA2560c28d5d9178465b76fab0f5d736962095ecd333d7b2b1775c31becd38aded023
SHA5121079fc5da14e53157486609ec2faac6c88272c74c2acaa8a02f7cc698cd078f118bbdc9d979a40b183055dfd3104d1792d530b9bdeff4b1d1f12131a7f3253e4
-
Filesize
22KB
MD521af008aed42c6654b0a6eadd1fca98a
SHA19f1dd90654b10a1d56c0b7345de9226deafeac52
SHA2567f9e11fcb9567e432cacc5ec0b399fcbfedcdb0838f21ee84641cc4eb7794155
SHA512da2bcca88b89caff19edfc38cae25fb8aaf1805dc80c28b0e1a51f5de64ce7b5c671bceb2ceb897969906fe80477e47efb9df7cd377d62f8aa3ae9ae1200d440
-
Filesize
21KB
MD51d824987054f6109e386a2af3a2930ff
SHA1f0103827d00e343161463cbb436a751135ab7c68
SHA256a5c2f911ae2e891f152d08203e8e99e78735f09de4b7421fc6cf343987b48e34
SHA512df45abf4e8b24683eb3314478bfa9820caa83799e7d685473ec963bc9f07d72e763eab14a80aaaa7e1e44232223efb43cc6e9ec777c028516e7831694994d8f2
-
Filesize
21KB
MD535c829fe17dd39d16ed9ed9d3c3a423f
SHA1e2f498fb2ebd74647eea70edbe29d49dec3856f0
SHA256a3a3183e5f85ef1d84f386deab1052871fe8ee1cfba2800cd6443459e3609346
SHA5124a9db0e592d62cfec1ddf7fb1a67d2ed9338af50edce9582321d9ca798548cd65c53b810631cd862791c925cae2075a10f3183b02b5851cdb2cb2f54db229698
-
Filesize
29KB
MD5c14b9c7f08c0e2a57ccfee06a7c5a05d
SHA1c630e7233059006b1213807f8dfcb38295dde240
SHA256b61b82dbc223e35f7451fb848978a79703b345c7a7728d60d59fb95171e11969
SHA51215e3fe85a248c065429cfb52b5fa3f454d2440ac39612452974c7fe1fc890316c57a2b6c4137de36b3642276aa6791345e1b41af6628e80c4e7a3c6247dff6d5
-
Filesize
34KB
MD519402422b374354b36b182df60197aba
SHA175b68c2f7f9ef4730f0fe738f9477c543feb46c8
SHA256d1de34e55cdb1a8abf9ad3bdf0c875b8f14825ac25df5526da98ced87588aefb
SHA512c2f6991d15bc870a0998bfa74a939c66131f2d17485b3771e41fe876cee02050ece0c8a25cbca6720254ea8e25542fcab6ad569864a8443b5e3a0e266282490f
-
Filesize
21KB
MD53aeda0b485130bfc9dedff4b8fef1961
SHA1ace8100a277ea0f8e06902d68c1c39061a44fb26
SHA2563c465dcb8fe7197b0862637548d7c383574965666dd8305f5eb617444e9acfc1
SHA512319cad94c82fd188103a0178a4aaa6433d57358a7fc99348522336fdc786946f2b08fd405fd104573d7aeab62248577a7ff6a27ad35cff50790d0eada45440f4
-
Filesize
23KB
MD5fcbbad664f3eb4d57764f73eb0765942
SHA1cfb0601f07f12a78993d701168aa93109fa891c0
SHA256401a8d87d3057dc1b2dae6338c93ad8f5a5f7de628ea2d5fb94ab781f9d1a776
SHA512aa077fa7ddf698ba5e619239025775ce81972af515d82d1211039e0c65e5a30524ced698dcc1b7a1e1c943992ab6ea8fd5d28dbdd5abf57ba0c246360e21f08d
-
Filesize
18KB
MD50d168bc28c89f0fd4bf3b7f2d9c65eda
SHA1733690096aabff107a7b9a8d8a45c7a68aa9335c
SHA2569a5032c277e2af24fc596e1d2f535dd8873530cdf055ef7b9a27b84a1e4bce88
SHA512bb1e632e0c6aef6915ff178e9fb2b71173d1a3a00bfb294b59933e2d84f05642001d4201e42a2cbb7716cb4df039e4acc9ee24f91c784a48521039a2deedcdc1
-
Filesize
18KB
MD535dbabb7d08aae38d44bb326ccd10eea
SHA1193c8df23ae63107227a1faa03658c91635af058
SHA256c5ad750e534b3a1ef73e2b8b8aacdb5f591a72c366583f9ae1ca8138eae5979c
SHA51275aa4b75b3a9d76d0306360c6dbb49b86a7ecf7c88d8f31f28918f5a93d623e578f8e5faeae95c11b82d17f161834f65970088fbd293a12fca9f9322b5fad3af
-
Filesize
40B
MD560bbc192dd26ee52247b0156ee1df427
SHA1ac903b225dfb28bb8e1648653fb5712bc205916b
SHA2561644b5e335173640acc6e79f9212c9b84c0498308db5168a0e9a6011f02c609b
SHA512767dd86ede9b08cbd3a048cc93f8e0a64ee0e8924ee6272a89a3da608228e722e7872d44a066c3e2a13b8a27df9b40e46a7b28498e7936fecd8c97d13c5c36b6
-
Filesize
46KB
MD5f871dd44ae8c9e11c5c85c961f8b2ab1
SHA17618910822a0f2639b405e3c0b13faff0431140a
SHA2562ae2564f74716a4e44850d845f0cca255c6c0c3a7dc0c8ee6bfca0212cc394ec
SHA5123b9638f705f83e37c3e0c9db1205b2ac76b96ba72ac56013a6aca6f34a7a9ff3548e8fc67d2b85c9f23f8337f696baa8fab01523fb04b5fd618b130501eed47c
-
Filesize
19KB
MD5763b7f5900669e8a99e8f1c6de8e51e7
SHA177154ccf789ce7426fee337c62a990a8cae7395a
SHA2566253716d862427fb131fb1481cc70a20eb0b526d7fc1d2d5a67ab68eb1a40693
SHA512f25566690b3df6373f94fc7c06d1769a8e383682c4b4ec40e84085e3cea3ba9b724600c0ed5f23309eae202aad8f6c4eeb0d12d738a1eadede5a5f0d569b84b2
-
Filesize
96KB
MD51b69223bb9cda4a696e1a9fe4513ebec
SHA1aba8170614abcabdb5c596856905082af30f187e
SHA25645724ac93d26dab55d452763efe43524d9a6ad54aabfd8ece77d0102ba4a6a66
SHA51282fdddee01436449621c2d80ef848fc3430afa5d18a784ff8741c11357b7bf77b55fe40ecb3e41ddc4f41b9221a91085b294a9bc2b991742762f31ba816a73cb
