Analysis
-
max time kernel
599s -
max time network
600s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
20-06-2024 14:34
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot 2024-06-10 10.51.18 AM.png
Resource
win11-20240611-en
Errors
General
-
Target
Screenshot 2024-06-10 10.51.18 AM.png
-
Size
35KB
-
MD5
ef26e5021957eb9cfee4f535b8c575c3
-
SHA1
e58b779c93454db5c6ddd253f833b2dbc515ade9
-
SHA256
599adf86bd62df11577a48b131fa3338cbb035812322e0ef4e96aab18704dbc9
-
SHA512
bb6539fd8564d6aea9f73baf6a238e40423a4b47477c4b6ea7bf3f41f093c4fd2c8aecb571aece061f59151b8a1e5b284df1f54765563d7c6451f8f37eebe77a
-
SSDEEP
768:UE6uIjUHJZQgD423WWemFZUMXqonPflaW+cCtWDWEOZSBxLpSF2ed:UeuYfQClqKP/CtWXOZSlG20
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 8 IoCs
pid Process 5884 netsh.exe 5920 netsh.exe 8132 netsh.exe 8248 netsh.exe 8280 netsh.exe 8328 netsh.exe 5532 netsh.exe 4600 netsh.exe -
Executes dropped EXE 44 IoCs
pid Process 1244 BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe 1132 BlueStacksInstaller.exe 1916 HD-CheckCpu.exe 2772 HD-CheckCpu.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 8620 BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe 5308 Bootstrapper.exe 5208 BlueStacksInstaller.exe 5140 7zr.exe 6704 7zr.exe 6512 HD-ForceGPU.exe 6452 HD-GLCheck.exe 6588 HD-GLCheck.exe 6640 HD-GLCheck.exe 9160 HD-GLCheck.exe 6780 HD-GLCheck.exe 6840 HD-GLCheck.exe 6892 HD-CheckCpu.exe 6944 7zr.exe 6984 HD-GLCheck.exe 2104 HD-GLCheck.exe 2944 BlueStacksServicesSetup.exe 2228 HD-GLCheck.exe 8244 7zr.exe 5124 BlueStacksServices.exe 1220 7zr.exe 6776 7zr.exe 6900 BlueStacksServices.exe 7004 BlueStacksServices.exe 1848 BlueStacksServices.exe 6088 HD-CheckCpu.exe 2032 7zr.exe 5584 BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe 5484 BlueStacksInstaller.exe 4752 HD-CheckCpu.exe 6292 HD-CheckCpu.exe 9148 BlueStacksServices.exe 756 MEMZ.exe 2736 MEMZ.exe 4768 MEMZ.exe 2788 MEMZ.exe 8724 MEMZ.exe 680 MEMZ.exe 8668 MEMZ.exe -
Loads dropped DLL 64 IoCs
pid Process 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden" BlueStacksServices.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 168 discord.com 218 raw.githubusercontent.com 245 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\system32\storage.json BlueStacksServices.exe File opened for modification C:\Windows\system32\storage.json BlueStacksServices.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\BlueStacks X\image\now.gg.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qt_it.qm BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\Qt5QmlModels.dll BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Styles\Desktop 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\checkBox\checked_hover.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarRestore.svg BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorBack_Click.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\misc\libexport_plugin.dll BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\xplugins\SettingPlugin.dll BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sk.pak 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\language BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\msvcp140.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files\BlueStacks_nxt\BstkVMMR0_nxt.r0 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\de.pak 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\maximize_normal.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\MIM.ico BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\services_discovery\libwindrive_plugin.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files\BlueStacks_nxt\brotlidec.dll 7zr.exe File created C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\Search\Result_NoResult.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qt_hu.qm BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\imageformats\qsvg.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libadf_plugin.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\dialog\min.svg BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\Search\mini_and.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Templates.2 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\codec\libavcodec_plugin.dll BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\Qt5SerialPort.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Calendar.qml 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Private\Control.qml 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\cef\locales\lt.pak BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\SideBar\left_arrow.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\default_img.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\LocalAPK\icon_add_hover.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\Qt5QuickControls2.dll 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_chroma BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\account\config.json BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\close_hover.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarForward_Disable.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\access\libnfs_plugin.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files\BlueStacks_nxt\Assets\installer_logo.png 7zr.exe File created C:\Program Files\BlueStacks_nxt\BstkDD.dll 7zr.exe File created C:\Program Files (x86)\BlueStacks X\image\account\now.gg.svg BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\vi.pak BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\access\libaccess_wasapi_plugin.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\access\libidummy_plugin.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libinflate_plugin.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libmotiondetect_plugin.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\account\Choose_img2.png BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\maximize_normal.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\Qt5Widgets.dll BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fil.pak 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\fr.pak BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\hr.pak BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\www\js\flexible.js BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ca.pak 7zr.exe File created C:\Program Files (x86)\BlueStacks X\image\MyGames\addApk_hover.svg BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\MyGames\next_enable.svg BSX-Setup-5.21.210.1023_nxt.exe File created C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\LinearGradient.qml 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\mux BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\api-ms-win-core-processthreads-l1-1-1.dll BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libantiflicker_plugin.dll BSX-Setup-5.21.210.1023_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe 7zr.exe -