-
Filesize
802KB
MD5cbff29d85a5b2b8eedcf79b287f26453
SHA105ef43788a9c2ef7f17c3dbdba9636f29dc976c5
SHA2560b8785b8f9a70a296c40050cf01f5e7edcb6617bdfd3b1ae14eacbb8aa67fd3f
SHA51263bd89c539ff4e3dc1854034ac1e2bf4cff835b5df529c590552bbd4e02991fb8dc654553ed27170441b7b8aa5c0f25ae139a358166a4f9831a255f4751cffbd
-
Filesize
32KB
MD5f50e46d81e187b4b40c4af5a6e02eeb0
SHA178e3d4222bec5b65cb4521b2a069e2e6da2063dd
SHA256a1c2e71fb7b9a29b04b2757b7563bcf6af600e129ec88e52dfb3d6c78c89efda
SHA512c9360b2c73f7179840561f5180aee0a646d72ba89bf805c92bc66cd3d278b0e49d594ba3fb0b6f523cf4bb67d0a8a5599e25449c5d48a29af50cc0c74c7674cf
-
Filesize
911KB
MD5f7d59b091f24a3af080dfab10a36c5cc
SHA1c015deab6bb286cd004f9c9b1e58ef6df385fa55
SHA2563c603fe131e38402cefec773872376bcdc9af59ec29587b5202426e440522936
SHA512b775aaf04491b88e3f10de7013b3393acba1c4427728215f3b33cec0cbeb6692ea03339cdec879fffdafa61cd356dc4c458c3762401ee78b45c4aa8671a09bb0
-
Filesize
151KB
MD59d6fc261452009ac35d1a852e67786b7
SHA14c0f52a741a355fc0d07f042455e420dc37a36bb
SHA2560f98f4256f5e4530ca7e6f18b7bda3c884bb203bb739d9802878e7a4196b088d
SHA512b5b5a838a888d521c94554f5fcb01747d1126bf7ff08a2ec7802232e28197bc80ebea6803f0dfa4d55bb30342161f7505deb7a2e86d0a37e3cc5b56a50b11614
-
Filesize
19KB
MD5856a3daa268de8801e7cfd5b727b6de2
SHA18e099b433518980e657c7541c49b498e6b83430d
SHA256b870ae3c5216311e1dd7b8662e01d1fa3326edc85a98a58247cd37b8cfca0be5
SHA5122f191ea906a3551576ab14e607fdde9930fcb15f15ffb40a8c5999ba07224bbb8ea69918db11d1cd719a3d57510edd466ad2b9199c6a45a48463b0020a2e6eba
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
1024KB
MD5a721c381435acb81dc2f0df419494c98
SHA11891b03395d1885dec084597f918abbbdce8b51c
SHA25621f90877ebd93afba1e55a88c7f4e6e3aeae57a5c4a2100a1c75a1fb86a063dd
SHA5126af9d674ff832b77f00193aee9b9acc90d78644a7e3ff3d4413835b4c262da0245bdd47a0247bb41df56124e6f87c629c0d4dd79e8ca00aff86acc44cf361e76
-
Filesize
248KB
MD5a6fc0e89b7ad808e9fe0d1c01d89a887
SHA1ddc5de84f804d34f3fbf2d72e89be24a62700e2e
SHA256c28c4065de6b63b84d30472b9db90ef7772f2880dfe505be05ec75eab295b261
SHA512a76a3745b2e5d0e8befb127fee74716c064fccd32deaec9d2799f89e6ffb57af575197e9c615946ea2ae5473c5e9acf759d20a9f079be8dcfc1ffce3106f2ac3
-
Filesize
2KB
MD5007cd0f289f12dee27824838d6168e33
SHA1acd5441e30fda1a6e1ce010fe8fc899e45d6e8fc
SHA2561effa0915b5c0338fe8e41ed3fcaebba79611594df9805e68c45ea16a635cdba
SHA512651ea81a05d4da2cafcf615f6283c4cca3d0a05fc1f8e33a976f2838080847204249c91f7dfff2009b2eac0623819fe89df3579a68f29932624451573c588a1e
-
Filesize
1KB
MD54b7dc015a250692c20f2d76c42e7c44a
SHA1cb2ad935465d29aba916a7af1c73ecb0d8d689f9
SHA256016cf8d97b837766acfa1636531631f4360787a1510322a5bd25fda5bf3f7e94
SHA51267252980bd719a13113139cf9ec14b91aab6e5de78831acc4a98908913c78962dc04fda96c635bef3466c4698f0afa8ba9f4f6de1aa20744935b0b7bd02d8f88
-
Filesize
4KB
MD5055e60aebc0fc8653ca875a4bfdcca69
SHA1668fe1e21828a45aea9d4f7cb9126f2ddd3b6e0f
SHA256a7b52d2ec9fb2a5dead329a569e5174a8a148d5a8df31077ffe2fc607fcd3817
SHA512044cd5bd95e8c7aa8823cf66489a17d67cb2cf55a7db17d14b12fa18779d2e941aa4b789c2c735402d2dcd386823edd25f02ea53ddb510cbaf52708a59a5a8f4
-
Filesize
264KB
MD5c5bccd78fa0abd338e3dced71bbe2d9d
SHA105d448778e942c2cf8c956aada2eb65b31f4da80
SHA2560683ca4d0830ec7499d37bc53bd198ea934a83842fc9b7d391559ffe9e656057
SHA512bd128bcbd6810c00d2c6a09a4e3240cb63d8bb5fbc0176536e689d9ca40a6c0f2f7da8c421db5c132636982250c209c415706fde82af69d1f9dc65df645981d2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
27KB
MD5e666a61d54a98c071cdd23b94289ae7a
SHA17fc1738ff1cd8cd67015a68d917af28b6af90d09
SHA256a5f45bacf75b23b52442fcd01248e71d73c6c135bac83c95788681e0b70c4dfe
SHA5125dff9c0492b4fd6bb9481e0d500f78e0e5624a15be3214012a580febc8bb04580e18fd45d98d601b0d29d137c71d1a1264ae7942d645263db92ca17d37c1edde
-
Filesize
26KB
MD5fd6a92ba7983f3a7f51062729298c738
SHA11ac13d1fefdd1fd98af1207f8784137ceadd8d4c
SHA256706aef31f11b441093965e4e12d48970ebb0aa7066d4aa1ba549781ec21c8d7e
SHA512a90319ccbaf249bc76c6a4bc2674d04f3b3cf36856a7a2f0bada1a29b5b7a70f1542c616d9a8e9117bebc3a8265a355530b8f25340e72bcc4122a58eb49e15bb
-
Filesize
6KB