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 8276 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 24 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 BlueStacksInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString BlueStacksInstaller.exe -
Enumerates processes with tasklist 1 TTPs 64 IoCs
pid Process 1788 tasklist.exe 2292 tasklist.exe 6588 tasklist.exe 3600 tasklist.exe 2864 tasklist.exe 7204 tasklist.exe 5136 tasklist.exe 6196 tasklist.exe 3544 tasklist.exe 9028 tasklist.exe 7576 tasklist.exe 1140 tasklist.exe 4032 tasklist.exe 1048 tasklist.exe 4364 tasklist.exe 7120 tasklist.exe 6276 tasklist.exe 8500 tasklist.exe 9112 tasklist.exe 9176 tasklist.exe 5168 tasklist.exe 1548 tasklist.exe 5264 tasklist.exe 3176 tasklist.exe 8320 tasklist.exe 8556 tasklist.exe 8928 tasklist.exe 8908 tasklist.exe 5788 tasklist.exe 1168 tasklist.exe 4628 tasklist.exe 9208 tasklist.exe 7276 tasklist.exe 5848 tasklist.exe 5128 tasklist.exe 7968 tasklist.exe 6140 tasklist.exe 5624 tasklist.exe 7868 tasklist.exe 8124 tasklist.exe 3824 tasklist.exe 5328 tasklist.exe 7096 tasklist.exe 6208 tasklist.exe 8828 tasklist.exe 5308 tasklist.exe 7640 tasklist.exe 8640 tasklist.exe 2788 tasklist.exe 7568 tasklist.exe 2804 tasklist.exe 6180 tasklist.exe 4092 tasklist.exe 9176 tasklist.exe 1620 tasklist.exe 8116 tasklist.exe 6524 tasklist.exe 732 tasklist.exe 6244 tasklist.exe 8352 tasklist.exe 5196 tasklist.exe 8284 tasklist.exe 5532 tasklist.exe 7264 tasklist.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633676937455490" chrome.exe -
Modifies registry class 19 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\ = "URL:BlueStacksX Protocol Handler" BSX-Setup-5.21.210.1023_nxt.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol BSX-Setup-5.21.210.1023_nxt.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command BSX-Setup-5.21.210.1023_nxt.exe Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\shell\open\command BlueStacksServices.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell BSX-Setup-5.21.210.1023_nxt.exe Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings BSX-Setup-5.21.210.1023_nxt.exe Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\URL Protocol BlueStacksServices.exe Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\shell BlueStacksServices.exe Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\shell\open BlueStacksServices.exe Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\"" BlueStacksServices.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX BSX-Setup-5.21.210.1023_nxt.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\ BSX-Setup-5.21.210.1023_nxt.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\"" BSX-Setup-5.21.210.1023_nxt.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon BSX-Setup-5.21.210.1023_nxt.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0" BSX-Setup-5.21.210.1023_nxt.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\ BSX-Setup-5.21.210.1023_nxt.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open BSX-Setup-5.21.210.1023_nxt.exe Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs BlueStacksServices.exe Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\bstsrvs\ = "URL:bstsrvs" BlueStacksServices.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3264 chrome.exe 3264 chrome.exe 2208 chrome.exe 2208 chrome.exe 1132 BlueStacksInstaller.exe 1132 BlueStacksInstaller.exe 1132 BlueStacksInstaller.exe 1132 BlueStacksInstaller.exe 1132 BlueStacksInstaller.exe 1132 BlueStacksInstaller.exe 1132 BlueStacksInstaller.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 4536 BSX-Setup-5.21.210.1023_nxt.exe 5308 Bootstrapper.exe 5308 Bootstrapper.exe 5308 Bootstrapper.exe 5308 Bootstrapper.exe 5308 Bootstrapper.exe 5308 Bootstrapper.exe 5308 Bootstrapper.exe 5308 Bootstrapper.exe 5208 BlueStacksInstaller.exe 5208 BlueStacksInstaller.exe 5208 BlueStacksInstaller.exe 5208 BlueStacksInstaller.exe 5208 BlueStacksInstaller.exe 5208 BlueStacksInstaller.exe 5208 BlueStacksInstaller.exe 2944 BlueStacksServicesSetup.exe 2944 BlueStacksServicesSetup.exe 2864 tasklist.exe 2864 tasklist.exe 5484 BlueStacksInstaller.exe 5484 BlueStacksInstaller.exe 5484 BlueStacksInstaller.exe 5484 BlueStacksInstaller.exe 5484 BlueStacksInstaller.exe 5484 BlueStacksInstaller.exe 5484 BlueStacksInstaller.exe 9148 BlueStacksServices.exe 9148 BlueStacksServices.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe 2736 MEMZ.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 652 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
pid Process 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe Token: SeShutdownPrivilege 3264 chrome.exe Token: SeCreatePagefilePrivilege 3264 chrome.exe -
Suspicious use of FindShellTrayWindow 44 IoCs
pid Process 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe 3264 chrome.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 6780 HD-GLCheck.exe 2104 HD-GLCheck.exe 3424 MiniSearchHost.exe 8724 MEMZ.exe 4768 MEMZ.exe 2736 MEMZ.exe 2788 MEMZ.exe 2788 MEMZ.exe 2736 MEMZ.exe 4768 MEMZ.exe 8724 MEMZ.exe 8724 MEMZ.exe 4768 MEMZ.exe 2736 MEMZ.exe 2788 MEMZ.exe 2788 MEMZ.exe 2736 MEMZ.exe 4768 MEMZ.exe 8724 MEMZ.exe 8724 MEMZ.exe 4768 MEMZ.exe 2736 MEMZ.exe 2788 MEMZ.exe 2788 MEMZ.exe 2736 MEMZ.exe 4768 MEMZ.exe 8724 MEMZ.exe 4768 MEMZ.exe 8724 MEMZ.exe 2736 MEMZ.exe 2788 MEMZ.exe 2788 MEMZ.exe 2736 MEMZ.exe 4768 MEMZ.exe 8724 MEMZ.exe 8724 MEMZ.exe 4768 MEMZ.exe 2736 MEMZ.exe 2788 MEMZ.exe 2788 MEMZ.exe 2736 MEMZ.exe 4768 MEMZ.exe 8724 MEMZ.exe 8724 MEMZ.exe 4768 MEMZ.exe 2736 MEMZ.exe 2788 MEMZ.exe 2788 MEMZ.exe 2736 MEMZ.exe 4768 MEMZ.exe 8724 MEMZ.exe 8724 MEMZ.exe 4768 MEMZ.exe 2788 MEMZ.exe 2736 MEMZ.exe 2788 MEMZ.exe 2736 MEMZ.exe 4768 MEMZ.exe 8724 MEMZ.exe 8724 MEMZ.exe 4768 MEMZ.exe 2736 MEMZ.exe 2788 MEMZ.exe 2788 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3264 wrote to memory of 3400 3264 chrome.exe 85 PID 3264 wrote to memory of 3400 3264 chrome.exe 85 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3420 3264 chrome.exe 86 PID 3264 wrote to memory of 3444 3264 chrome.exe 87 PID 3264 wrote to memory of 3444 3264 chrome.exe 87 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88 PID 3264 wrote to memory of 388 3264 chrome.exe 88
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-06-10 10.51.18 AM.png"1⤵PID:2268