MD5c808e25e170bbe6cccc11012b3b94f84
SHA1b8961867a45205772824abfca49165dd4bc4f5a7
SHA2560fb264a6e1bbd19678e1e4515cbcbbe9b1fb6917ea8da2ac536b5d9d8d5cf703
SHA512344f7f9655902faebad211f06b98025a3268af6b02b56c9381691badf7e6e340df75a76e8c6b46d8c9c189410a5c7e74245dccc93f22498b7a514cb34b246553
-
Filesize
9KB
MD5ba5fbb1bf7b39a68d41ecd9c02608121
SHA115ac18240ebd0cc770c5b7141b21540224661bae
SHA256e3bb68bcce405fbd0478db15cc6a82efe52205167cc4e9dadb950e6bbf8648ef
SHA51240a71cb35be4a72201352474445ece30c72295d2deb000c3c3171797d5037acecd780b9b00c5556270fa43863ae774c593733a70a4b7a2a022d2d2d31542e119
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5b898bb7a625284b082be10d0b53ffd10
SHA123f365670643340a70e00e86a454b5afdbf9bc2b
SHA25677d27453053ea280df16f8eb5c775b5dd88b39426b48ba433c447ca16ad87151
SHA5128bcd49dc0427e3792e7a7ee51159c0da88b39c84785f49779d586eceb877bf1f445c7b9cfcca56d35190a93b85b8215fc2cb3936d997795c7eaa917c270ad7dc
-
Filesize
1KB
MD512c4bef09660f9ceaf5bc56b28ef619f
SHA12a71181218257cf02e4a20384dcd799f979d0110
SHA25611690c9d6b28d2195cade15cc11ad7c271d876b8e6dcc359e49ffb6790ca6fe6
SHA51264b30e1fee8193942f769c029bd357f3083a27e4c8c5827945bf061fcae32a18cb6ee5385a2d3dadf1de8c3773dabb0b41fe97e922fe9c00af7816b076a216b3
-
Filesize
1KB
MD52959e30e6277aa702a153ffd780ca297
SHA1f88ea29319d62513dcef0cbf7efe9594ee5c498a
SHA2563f8188ac6d87cda82e44bdc2e75e2628de32d065e25ea5831b88c2f56c844870
SHA51291b62ee161f8ab8e2a9157182b7f3fba3f892d49de4ed00a34800de4c88d00645a5ef4e28366c6fe3c4ae64127789efba9fb53556c80c578fe58075239afe24c
-
Filesize
2KB
MD517964f6d4307040adbc1092902ab79b1
SHA1bd6f796f1bef74e32d55f23425620943a18dd2e3
SHA2568a7f546ec0e8e74b52f85aa9478f75b969a9eb3a855f52128c4d311e69fea733
SHA512837cd47d9443fc3abdeb63ebf34a0e87178b65becbb92c14549074ed061d8bdae0a62d965f3e3732101c480234de92562bbc1a37161e133bbcfa417c51784793
-
Filesize
2KB
MD56c92b6ac1d47ae54dadff4a6438e5b8d
SHA10216f3898ac6cc71c3752e31069fdc685134bc04
SHA256703ec75b5d5c229ee95d479693f0d415b38eb1b02e7fea5fb57dfc2ef2da75ac
SHA51242648ad95749853c34fa444fc100d86745cae76db14f4b99182439e7172aa7741a43b7f817dde58c04b283028d83c09ede7850ef5748fa7ab2fd8e08461a2449
-
Filesize
3KB
MD583484106ecd155a51965c835630a36da
SHA1a84888dd940556540284cf6b2c6cd365fd1f23a9
SHA256daa23ba3271aa41eb3dbb852d1270467103801bb53a5b6679c90758c5bd1d361
SHA512e0fe8883ccf7a365723e198891cd39ddc84fc77670e4a47b4ff18f5c97fe4b026277a69009898590e965d8d4e2182cc5d7e0b8f7e85d3b8e6bf57026da014909
-
Filesize
356B
MD5914ae65dd1b50ab60c8bf65997620eca
SHA1fa189ed05d6a33d8de8e3eea7f39143af883056f
SHA25676ffbbde2d69d42cfdf8e7025d72893af2f0a39444b9192d3e159772ac76738b
SHA512f5784e70bb2f8625bcd642c00fe8e4b857d7af117805e8a14f2d5e9061221b1038da41d7261d465498042b493efb65e40d29de50f01c3506ce1ce0fc60b8c69e
-
Filesize
8KB
MD52660b06daed52cf5544da9610ac067ac
SHA1c96b0064136b36233400a68a390d742dc26c01ac
SHA256c157f23fe13b657541b3509c2bc3d80489bcffc001186d28ed184ed1ae2d3f65
SHA5126c0dc04ccbff995e43a3c6df8b7831bf99bba7d54cef7f442d70358291ccb2f7e4486ed624c18d7fe420017f4c6597db2797338a5af6828e95e9a06fd668bb6c
-
Filesize
8KB
MD5ea46ada6892c8028cc98487d7911dc4b
SHA1fcbcb7b0103f34e23051abdcc44f1ddd9f5e74fc
SHA2567bb2d47ee038094e0e4c5d539ea8139b262a572fe3f307968f7e2fc6546a04bb
SHA512ab164686d95d93f5092b0edc347240f1ef1cf1915fe38ff9c7bc8a0f051c93282b1eac88053725babe22ab737b59444e266e628aba961f3dc663b68e2a5ed6b0
-
Filesize
1KB
MD5193aabbaccef39cecf117efaeffc2458
SHA116246e8cc85b25bf81524a2478ed7a412bf5221f
SHA256bc9bd3072dde9ad8ec1cd1a6c8115b72dcb2dd9fdc2fe2b6ba9a339a249acb40
SHA5129c42677c5e1187fd55885e4e14d0301c07c7da5f1aeab4099b10e97df5b7aacc259ccaa4635c4b600074507bacf38570c26fcf717d3d34480b791b873ad4e29f
-
Filesize
1KB
MD54227c8705498a98724faa6849599515f
SHA1c62d298a813abbf810ec815d00459d42eb8c9198
SHA25677a0218ae24cf18f6b80ad1e1a13f6b34ada27636d417f7953166bc980ad6d8e
SHA5127394814af8291d66e298a61e1de3921122e7ce75716f8ba69e6372a13bd9771a207ca37c1958c2c1b9fbf3a16d64972207f4cc97d1b1d31d6fd69ede2fd66b3f
-
Filesize
8KB
MD5c9bc8ae124d243fa71df26904976047f
SHA1de73d6522df24b6092ec3da1d45504bab0bf2171
SHA256474f9fe1ed5e0102f69eded8e9150dbceb2b620878666382515ff5e3bdae48b2