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3264 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc586dab58,0x7ffc586dab68,0x7ffc586dab782⤵PID:3400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:22⤵PID:3420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:3444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2124 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3432 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:3132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:1612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:2536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:2020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:3028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3800 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:3016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3168 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:4152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3316 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:2172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:2716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=868 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:2928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4856 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:2440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4148 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3260 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:5040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1484 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:4560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:3080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4888 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:3168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5092 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:5028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵
- NTFS ADS
PID:1132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4688 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:3312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5028 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:4508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:4836
-
-
C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"2⤵
- Executes dropped EXE
PID:1244 -
C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\BlueStacksInstaller.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1132 -
C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe" --cmd checkHypervEnabled4⤵
- Executes dropped EXE
PID:1916
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zSCD4DECBA\HD-CheckCpu.exe" --cmd checkSSE44⤵
- Executes dropped EXE
PID:2772
-
-
C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe" -s4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4536 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"5⤵PID:7980
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c green.bat6⤵PID:8084
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="BlueStacksWeb"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:8132
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="Cloud Game"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:8248
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:8280
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:8328
-
-
-
-
-
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -versionMachineID=865ecc15-deab-4aa4-888d-e85e0b00808f -machineID=f66f478c-5206-41c0-9239-cffffb5adaf2 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.210.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled4⤵
- Executes dropped EXE
PID:8620 -
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\Bootstrapper.exe" -versionMachineID=865ecc15-deab-4aa4-888d-e85e0b00808f -machineID=f66f478c-5206-41c0-9239-cffffb5adaf2 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.210.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5308 -
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\BlueStacksInstaller.exe" -versionMachineID="865ecc15-deab-4aa4-888d-e85e0b00808f" -machineID="f66f478c-5206-41c0-9239-cffffb5adaf2" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bsx" -bsxVersion="10.41.210.1001" -country="GB" -skipBinaryShortcuts -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -md5=64ba815394fc55b27f001d51176920bd -app64=6⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5208 -
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\" -aoa7⤵
- Executes dropped EXE
PID:5140
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\" -aoa7⤵
- Executes dropped EXE
PID:6704
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-ForceGPU.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"7⤵
- Executes dropped EXE
PID:6512
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 1 27⤵
- Executes dropped EXE
PID:6452
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 4 27⤵
- Executes dropped EXE
PID:6588
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 2 27⤵
- Executes dropped EXE
PID:6640
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 1 17⤵
- Executes dropped EXE
PID:9160
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 4 17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6780
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe" 2 17⤵
- Executes dropped EXE
PID:6840
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-CheckCpu.exe" --cmd checkSSE47⤵
- Executes dropped EXE
PID:6892
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa7⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:6944
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\\HD-GLCheck.exe" 27⤵
- Executes dropped EXE
PID:6984
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\\HD-GLCheck.exe" 37⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\\HD-GLCheck.exe" 17⤵
- Executes dropped EXE
PID:2228
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa7⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:8244
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa7⤵
- Executes dropped EXE
PID:1220
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" x "C:\ProgramData\Pie64_5.21.210.1023.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa7⤵
- Executes dropped EXE
PID:6776
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:5532
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:4600
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:5884
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:5920
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\HD-CheckCpu.exe" --cmd checkSSE37⤵
- Executes dropped EXE
PID:6088
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"7⤵PID:6228
-
C:\Windows\system32\sc.exesc.exe delete BlueStacksDrv_nxt8⤵
- Launches sc.exe
PID:8276
-
-
-
C:\Windows\SYSTEM32\reg.exe"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\2mbdfvbn.l15\RegHKLM.txt"7⤵PID:4004
-
-
C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSCA180D1C\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\2mbdfvbn.l15\*"7⤵
- Executes dropped EXE
PID:2032
-
-
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5656 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:6280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5040 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:6460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2112 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:6824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:6872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:1136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4500 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:1876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3188 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:8348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:8484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5532 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:6784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4428 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:7072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3696 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:4024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:9156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=3244 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:2688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=3272 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:3244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=3280 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:12⤵PID:7352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:7104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5556 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:2772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵
- NTFS ADS
PID:6836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:8444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4948 --field-trial-handle=1816,i,13346303927946713930,1378646655158669125,131072 /prefetch:82⤵PID:888
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"2⤵
- Executes dropped EXE
PID:756 -
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2736
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4768
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:8724
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
PID:680
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /main3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:8668 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵PID:8700
-
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1900
-
C:\ProgramData\BlueStacksServicesSetup.exe"C:\ProgramData\BlueStacksServicesSetup.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2944 -
C:\Windows\SysWOW64\cmd.execmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"2⤵PID:1628
-
C:\Windows\SysWOW64\tasklist.exetasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"3⤵
- Enumerates processes with tasklist
- Suspicious behavior: EnumeratesProcesses
PID:2864
-
-
C:\Windows\SysWOW64\find.exefind "BlueStacksServices.exe"3⤵PID:704
-
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
PID:5124 -
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1716,i,17960547415732361577,6214123347753863890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Executes dropped EXE
PID:6900
-
-
C:\Windows\system32\cscript.execscript.exe2⤵PID:4328
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1972 --field-trial-handle=1716,i,17960547415732361577,6214123347753863890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵
- Executes dropped EXE
PID:7004
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices2⤵PID:6868
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices2⤵PID:428
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A2⤵PID:1616
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A2⤵PID:7192
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"2⤵PID:3316
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2616 --field-trial-handle=1716,i,17960547415732361577,6214123347753863890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Executes dropped EXE
PID:1848
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8728
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:9028
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8856
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9208
-
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"2⤵PID:8776
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6716
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5264
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6696
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:2788
-
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt2⤵PID:2360
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4992
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5848
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5860
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5624
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6044
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2596
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6128
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6276
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3916
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1684
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6244
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7548
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7576
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3984
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:1140
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8256
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:1048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4696
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:8284
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8184
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:8500
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8608
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:8556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2512
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:8828
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:572
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:8928
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6128
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4292
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6776
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5532
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5696
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9092
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1244
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7672
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7204
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3336
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7276
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7600
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4988
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7612
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7676
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7896
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4472
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7868
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1652
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:8116
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2344
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:8124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8108
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8144
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2068
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:3824
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8848