SHA51241530f2cc96e9e9f4891f0e4bfbab1cd4d1949d90abb5082fe0f9b95e9fb5771c2f368541490360390bde6b6ca9a1b9fbba6a8d56c7a07863d57fc36f7cfebf8
-
Filesize
8KB
MD5a1593751639fceed8b067e10685c64f5
SHA168f831dc4e24171f973f8ec2799304b427094dd7
SHA2560d3522910d96ac86a7456885ff20230df8726908fa1298a4ec6eefcd39a95599
SHA512f1429990fb87f86ce382607637c77c35e77d1ff1d84d7a09beeabfce673a5f17fb626888ef452494a16d3a09ce11816beca2a5e0315901bea45e6aeadd1e767a
-
Filesize
8KB
MD5aeb02be8f4185b9d8e049ef24883628f
SHA141cbeb718ea37d6b4e079b3aef3ca6023bccefba
SHA25677eb4c71242197c13407362731b88cb7b4b86eae1cd7503937b255e1439d0ff3
SHA512ee6f56aa6253b2939c2700505ffd2edec9cbbad111359d16e60da170486f573eb1eae3a4daa4b6ab3fe0ac12a4b23ef766338cdefea7aa18887e71625921a6eb
-
Filesize
8KB
MD5ee0654d7e6eacf8b0475e83af68d88ec
SHA1df4de4d80879c320fc66ac657d53bb876fcd65dd
SHA256004b8d4df4b56d8c0c4fa84644608cf3596a38b009956611ffb3176851b820c0
SHA5124fb69dbeb0b2ce81bbd6162cb398d8c1d599da1cc28690edc6268379b05811d7c9ae7717c688783554dccaef6ceabf99fd9a7a4f6e5a180355a9151cf2c6a100
-
Filesize
8KB
MD5be0fbb5d0f6e3b596220a36b644dca23
SHA199d78610072c32a8565afa3da985bcd389fa260e
SHA2561eb4002b0b157c96ba4b0f0f981e958a5a6a7115d1e841489d065a3245120880
SHA512ff1b012d7e2dcf769c0eb96d9259dd909179ebec0a715a6934d17c84d993dde32d51d7b7b737675bcb730c315945b0ef93e6069b73706e573431636c81a846c0
-
Filesize
8KB
MD5d0f4a46c6084cf76ef7ed814455ebbec
SHA1c4746be053160e42db8e37fcf47771331c421f46
SHA2562f6ce28284964e3c0659611e33ba0148dc9cdb52f956619032cbc451b925d3d5
SHA5123e9b10b86fc1322d938d8370c8a12db82262b12a70a4729317ee120128e363342e396ac98c509ba13c8b2ea80044090ab00742ccd50abc6b1ba6085251aecf7b
-
Filesize
9KB
MD59dd304eb94852020297044b0d007866f
SHA1d2c4e4961bcd3930a4471c5f8c8bf1282005a26c
SHA256565feb2bc13fbf14c63ff833f1f1886a08b021e4ee1e38873b6af4199ae40b02
SHA51230679d61901e01828a945b4e7b72b30e48fe506e65432976e34e6189fb7b1bf1aad7034fe70152c25ca8d1b524a05c6828451087daa871b30ed779267724dc05
-
Filesize
8KB
MD5c2f7f6691a8d51a58787bbda2a0e01a8
SHA11b78bf49a68d38c4f3ef7aff600f259e850f7338
SHA256e6febcbf236e87232b9ed9d2529409991cc22d0d17e5f5d08ed7ee621dd5c287
SHA512b00f016794c993e758a32ae49be712cfd03bf01e3df622400779b14fe8978fd21557a2e7c793924146fca815e0dbdbf92a556109c8e5272919b8926827ba45d3
-
Filesize
7KB
MD51d5c03e64f0cade73e88c0bb9a39f4d7
SHA18efbe2fef702508d4f85d15a291af4b26053ea8a
SHA256a296e25e3303093192cbe7bf22a3a009bd5a3207efaa29192a13f698bb7b4644
SHA512af06e196b2dffea6feee50d82246764fec30779d8dcbb28320aa97af9f8fd452e2666313420c67c4d167b0097f24580f256138ee430a1f44630799c0dd0a0eef
-
Filesize
9KB
MD5f19e4a86ff0f1c80724d1c4840ce4dbf
SHA1e0624cc463e471e78da4ca2dc1b8d2c78f52a263
SHA256562c3f1a0fe181f510604db49601858152d2bd145571e009e661d60ba33f62e9
SHA512061577df877c436b3b1acfc51024e25cbc127ca6b18872d0623ff4ac8797a499924b03e45b1dd9e4beccba6bb505072128e3e853fb611d440ac5bfe961947fa6
-
Filesize
6KB
MD58ad552006876889259dc7854c17f17ad
SHA1bd23c57728764fcd44aaad2cdad77817abf90df7
SHA256b3e3b61a55d616d20d2e44270f0647b6523a3a6f034a932ed4f158d299bb2744
SHA512720db9b1d8b7bc13dfd3b3dbbe0e0b40386ef2518e267a4f50f2d98a4d07cd800e2cf62465fda5a05f8fa726e11bb8c0862cca1ad17235d88f970a667c340f5e
-
Filesize
8KB
MD5f268a99ee6a65783ea3dea1de562f13d
SHA152e41a70936b86467fdfb0deba8733fe53da822d
SHA256070abdb81722c15d83b5c90bedf43d45266fb944512f104931d55c0cd04d79bd
SHA512f6868f87b9fb144dea7dca5cee1ad45c33c605c88d45a02b7114f7125b7ac74b302d2b8adb450a8509fa409df6ec3daa8dd43964dcddfd0b11be615c3d93105c
-
Filesize
16KB
MD5db8c0c7325ec30492fc4912b2f13cefd
SHA189578805e57040c1f26aee72b61880d643f67353
SHA2561256a7ec2b1c27e4a39bed8d03d5a8a3750eee9970404c797780ffe0e9752065
SHA512545efb3a31c1f23e4c8ef1e4e0c95f762d8cb25e8be162fd8712a9fd0f3d5bc4276ea6d909152d5779f53b776b32a8e5dbabde523171257eed7984f78d6c1508
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD5485fa1e2cb602c69b58fd9b93040d764
SHA1e2eb93ac657604111f74f282174a39242f12ea0f
SHA25693f326662a009b8380d2e9f9ddde7b1a10207d4f30c38a6ffb78f7343bdfa2c1
SHA5129cdb225e505cfbd5b3c5ee6b59f7ba8d1ca507d350e21bc9089f35e88d3721c6d678e44bffcc08afdb58e35576d5773729f6fd4a2df5cdef1d1afeaee5e35dd1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD518b92cfdf2e4c31e9a79891c5f3529aa