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9176
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3372
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5152
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5312
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6220
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5256
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5804
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5848
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4992
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5812
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5052
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:4364
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8664
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5136
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5196
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5308
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6688
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5128
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:976
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2740
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4092
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:1416
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2064
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:6524
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6636
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:3176
-
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2548 --field-trial-handle=1716,i,17960547415732361577,6214123347753863890,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:9148
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7100
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7568
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:868
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7832
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8036
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3440
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:8320
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8604
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5620
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:9176
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8612
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:4032
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5732
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9188
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7512
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5240
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:8352
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8652
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:8908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8756
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8984
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5216
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5284
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5828
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5820
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9160
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6588
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5888
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5900
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5148
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:6140
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5892
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:1620
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5988
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5692
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6292
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2352
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:2804
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4364
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6780
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6320
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6368
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7264
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6440
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4792
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:6208
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6488
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6180
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4464
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:3600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8460
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:4092
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7056
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:4328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3588
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7096
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6072
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5336
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1936
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1868
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7640
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7644
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7620
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7752
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:3544
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1140
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7884
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:1788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4808
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7896
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8236
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:1168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8260
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8384
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1432
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7972
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4972
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:1548
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2056
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:2292
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8092
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:1752
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8604
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8868
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:732
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9204
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5220
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:4628
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7520
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:8640
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8352
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5000
-
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:3424
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5328
-
C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"1⤵
- Executes dropped EXE
PID:5584 -
C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\BlueStacksInstaller.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5484 -
C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\HD-CheckCpu.exe" --cmd checkHypervEnabled3⤵
- Executes dropped EXE
PID:4752
-
-
C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS0D57680E\HD-CheckCpu.exe" --cmd checkSSE43⤵
- Executes dropped EXE
PID:6292
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
477KB
MD531619556ed6d5ca481cfcc3b8a5b6a80
SHA161fbb30965a5b11b6d8d26e85f0aab14868fc97b
SHA256d19ed921fe898222fc2bf4260820d58315ef30f178e87bafffd41b9602b791e4
SHA5121a5725d88a8005a62cb2c229235752b63698323e7c5facb564d62c7b6e09188d75935c319b91c0e82e40eb6118d7fa9bcf048065f485b7e61e47523447bc06d9
-
Filesize
569B
MD5e7fdf6a9c8cae1fc1108dc5a803a1905
SHA12853f9ff5e63685ebb1449dcf693176b17e4ab60
SHA2568ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e
SHA512a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9
-
Filesize
653B
MD576166804e6ce35e8a0c92917b8abc071
SHA18bd38726a11a9633ac937b9c6f205ce5d36348b0
SHA2561bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90
SHA51293c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005
-
Filesize
569B
MD53221ac69d7facd8aa90ffa15aea991b0
SHA1e0571f30f4708ec78addc726a743679ca0f05e45
SHA25692aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537
SHA5125e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328
-
Filesize
653B
MD5dfddf8d0788988c3e48fcbfb2a76cd20
SHA1463bb61f0012289e860c32f1885a3a8f57467f2e
SHA2569585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d
SHA512e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca
-
Filesize
812KB
MD5fbaba140f30a11e5ff4f97d921de6d45
SHA1d12360b79d9fe7ddc5380a22539dc7d4768ff5f3
SHA2564889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16
SHA512cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5
-
Filesize
538B
MD5ce144d2aab3bf213af693d4e18f87a59
SHA1df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa
SHA256d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3
SHA5120f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe
-
Filesize
412B
MD5ea22933e94c7ab813b639627f2b38286
SHA1c5358c5cb7fb1a0744c775f8148c2376928fb509
SHA256d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20
SHA512ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964
-
Filesize
15KB
MD56db7460b73a6641c7621d0a6203a0a90
SHA1d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3
SHA256d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd
SHA512a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852
-
Filesize
15KB
MD55ceab43aa527bc146f9453a1586ddf03
SHA188ffb3cadccb54d4be3aabf31cf4d64210b5f553
SHA2567c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0
SHA5128a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e
-
Filesize
9KB
MD57a2e5c21140aa8269c2aafd207f5dbaa
SHA14e0d9e7e1b09e67eba10100d73dc51623517821e
SHA2563d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35
SHA51263f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde
-
Filesize
176B
MD562d7f14c26608f8392537d68f43dece1
SHA1add4f30e7c3af4f7622e6bc55d960db612f3bb0a
SHA256a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d
SHA512e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4
-
Filesize
392B
MD5ca0a329097316832e4a6ea5d870c9268
SHA14a36b93361d3dc9df9b00313f2c2b394be9e1e72
SHA2564b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2
SHA51251f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271
-
Filesize
169KB
MD569457c9a9974ab32264fed54bceb4b1f
SHA17b00b9860fbb9fde7edaf6cb35a7070f79554dec
SHA256115ca4c71da3c6f6cdf74247fedec9830b7e9490ec6358d77a301be27bf69e5e
SHA512ccfc6597b2a34923f9f2162a4ab743d56486d169802772dd8ca87dad9c1e04d75330a960eac380e5af5e1db9a9e44b66221df1f583b0425dd4a91d0fea1d71dd
-
Filesize
223KB
MD54be4afddacc41422970834d7a0d4d1d7
SHA182ffe2b1d535f2550ab63cbab450a6a3b6b034f5
SHA25624552a2080acfe8022dcb0afbe73896a4b781bfa49007e2fa6022f368265565e
SHA512228b79f571b459f7a968e79db2d2c78da103db5956f19d7e13e167bd3a4783d8f967dd055df73076e362194be67a2bdd25dd4af99e22d59ab451c5c767c2572a
-
Filesize
131KB
MD5169706218f98a42594a8c5c5a65771fe
SHA1b8ded94180212578d86a031eb71ef93dcffe1a26
SHA2563803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697
SHA5121c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448
-
Filesize
10.0MB
MD503205e5952ea7b803839ecfe3bb000d6
SHA174146e76e31fd1e75ae1c34fa8194bc291b34a40
SHA2568364e6c6bf5744357199de0de3f6ba30846ccda70288675b75059e6fd52241f3
SHA512badb8843f9a483329cc4f559f95bd07a8cc1f9383e0e67dddacf74e586541067ca452a7fc28b63dcd28edc434c3be8ddc733dcbad0e06d973dafc99242f0b192
-
Filesize
2.4MB
MD5aed2766cd70116ab1e0c430001a30b8f
SHA1a06c62b35c333412dd61c493d6a6520a8c04537c
SHA2564ed3a10f1bbc40b9a2ce3b8cb6dab6f00fe922d0c0e1c6ab5adfd8617cec9389
SHA512a1ca058b88c1a6839b2e329b08423ee115800864f580f832bbc4f4720f0965984f893d210437951bd79dcfd3b917137b0b2e8f381e50d2a1bc2de37ca5555961
-
Filesize
191KB
MD58615f18dea34c152e8aeb8f4e01fd17b
SHA1032b7bab09943cc5c8a380b0aba29652d5539153
SHA256e7e2cd13fa9fbaa33c537e8eecfd542e4ce4a621bc0b94159ef9e6e4541652a6
SHA5122a68ba854d473883f20e1a26375fa39b689cd39d2e284a963b07f25fa3eb6865ff3d8fea2241af23ffc731b83e20ec5b8147486de0a507e83413f75d71eab248
-
Filesize
250KB
MD5de5e6a97c80d698256369b10255ce45d
SHA18d4b979a8c2ee33c2dbc01ed13a165b455a5fdfc
SHA256669f9d3388438377c440419e5c62973362e33e84a5b247ddd0dd4568da75eb13
SHA5125609ca5053f581e636c0fe10def704f076c7acf5d958e235991fec32a2ddebd72b312f36a6648d2462766d1cb141f3df12d39df1a344e0dfb4a9e2946dcf1206
-
Filesize
420KB
MD52a8ca8692a60fe8d33d51d99c9084a9d
SHA1919d8adacce240fd394d6faf2aa41d2e5b8460ec
SHA25673f0a7c7632313613814b3ccf5962962aff99de940e084e0b609ecbad1ec1d44
SHA512080e56cce041226592e7fa816fe8c5e362a1f172a8c671bda4092ff127f0cbe8238c40d41751099f6bac8f02c71faccc011df270b1c1bb8b772286ab95f5f1ea
-
Filesize
441KB
MD5143ffa8ca3ac0e6dca9a8b3e8ba3f3f5
SHA16186940350b3fdd936f6ce41f3091bbca397e9a2
SHA2563f35466a80f4ca5a5167b2d3a3278e75afd90821206ac98801210a2117c913e2
SHA512a12b5e3ae821e08aa76657cf84bd79def6f8fdb413e908b13944f6c2bc1aa9724193d0a9a0abd5dc0b87e0845d61b021d39024a5048443531dafa19de707944e
-
Filesize
475KB
MD5154217351d415b13dca71e28727902c4
SHA1096a1640b5e83a7b20afdfa7cfe2507b4128e0a5
SHA256da4bb8513745180a0eb26228a315786a6bfb98d6594173491d25cdf9d59c5bcf
SHA512f1676a8b05c00588308c57b2290c00a6d844811e9ad4495ba94d62ae71a8c58d504ccd2697cfbf822fd5c2ce6423f76da8a901b4eae55095dc4b9667d9c2a8eb
-
Filesize
624KB
MD5304432105fbe28b1625f0d7b6be3e7bf
SHA12d5474854bc0bca3f3ead1b9199d76ef533f0850
SHA256ac282f17c5f25b55d368d06b305b89b614949d41c2a1377f1dd5aecb57d1ca8e
SHA5128ab35cf2069f70a3a99dde98a7b7782821000abcefa97eaeb07b8a717d26a7b6c5461d5bcd39110b47db98aad9c56e463ca2707b7e6b71cda1092b8cf3a91ab8
-
Filesize
294KB
MD5a2c61a98fe7407ded9ece126c4c9d057
SHA1c7d64d8bdc2fd9e7f1c62dff79e0e56e13f9cd69