SHA1df2eda7f5bd8cd580552b62a9ddbacc9f1af1a62
SHA256b99644c1f62c38007c5c8de0ec4aa1afb3ecc0511a97cd2294aacee66b4f0453
SHA5124d6925def034c6e9942c58ce65a583326c12fa430ffc18e3e72a957f005568baedbe16106beda654a076d2ab365df3ef57aa5cd39a88cd4674a951aaea4576e0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b939.TMP
Filesize120B
MD57cc5c35a88d7e2e76a09764841d7d97b
SHA1c1058f0d3051038c7f981ccf46f648759b6ca0a1
SHA2566f9e02e50d657f5b953c10d2a83c69836129d6af05e6748213e5c877901fd56c
SHA512dc85c9b1f457c9a0d73d68a6b9e3f812c575183437a3a276c67e32b19f93cc04584093154f548d27aa6d800bdf98381b80beb453ad2f3b723d00bdc1ce23207b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD543d4b177ae8e5c7e18fc67fd018d1d58
SHA15feb49251bc9dfa2a3fc3093ea6296822788b0c3
SHA256feed70a370190af7d4d93e8b85e47136db837cb6676ddce36335ef74aa80894e
SHA5126f9453535e2fa658d5763e4850dd0f436d710e234ba03e24fb951a966025e5f6c5f3572a2570ef4f087c198c35cbd793279473c0c476d4ae3c38e745e12ea1a2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a3faa.TMP
Filesize48B
MD59ca0619752cf71840c52fd6b1188fa30
SHA1340dbc89fa510fb6385a2dad874de5bb53277f15
SHA256fa4857bd888dc5518f2f86ed22570cdfa1cc6628a59a069363d9aa7f2bbf42ad
SHA5126b7632e3a465cf2c7eb1eca47ef19f4221c0d60e20bbb67ab551ab53373d572b67bc03659afc7c6d9a9a4f5181d4e4ffc6cc04b01d2a6bb039e70ba104c15226
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d4b48156-4fe4-4284-a5ef-767cba9b35ff.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
260KB
MD5281a742d77fa530adce0812ce6279b29
SHA1e9c60016842da6fd2731b91f9ed7310b18eb0c23
SHA25672f28d859c32c781d286f782d468ff3b3a9b8e792328e1b9bee97b7b37d7d270
SHA5121e6fd59c2709a5cf192b829324d56bc78ed8904bcfa324ca1173ce06cd445280294c9805567793b3b13219f64a52e2227b20076e444d3cd996f0a77d615e3cbb
-
Filesize
135KB
MD5fe0978528b354da19a619084e3644e6e
SHA160d073e9ccd63e94d638e052713aa1d7df3ecdfd
SHA2561106e4000f2d745a1ca316fda9cd2f7dee77f4d25305771b7a6c810146780410
SHA51227736b9a2ffd60fcc59f1fa6d136aedbe5cd3ad7e647e736dd64a3aa6ca0cfb991c8a7e9f72fe814c7b0380fa1cbe05b111006a862a495188adbb886366aaee8
-
Filesize
260KB
MD554facbe7f27dacb99a5088edeaa81fd5
SHA1ba35ae669da14a66d90ecc83dbd368cd55e80ee6
SHA256d5e1110e85618f65f1ed1f5338c319a39c56054dd6e1c97c4599f82dd21b6832
SHA512af709e630c5084b3bc2cdd3660960bbde42d5c520f9d4114ac3d764bf3cf4781cc03a09a601bcb3b119464d445ee85ddfa954baf4cdd8f2f89e796cbaa64b2d2
-
Filesize
135KB
MD57cde7c7b89eb8a00a3a4234262a287ce
SHA1657acaf249de3b7e69f09b7b9a082d8cee20d6cc
SHA256d800344c40fbb48e8d960ba44b857bf382841f52dd492f2b5c2c55006e46900c
SHA512b81a73c5b4fbb0f639ecfa3f0815afeac5f904a5cdaabb82bbeee7cb2e44988509320f2b15d493e33c038b4fa009b85f7abec312e168a90ef70b5b29b14bb89e
-
Filesize
135KB
MD57ae4307919823a258185e13fc34326f8
SHA171e3025304f168be202de581037725595210f480
SHA2562fa4ab259cd22daa9fe8e6ca32bbaff1301d84a870fddef84fa7578636e20b91
SHA512dca089390b0cb63d4d2108a4deb9a8845a9d8712da1d7563761bb54b0372aa7798b2ed8b49686a1090f973cb1dd9202a46f67a50c4f5e43d36373e80cb856135
-
Filesize
135KB
MD5a761794a11b197ed8061349840744f07
SHA18909a6402ee1b8d90515bc236024199a18ebc6e5
SHA2561a7852f1a7aa1c2b3bfc8c2baa63f6e93457c08d932dac7a0f005a44a602a176
SHA5123e446d8f58e0e1397d95410d8a9008c8d5b8a12aa3651bea3d13623e37d33f953f70fce357beb20224554971d8cfdbfd517ae13e62f97345c3fe33e726abb1da
-
Filesize
135KB
MD55691bec5069d10d69bfad3cbad26011a
SHA1a3edd54962e24863ac2247ea39c170ff8d59fe36
SHA256a409458fd2bfc14a51d4d5cc8cfd5da293ef11688b7c7a411a500926627ddf58
SHA512d0066ac96264aecb4b75132319951ba3002f5add105fea95adef4246bb72a2019cf9cdc769fd4a13bda167676cd7e7adea2bd8c8de1f40515050d1d35f61a655
-
Filesize
103KB
MD535986e933e114c8bf8dd34efb501b8c2
SHA1c0a888ba23bf83e27033b694482668969fb03bc6
SHA256c34fdf17c20b6f40cc179e9f75f89e7d6d6b37000c75c66521acbb33a1a9a990
SHA51264d618e4b8c85c9ae39da00dcb042997533abb60dc029a49eb373f73abc5aead6163b2a98d5c5a4155b6c0080efec9ea698fa81cdf14c992386b48417571ad58
-
Filesize
103KB
MD5798776b67ad1b6123b3e4885ff90e3f7
SHA19f0cef61c2c2412c0f890017024f08eb4b9753ef