SHA2564d583b753104ae98a1e5858bfe38dfa3195d477128441ca59c882d158d52ebf8
SHA5127522ee10397140b5eb45ec3d5cb32e9212a7d3cae8fbc377b270872aaf6c7077e7b13465f6005a85b5fdd4d2e86b1731c3366ddfb2e4bccae4ae2d1a178e0b1c
-
Filesize
303KB
MD5c0bb82986abc67281d8067e5f20625c7
SHA1e7cc8888dd95d9edf226893f0e4c12e572bf6bf8
SHA256217718dd6d64f45da33db0629e6d56da8084ae0fd8123eafda909e662a5e5b50
SHA51280f4542345cc6e0d3589aeb76e0e5f19a824f2d3186d397c8fb71c1e9d6c056108df7f9a192a6515eb9ee43505b7844c0bf76b77596adcaa3c0ee783dd590ad9
-
Filesize
271KB
MD55eba7377be8e34dd03db766300039ed2
SHA1b3460fa050b93454b9e05586d86d7cf67881f557
SHA25694157ad608b35b29dd176a3106caa4613ed6d4c20268ce00ac4ccf13a9950f94
SHA5127d24210b60fe38b42fc6a4437ffb1e06333b7084025efe462b66e086cdee953254a1d6fec69ab3c8569118156f3a4a957aed5259e1432772ab46cf7905aa4385
-
Filesize
292KB
MD501cc5b8a05a435482dc692baef032d3a
SHA1229a4d1c9aea9111bb46895d096dfcaf488b8d4a
SHA25653d5743a2606d6b553e8dbff871f2f1d3d53666baeb9ecca5b1ed624d48d5835
SHA512082654e8385811d4e0f35544c017704b0f13638f850947d76c9abe093333fdaf9d1d08c184bb8107d16b0eae6ebcbe0c522ed18138dcee30a71d9d75ea8c3488
-
Filesize
522KB
MD526afc001a706679413f5deaa3c6603e4
SHA1c9d780d930775cfc17cf9160712a2e90ca55106e
SHA2564c2a3552e84fdd08852073d25c99727c4270160260d159572715c7d37e5861bc
SHA512743380b99f6d55ad892296e8361b74cf90254403fef15de37c3e5fc302bae2991f5bb4ae21ba84bddc30da3b5b31fb4e741b0c524feede1656bcd2d531d76ea1
-
Filesize
239KB
MD506da37b66f4dbbe8c5ae1bd7e4addc99
SHA1ac190bbb14b76d14143dcc088f460d1be2ba2886
SHA25660f87ec2b06329bdea7f835a61e9893fae147343f133caa2bfa5215797881ee0
SHA512c436359e259c0a1cdc0dea1bb9ecd2bc22fe1124d76b9deac7e8c7751d97d66cbe61739aecef650908ed05363156fa11453490a9c9f23c74c683ac4e8c7c8c3e
-
Filesize
242KB
MD51e958f35257ef1e2e5115d860602a593
SHA1688afb781ce3c4c9a55fee9696145260d2ce1400
SHA2564a65112f4d03cf38abf2ccff5e3fe8e161cb3e47d588b510504007c9bb876b37
SHA512a996e8708f4e92794cf3eb6b7780d9ac8e567b1359aface4fd50d427630e4219678f4cdcd58764123ab6baf12a9c87a08b6ba5767fa8f6042a7319fb45b72a27
-
Filesize
289KB
MD5f21b0783d062082ee46aa573eff68df0
SHA184f62d15eb68858245e56bef0cf317e273918044
SHA256859cb8ad8666e97a47f0e24df4ae85aad80002fbf842b4e68afd0a308d6597fe
SHA512d87e2d51cedba8ba4eba3b0fd390bfb32b25c5cda98a0d6465b5ae351dc745a67ac174c223e7def8b02c9f00729244026e895791add2611680579dfec4b7b07b
-
Filesize
293KB
MD503265b1a7f6a996513067866d55f3bcb
SHA1427eecd7810cf24c8758dc9beae18afc9d8969a0
SHA256516234550bfda93687b28c5cb3b7b5362212bf41b900d790ade52747bcf766da
SHA512d6ace0340666eaffe28f57fb070eb4504460bd47517cf3c0b9c07671a605ec017c4fb45a38fbb96b9c54887dcee639b41ef03b2fd85ed9a666af56dbb73023dc
-
Filesize
261KB
MD573e6f20f0c75a9beb72798167f8c6f91
SHA1d01932a69626d23e8ce9e9bc240f6d99dd155fb4
SHA256ff1b0d50f6f067b291199578b6a7757797bd7fdc6b0ac472c9361076bf9eadaf
SHA51298966566211bba402352607a0622dca7f64ad4c056cec2b40cb70572cd1ce5ed92556490b4399a32ed1c04a14d80a3841fd1a758225120ee416c68e9314316db
-
Filesize
422KB
MD5f913ea1db8c9c99bff701ceeaf8138f3
SHA16bef3ff865b3a95dc1900ba3c94c5bf556c695a1
SHA256b4e0d3f7cb858ce12b5a75a71ef14f2a36494cd4138181b29f6fb3d6bd386c4c
SHA512edca9b945c6dc90586f6d20e73316f620d5fff61f3ad4fd35c7e9064f55b1988cc77d372a97d100cbf572a2906cd193777a18ace98fabadea1604df42c8823a5
-
Filesize
269KB
MD5f55358f58eb17b4bc6abb19592c1aba7
SHA16dc1d99757bc5a447b9761a4a0c90a2be521c6b0
SHA256cf3b9a857c63022d671f4cc335728c270935628f085ac9a17568a2529daeb4c1
SHA512d7cb03ec31a3cd8c7f13e1bae1439fbba3b76636f1f254ba5376c5da82b9a98e93684fc3cab3bbe8a4c892ba42f17c0db1eec1531950e17932aee16007081aab
-
Filesize
301KB
MD5f5257136ed900e1715979c9a96de292d
SHA1217cbe02931f6466bdbdb27c85c876b851610b23
SHA25698a20cd0e9fae36f22de4a4db7b515532b4327e6d475d4e39ae93ea45b76cd90
SHA512c38828d2736ba26ad0bff9976adc9d3910df7a417aad8cf6e3cf6383688a56ad2581cbda520403d44b010562b56d6107211385fc80988ac57e930199415ca654
-
Filesize
318KB
MD575575474726cc8d98def90e0dbddcb0f
SHA13e62e3b73bab73597a01c3ece5871c64b142391f
SHA256d37509844342371b4026b720dc00f77ff88fe2e7c2b27861e3ca66b10e76ca94
SHA51237e8e5cc44ee4433b0206cd1baedb955947d0fdf172e69a28fb7bc09f2a57c4f27fb45c12a0a49753281cb2e2a92792b67d568f3cd4f90c9c87337249d031fc0
-
Filesize
596KB
MD5e245057bea15117bed15bc3ee2911d74
SHA1c8e2d5f85a974fa989c0d0f64121d2836a13bb84
SHA2564ea64678c7c551c2b2088b9417bcc76218822f3213e9b8028d618864035b97a5
SHA512a72a1c259332f279f976403034c9d2356a437a1677c0e20c243f23ac246a8ab65bf150a610867687eef48a0b7c87d23f0e357ef21bb1791386790243803ee70f
-
Filesize
368KB
MD58c02d30c68c4abb4b1a7c2493d8fde51
SHA12cbe2f537d59971296f2180d146d9c2905d2a76f
SHA256e37f0e2516799f320e4ac1a872d0ab7108c4f63d9ad33a17a4008923c7f93e9a
SHA5129155cb07b6a23d7f73bf8f68af44ee3bc1e25c6ca643c2f8d64a808d3f78076e3ee60f68d3be9cfe3a6dcfbbfd4595e58c897cb4f8b92272e8ffb443cdf6f3a6
-
Filesize
618KB
MD561838bdf13a1d60545d15e9cc49866be
SHA164bec7fe42caf53f192b58e4e5b068e56d835cec
SHA2569a399dd9dac62ea30d700f94e83dd79d54827eac8b9cbce0343ad2dc0f4809a1
SHA5127e9e0c3aabebd6f0c221918b6790d096824ee1c5f7338a21ac489952b8260b1e59be423005ce34bd5039cb38fa7c9197cf48b77974ed8f6b7ab2a2472e3daecf
-
Filesize
290KB
MD5a621446d9e94b0d47935bf3310c385b5
SHA15cb954846bd2a2c477cb28b99545cd9bc0fbe990
SHA25693f7fbaf2c7e5f52187fc4a2b5726387e84decebd1efd8b922665bb831e5b842
SHA51280c5ddea81bf8d1721a2c6cf094cb2c99a10a9aa443193bb2942360de9783da75292eaa341711700281626cc0c8a8f9dc071bd8bb589444f764ea307c4b9de37
-
Filesize
312KB
MD53c70ba470c8503cae9407540d070f506
SHA10b841228d28e8605c37df79f1a3714402d2b18df
SHA2560770854f32f041df5ee0190164aa24a1ad06e199c79efd46f3ab65e12129023e
SHA512ded69524127431d1b6a68bcf85119079a57d3aae5c5be7fd8f215090ecc74570b899e8ec70d6cf74da49833d903f8ec2cbb06738a1c917efc5e19a44167183c1
-
Filesize
259KB
MD5fc2cd7f4af1976579f6b0eae3ab2d874
SHA1c4e434b9d0d95a505947c97d396b05c9a18f3983
SHA25648b670c94216623a0c81ad611cc3b47a47dc9368215e065fd02448b4ebf808ef
SHA5129e355bcfcc31535755233cdd7a521b0bc68f897d85a22da658e3fe5bfa388ce8d8dfa7c01087ea04cd268d44d43862c5acf5b305e45b4572dcb25884e45a4535
-
Filesize
285KB
MD556c13472d7efdb4466d5189af2d06ce6
SHA184025c148e10e1885125893dd286d0f9e751e101
SHA2567114d3e0c7de30f25c789a1dcc7c50e85985b8ff35afce4600128e85318b4af4
SHA512fa9b17d387585a281ef1582b8596cb61dc79658bf3b121f6fb6355bd6584c517d938e21d1a0b1be6491c01e5c15c2da666d9f77000a12a2da137c040046957f8
-
Filesize
351KB
MD59705a8fcead214aa619f1be816135ea0
SHA1f10d22cdbf5d7960aeaa13c98cf8f7de41034760
SHA256c8db5560edd42f1a6acc4efd10865ce39c15dadd3b7dbdaaa28922e1f9c86320
SHA5126d82ae6023e48ef54d6903a13b6f07069fdd5c87aa0e7b1219c0797bf49cc789170b3677d572fb1b63feda138e624f71e7175022eb7928db0dd413cc8652c6af
-
Filesize
693KB
MD52e9a1e91aa149308dde43e0b357e1c8a
SHA1d657811a3b3dabe519fb7b5fad46977674234f51
SHA2562a0411a1368fd5f342581b00fb3b451f89ad593fa49f0f79fd9abd5ee0d5f5e1
SHA512d7b612562fb04a89dac28f51e691f42af39cf61bbd2199c4f652a3096330a99084c0f410bf0c449403031b9a264769ba2932cdae8b0c49bcf92b5ae7a4e8fe9b
-
Filesize
296KB
MD52a0bc83152bfbc0f365d3a85fd1e1832
SHA19b972a8e823ff6f161ca2aadac11043b054b3146
SHA256ae1cdf9a4cef3a86d3550f7501e5c650cc1e0924c9ab84900df702ea7e351f8f