SHA25668d5d7adc6391c01cca4e72bb126cccfb3a1d749e3b8295c9440019883963b84
SHA512729f2fc5ad9e90129f112877d5e04d70ed3a15059dcd1ade49eb0a39e28347285126361b227c71a5f6002a2d643b0d5eff8615356ab9bbbf69bcf84b8009b751
-
Filesize
104KB
MD5a25964661df8be917fe96bf37a1d97de
SHA1c750d71bb307435f0c794c449b0eed44ceb8b3f4
SHA25665af8b266d1b49c00c9bd7df1458a92fa81f0ad3fe2a69cec03167cfc6bef098
SHA51220209e5aa8bf196eb41db643ecc72f9afa070bb119f6aa7b0acf309b683a05aadded7d4e9af2764c447fe3c5c7e63f9123337ab9f9ac393e16057e1402f3f3c8
-
Filesize
83KB
MD5c73d5ab7edf04f1c37531920ab72b2d5
SHA17466aa937a6ffd076b7aaf55cfe1acc84753db9a
SHA25664efdc4cb2d12a3f37708501195b842eb4a6751fc7939854dd1a5d9eb4b9bd80
SHA512bc7492d102711c04c05ce594d29a37b8d95077b9087865f803d1c0e42bd60a2bbf83c9312ac2781a087f636cb328fc41c8d8184ab7eadfe5e3dc9b834259d7ba
-
Filesize
152B
MD523da8c216a7633c78c347cc80603cd99
SHA1a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA25603dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17
-
Filesize
152B
MD5a8e4bf11ed97b6b312e938ca216cf30e
SHA1ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD53b356bdd425b1ac814b9bd69088c2998
SHA15e3d2e90c8e0aca26f27a9e685b05f3a659611a0
SHA25611ee6e6d895d754703d1ade9f48000c5832f1e356fd459fddf7b7b94392bdab8
SHA51296c30d303f5150a0ef77196ef38cd98afbfc3cf9711edc03c87523731574b02764f2a51fd2901df3a4e7b99134ecfbdbe22362d2cd153da38060baad11bdd971
-
Filesize
1KB
MD584c7316cce8eb1e967a5073fa40e9821
SHA195a3d82a014b432eed52dcbce8ba55159247d6c9
SHA256e9b1b7cbfeeff579f1f458258e792b998df14c17d90ce1f0260197c84e305163
SHA5129b98db6e41d29df8fa7db7ab6b436b39ad5d1054f062542b05d760a71f5b83ca78028d77d7c154457988791c7bbaef8d5870326083ff2917e10a85eb5abf5260
-
Filesize
5KB
MD53c4e3ed1a3bbdf728c7589b2804f397b
SHA1f6731471f8ec81f3bb40eaec84203aab06fe9c63
SHA2567b140aebd30fad4aec2889a8cd6d70b817ca1e8753ea9a148ec3c3a856311238
SHA512896883ae7913cfb2b4db27f389e290bce814e6a272f80c788be7d796ad8311578ab282094e389c5c3eae5b862a0f8ec6f142bd79ec97d1d687578509b12797b0
-
Filesize
6KB
MD5505e2efc8a5a84e903da5d69fe8aef69
SHA1f05ce961ce2f685e1cda519bc779981edb202033
SHA25662ab520145f0e78c3693b71dd5a651d134b14baa62952b2cb450151b59b9e47c
SHA512408200fb132f61909ade1a31138e809c455b59f2f49b7be6ea622163b3a8ea4be4baec9f8ae53744b395aae519737b9036adc37e5ee4ec0210537beef39379d5
-
Filesize
6KB
MD56b84e50f66e85aed79b79140235fdf9a
SHA1a7b48776fb62402b64297d657c40a300dd4a2026
SHA2564d1f2954ea8cd033c1498216852c6c0deefc8c9984bfbd274b940283c145abb9
SHA5125ad4b44b673986a983d6b7a621bcb15a6b39fb65e1f4cb585fa4e7a6aa83330d257e1679fe9f601f01afbdbbf4e16a8b8340a75e1296fe28d815bab982821b01
-
Filesize
1KB
MD5e5217e15c45a582cd1d2aad2c587e122
SHA10ec6d06f919dfae43a62b2764dba1f6fa0624cfc
SHA256a694b95781879c85150e42ea65d8fc13572fc2d8e00f3ba78ac12eef5c508dfa
SHA5129448e7bbae625a42e647c7796acd213be6d0e7f9933e97d2771219662900f752dc56c680b813e341818a6ca1869211e8e2c3a6d05a3265dd1dcff5f81f23e79b
-
Filesize
1KB
MD55663d8b44c7f92f8679b4146fa4c026d
SHA127af72c073627864935ddc7c3d78a74c2649e3b2
SHA256d521f1654792af7ba6cdfe7ecabb4ab8fab6e5b3ac951ce45c0f0c5a680411fe
SHA512e415418563a9fd8f3a34b2001c590c533219e93e647bbc565e820402ffebaf08447c61dcb286a6be6677d63311cdf8ba2d9e0f7afabe12d36f291b9a421fb632
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5bf576f58e62d24388c215b0f1a32d125
SHA14e4658ba70fac22925d5c40005f3e8fae3220294
SHA25699a39081af111d2e1180a16cc8a62fb1dffea91e95c9003e1bb014a1d84d1e28
SHA512c4341c710a2ab1a75699bd35ded207767e7961b3f7d97c6d7f66113b9e3b371c60df9c002a45cf4ec296f77889fed162409cfa57348f8d6af81c509edf2f1d7e
-
Filesize
11KB
MD51b3dae6816a652280146777e40212e4b
SHA171a639c26a8856a9e3ea21e14c2314ddcb7a1db9
SHA2560146ffb73ee0aa1e1491d285e41741a0b2eee7ce306793592bcb4f00a2d8a572
SHA5122cf972f5d743807bd1c95163d7a6c0ce034a92a2f2e61d2d94e112521abea4c051ca13064fcee53669c29e9eef6ca4a0beb90143a5cff385b68bf34fdd320f03
-
Filesize
15KB
MD57ff5dc8270b5fa7ef6c4a1420bd67a7f
SHA1b224300372feaa97d882ca2552b227c0f2ef4e3e
SHA256fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1
SHA512f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef
-
Filesize
15KB
MD593216b2f9d66d423b3e1311c0573332d
SHA15efaebec5f20f91f164f80d1e36f98c9ddaff805
SHA256d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb
SHA512922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32
-
Filesize
17KB
MD503b17f0b1c067826b0fcc6746cced2cb
SHA1e07e4434e10df4d6c81b55fceb6eca2281362477
SHA256fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b
SHA51267c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2
-
Filesize
78KB
MD53478e24ba1dd52c80a0ff0d43828b6b5
SHA1b5b13bbf3fb645efb81d3562296599e76a2abac0
SHA2564c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904
SHA5125c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d
-
Filesize
14KB
MD5e33432b5d6dafb8b58f161cf38b8f177
SHA1d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a
SHA2569f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183
SHA512520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf
-
Filesize
113B
MD538b539a1e4229738e5c196eedb4eb225
SHA1f027b08dce77c47aaed75a28a2fce218ff8c936c
SHA256a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2
SHA5122ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc
-
Filesize
279B
MD503903fd42ed2ee3cb014f0f3b410bcb4
SHA1762a95240607fe8a304867a46bc2d677f494f5c2
SHA256076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1
SHA5128b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857
-
Filesize
15KB
MD5b2e7f40179744c74fded932e829cb12a
SHA1a0059ab8158a497d2cf583a292b13f87326ec3f0
SHA2565bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b
SHA512b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c
-
Filesize
192B
MD5e50df2a0768f7fc4c3fe8d784564fea3
SHA1d1fc4db50fe8e534019eb7ce70a61fd4c954621a
SHA256671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396
SHA512c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998
-
Filesize
623KB
MD5e7b2fce869d7964ecb99702aaaeaba8f
SHA1acab7cb37406e52fc8c9b8867453e74803afb1a3
SHA2566c0d6a3c76c4fc213a39c1df9cc3c3fb53d89c4826b070a39cbbe8e37cec2b83
SHA5129c7371adabc96a925472c85f54a2abc1e5dc9ce943a55639a2f87744732629e4928e422e5e53ba71d96396d6e94f6e1383a77376501758a632bfc42a1d1fa978
-
Filesize
324B
MD51b456d88546e29f4f007cd0bf1025703
SHA1e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6
-
Filesize
200KB
MD581234fd9895897b8d1f5e6772a1b38d0
SHA180b2fec4a85ed90c4db2f09b63bd8f37038db0d3
SHA2562e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c
SHA5124c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16
-
Filesize
411KB
MD5f5fd966e29f5c359f78cb61a571d1be4
SHA1a55e7ed593b4bc7a77586da0f1223cfd9d51a233
SHA256d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156
SHA512d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be
-
Filesize
19KB
MD5206562eed57e938afe21fc6942fa8e59
SHA1779e90fec866c0fd2f47da020651db71c89ec3dd
SHA25627d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45
SHA512275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26
-
Filesize
80KB
MD5c3e6bab4f92ee40b9453821136878993
SHA194493a6b3dfb3135e5775b7d3be227659856fbc4
SHA256de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6
SHA512a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895
-
Filesize
670B
MD526eb04b9e0105a7b121ea9c6601bbf2a
SHA1efc08370d90c8173df8d8c4b122d2bb64c07ccd8
SHA2567aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157
SHA5129df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68
-
Filesize
212B
MD51504b80f2a6f2d3fefc305da54a2a6c2
SHA1432a9d89ebc2f693836d3c2f0743ea5d2077848d
SHA2562f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6
SHA512675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94
-
Filesize
153KB
MD5bfa34feedb3fedcccd95d15a59150d75
SHA1fd29efad01ff5e074d5a8da69e59090f961d8267
SHA256828754dbf8cd2f95e010e31382bd0403c83652a3322552e89fd377d44cfb1b65
SHA512c4b038a14376dbb03f00918c2757d3b71e17024e63789a17c7bcf60bbb09c05628277e39cdc7531922882eef300f51cafb9f61423ada90ae7525707b9c80ce30
-
Filesize
12KB
MD536c81676ada53ceb99e06693108d8cce
SHA1d31fa4aebd584238b3edc4768dd5414494610889
SHA256a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38
SHA5121300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c
-
Filesize
11KB
MD5959ea64598b9a3e494c00e8fa793be7e
SHA140f284a3b92c2f04b1038def79579d4b3d066ee0
SHA25603cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA5125e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
Filesize
9KB
MD5f7b92b78f1a00a872c8a38f40afa7d65
SHA1872522498f69ad49270190c74cf3af28862057f2
SHA2562bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
SHA5123ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79
-
Filesize
3.0MB
MD5939e789eea6c2fd4a0d05ba14bdfd460
SHA1d3fe8af6010831ad4cee56cca1d8e6a36516168e
SHA256453678b49eab43527bd91dc346df6fa8cba2b4ae654c08fc4292de847030608b
SHA512f512e0e83da23ab28171cc345324a0c24bbb15ffb116fae4fd7403069e294b104732f2f1c3134cb50ea2a4dca4c725369e8387e3be8dc53680c6e0dd4f0c14f6
-
Filesize
434KB
MD595f6f6ab9509bc366ab9215defe4251a
SHA1e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b
SHA256a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50
SHA512a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc
-
Filesize
24KB
MD52b7007ed0262ca02ef69d8990815cbeb
SHA12eabe4f755213666dbbbde024a5235ddde02b47f
SHA2560b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
SHA512aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
-
Filesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
Filesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
Filesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
Filesize
6KB
MD5ec0504e6b8a11d5aad43b296beeb84b2
SHA191b5ce085130c8c7194d66b2439ec9e1c206497c
SHA2565d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA5123f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
-
Filesize
424KB
MD580e44ce4895304c6a3a831310fbf8cd0
SHA136bd49ae21c460be5753a904b4501f1abca53508
SHA256b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
Filesize
127KB
MD5745c1fea555115823986ad9bf93a0836
SHA1284f1de75485b6e1489cd2d0725cc611d0930192
SHA2565f66fc9b37f68817f33f24b3e7a274e5231076c5a528e35c4d4eecba26c52cb9
SHA512497ce6c0424006d14a8e2ea4dbf993ab1e089442c5734010aab55ebd4f279d1c4849d03e61dc31063c7a83ed5b2865f7a630a49dd13223f85679b9a8c95aaf1b
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
493B
MD59bfffe1b98a9b22cd5ff6d7beae99fed
SHA1130a1fb1930c0f70c116136f5a01b10b614823d6
SHA256545cef1da512b5dbe04104eda0a4dba2e213df423ce52ad4686825075c4ea022
SHA5127cb54745e92e025e6d490f50678b93bbbbcf52d9a09d0c6394be38d07c83e2642a92ed85dcf4a3f11dd3e5c3affde38f181f215e76ad7f55b220e33d1bbecb23
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
57B
MD56bd81c1c5e4b1a5f315a3f7023551e22
SHA14e8684a6c2b23999c9a631309487151ac489e798
SHA256684c9909843372b10a65ef9a585c1cf2cde1cc7916d27e1725d1a63dfa8204da
SHA51205175e1719a85b1c0a2115b3331b8fa71ef0e8a5874bb345b6014e8ebc73d2262ad48b99c98109db51068d2132bfc1763bc3e13797a6bf1f758bb2f9fb8c109e
-
Filesize
92B
MD5a564e65e4ee50c440659638ac08e4e79
SHA13ddc2e497f0f7ef2606b0124faf19366059e5148
SHA256578f48f05742b670e89d9c851f7195078c89463eacd704af15c124c3de20aa21
SHA5129b598e64d52398ea8b3090231e7c7318bf19a74032fc41671960d6a2b536e3c8740226a71e1ae5202b4ef73fc2b4d71a202e65941c339ade927b5557dd21be17
-
Filesize
1KB
MD5f17c1ff8812b9605edf391c0e302d136
SHA1568071cf109e38cf0b59dadc3e779b5e39a0a3d6
SHA256b2cbaeefc5d7637ccd98514aa6d5196b132efe5f0bdcecd99f683720c19da5d6
SHA5127195e357a22ffed0e0270804aa802b06dab656af644e548f51dfe78af3421b99ea496e550a250d070d34153af6cb7abc755ed96d6273d2358c09d601fb46915e
-
C:\Users\Admin\Downloads\BlueStacksInstaller_5.21.206.1006_native_06b66a5b2de093109f66c0225981074a_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier
Filesize26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
1.9MB
MD5ec801a7d4b72a288ec6c207bb9ff0131
SHA132eec2ae1f9e201516fa7fcdc16c4928f7997561
SHA256b65f40618f584303ca0bcf9b5f88c233cc4237699c0c4bf40ba8facbe8195a46
SHA512a07dd5e8241de73ce65ff8d74acef4942b85fc45cf6a7baafd3c0f9d330b08e7412f2023ba667e99b40e732a65e8fb4389f7fe73c7b6256ca71e63afe46cdcac
-
Filesize
51B
MD5aa9ab927f7bc1bc84ada9519e58f9650
SHA1a9515474d15f9cd43c4f1c30b2c7041d6c6b05c4
SHA2563cb23b535845ddd6fd6160dbb5fb6b14096161d3e632e0dc424a788875c85094
SHA512b5bb47ea20ec20587e29dd3b6f8f68e7f8ac567e087b1e432320c3264769ae5e03b16693f5c9d4ba38a0c67d2f2a071b3ee7d104e75cbfaa0aa9342515f0085c