SHA5122c3ae97d3c78310cafe92620c0438dde4c624353cd682f3087c92050870d768e6f7071248e55d03232739a2dd94c7694975b0b329f1ffc6148221a18effa9088
-
Filesize
313KB
MD57769b6273b1519ea1a8ac9f059e78c93
SHA16d8807f4af484041bac83d5d8873d639d5f07d0e
SHA256e88897c766d8746b9ad859123742dc84b4dc9e6bd05d10a9262b15055a67758a
SHA5129c91942cb73bc0c2dfdd94a93759520d9a3ac7f6b43ac826d00d2ff46c6335ed87126024bfa955e9c9e744d437a832188d66ad238ae66378a23210b9d1e740ae
-
Filesize
310KB
MD517b9ff8c299fff962e9b9bc0d5f2f15b
SHA16224d9bf81c4771033e14477da0a652336326036
SHA2567e4a42d3cc06b7c9cfebad08391de3a275ec129ac20d36ec90ac136ee88223f0
SHA5128bd3f102b933b94cd0da09e77c78369a156e2ac22f29888ac0c9db8d9d4e2a7e4eeac99942ae7a8785c6207a0277c374c1727712a932922c10646e3fec609963
-
Filesize
728KB
MD5df01088842b8c05568fce402a69bb595
SHA14b97c244ee85efb9c35b69f65f64d9cfcb2d25aa
SHA2569f1fe59eb3d0da8d36715d63da958b5773ced3967e04c5314b3d5aaad2f3c579
SHA512b434a12884f7a1d417c02de2fd27955e6af2329d8d8d0db9781675a16396556b89e2f46dc951e070c4077073e126d492a5db7a077b7ac3b1f80fe4fab4d68125
-
Filesize
584KB
MD5f40f6817a07049b8589310b7dba04534
SHA193afea27adbd165aa1e3261cb67d5ab719ea02db
SHA2565429e2696d32638253c4372cc427b3fa154d7c997dc13aab90411fdf98c8f6d3
SHA512450039cebfebd9b5dd012c2980587e78b64e777bb2ed7cebd1f3174b5e88f0a018cbd60af18ef3eaeeecf9729b420a0216a0b167867be4a2814744217bbf84e6
-
Filesize
269KB
MD5901240b9cb3a7a635c2d56d6ff1b3966
SHA1c1fdd4ccf213bf1822696061d64930f47a017cdf
SHA256a750d091e4ca00bdc647ca36c2a22cf9199126c69607fc14f468f6b3b588e55e
SHA5122b316bc8d5f27f6f90434fa61d270a28f5aef2b9808b1467697c5671aedcfd99d7cf99d72f11d05dee06e73949ab2b22627ea1e925ce8b1ec65b4cd43d03eca4
-
Filesize
264KB
MD55c901b43287edab65f05464dbad3e301
SHA1d76444677a7eeafdfe0bc27a0ff892f028144d67
SHA2560bdd86ed3444e7e5508dfe4ec483673c2744925accaa5529bff4037cd1b0c2ed
SHA51246fbe41905a44fe034f3b0798459a2b5bfb4ac408bb90fb5f0f9e82c91407e4b6eddaa82173c0926784881acee514da71284ed02decb49d99cb235784d072da2
-
Filesize
275KB
MD5884f7faf0e79d04c6536506d6f95eab1
SHA139334913aa447b35012a8d7100e7f91e805c7e9d
SHA256b4d9d873df0ab126f4a312755fde331d4d246519f1757f32087b36714ef4249f
SHA51277a4379e148c7886950b92bdf8959c12c8695b7121be89142f4d4190cf32c43b8accb77f0c40718cd3c7e3ac0f90e99f3dcf5992140a5769821fc2adac988e18
-
Filesize
301KB
MD541ad390a8cc5fbd5b1f352e838b42ce1
SHA19efa8f2e5a0312e83f737929765a86112a874272
SHA256979c4336b428df84e37a2a51a7c5f311ac33ef6e4edc309c138ab2866dd065c0
SHA5121beb3c66c5b4f9d128e8badcaa8b9dfa9908d74ea910c40a7cde8be3b9b704525e7ddf1e646013cfecf7c66585975b8a8e640b43b27771335bbaa90158f45d01
-
Filesize
285KB
MD54792f1e39c6875d8aa5e911f16ed638d
SHA1c04ecb497096be4173f9aae3f0ae6accc8324156
SHA256a39bf79dce50c0ef227c3f326728d12c7675a79ab5d4b891fc56913bcbe83e5e
SHA5125fabf0e030f94c959eac797ae401f28b76ad63816e88d26e3875168978d7448317e3f86aa99b15c0ff266505c5dcb30124c796c6c46c0b90e09ce21b77324d69
-
Filesize
288KB
MD50db54f0f25ec3a19dff541ba223bd5b4
SHA1dc1f0c9b1c2578490af5923df179a92814c04904
SHA256ff89da2b21c03475373f3839615c570d15b9929fa2cea991105915ef4e648d69
SHA51296060c6c548085f019f3f127c4250ae6620c2b4f206da9203db94a7d2146c945b5384a661494ad886ceb35cf3f45500302b01009e08b43e549e17ddc318bc48c
-
Filesize
297KB
MD514ee5c1a362e753a5c44b11343430fdb
SHA1b87e4750d5319c5c695f1581feaacdd71abe0cda
SHA256ac3134a201073f6482a4cceb29a745104325ac76b7ad0d262ac7567584f450a1
SHA512ed647aa3f3ccd5033e41c8cbb8f85d1bd0dbf783472668abb9a7e83ce5ce05706b9d67d5cfb4c28791414e77b5ea9ca5335189545ee79475d3f7cf58c1f12377
-
Filesize
477KB
MD53d28ef9e25426b08409db5379cfd55e3
SHA125fefc87d6233da5b287dbbf04a63c34cb9c5571
SHA256b81a0b0175225dbdf35150dcc0c36154cfc042c1525df216d68034f0ae609057
SHA512210b8bf28519c1e1576dfaa76260ceb6fe5dc46d23a6c74f1eaba9e08abb310b34989f0e667b6839999f765cb9bb77d35636db63ba082d471c6b73819b357995
-
Filesize
308KB
MD5b37b81799942fc174e05b6aac03ea4c3
SHA1788d6d10c82614465628f79bbe1f2346839a582e
SHA256579a167528badf2a6feafbab487bd2314dd6107d0cc87df17a88ae325ef16319
SHA51231bb82eb4434665a1b22a21e3e91b48fb2fe78913aac18475f8f328f05fafb2e4bffdd1565b8f48c67061fbf760ad217300882b5871d1753255d969be2b49b44
-
Filesize
294KB
MD54138dc422fc6a5afb1a855ffe0caba32
SHA18b23cb3c91167908e181eb0ce9d730ca5b3179e7
SHA2567904fb9153a65105690d76ebda6e9edef2852b868f6a8d2e989b2013d40ffc3b
SHA512a578919421c6458fd187d5985d721257cfb7bc3404f174dff413c211f29cb2d4552699fe10f0c01a651e224c1c7f3189706aaf71107187120a4260214881e531
-
Filesize
451KB
MD597ef86fc3b66a0a3aa4e1be4555369f0
SHA1bbe68527d0c4c9e6624920d548c0ab0c09dbac88
SHA256d5a48e324fba0fe6ad0b08da12fa2f4b9279b6271d36710663b3462794a0c7fb
SHA512fd7802060a8891df3ad2df1252e0fe09f227c7ca81715917fe0020277d28788326d9798cb62acb8820f4701fb18627f78b6d22d9ee8ee402abcfeb4704718ef3
-
Filesize
266KB
MD5f2bf46d97477489d80659d0be53d9d05
SHA1a76378ec45dcdef0c596aebe8a4cf36dd3f9c01c
SHA256196265eea8a2d8746953564b11d64dfc38acc9b17d3e38965f3ae1ba78841e32
SHA512d65d27d04beacb20d3367af016ef55bea774c782475271e0a0573d2bff2912835d96a803c216ca5f43b56d142e6a77b41a67f35c5bc704c10f5e2aee5d6b7348
-
Filesize
273KB
MD5e99bc71c3caeae580ef7060155ddd0ff
SHA1d6986e1fe1dd6c110b05f44f84e956ecac188b97
SHA2564282f200af58345ac756dbf88d0b898d26750f5aa16b7d2557b4d31c0ec126c8
SHA5126bef16c9633387a3a0557cb644f152210d75157ac9b8ab1af6b94bdbdfb48b2511d0adc84d269ad16a439415ec46b78ff9a2e743bf72238cc5f25a4ce5bbd7f0
-
Filesize
703KB
MD548554783d89587fe96d94cc1afb58248
SHA1be0843e27225df82cbb27f017acb7bac27c92c5e
SHA256df0d976ad84bd0dc165f341ca9c5dfe7995a4f676c1c0a09d7a4716747e94896
SHA5122ec38646a550e86bd6634247de2a49be20e9f3c09820284da82f7aaa6ceabe32920c4395d3bcd728e3370f8342627a9a9f12b6a222de145213efe57239183784
-
Filesize
658KB
MD5079fbd6adf806504199dd0b05c87c697
SHA14fec8c3bae9b48f92e35b609fc3977eda5de2039
SHA256ee2697e8850803f08bee80e461833bd9f4232532c3f569f56521b1320c99e5e2
SHA512722c6f3f6f61a8eea6965eae290e580a3263b894e07f7aac08fb6cca67e668db92a874728e32764ee0c10f5307b753d1589b8cae5c8a39edb29c7253591c017d
-
Filesize
556KB
MD5433dbeabe2d4c70255f1685ece8fb97b
SHA1966c16c364b4f3ae6ccb8c5019c0b6bca75b593e
SHA256dedb178d79730bb0282605f7bbc6e410b03ee7bdcee1a64c08d9e9c442f49942
SHA512b5f3d434f71b62136647700e7d4c4e207bafeeb20cdb03019c6cd6580e61f88f596a4f2a0ca77b010f38b41a3eaf5df8e2a00e06764db17244083cb95703213c
-
Filesize
282KB
MD51a505f3f30511c2b05eb29ee0e0bff26
SHA108d4002d32dc5ea8a9476495786f5d5c1bae7ea6
SHA25627627a61c6857b80b5eec4f6720b585f82b38271b7470c00a444735beee254e0
SHA512d925f59cc9af4d55ad5daee42094ddf5d120eae816cddb56e906cd8da47039502f7608e9c4af77994ee7db585697fb26dbbd1c2e7c0bee4e3b194c9eee80eeff
-
Filesize
478KB
MD5e21f45d7685b75be483013e1e8dc8237
SHA18f4cdd3dea580d7671117e9c49891212ab950686
SHA256dd57df6e7b591b3bd6663743c52f4c5f3a7a24e90fd8045b03479707f25702b3
SHA512b29d8c67a259e4221e9cbb082f41a1b008f665e18dac568c7ac75fd40ee1e1e00df8bcd65825fbac63d51b1bf555c5c3752b96a9c8a4a153cd325377a165a048
-
Filesize
332KB
MD5561050669f78bd04d0431de3eb98d160
SHA1028a78bbaabe19ac338648ac95a8b944254e8d3d
SHA256922eb514cc20dbb44f41745c9e793756f8b46892504207e75de188be0aca6333
SHA5122df7ff472a616c9271da813a66c6bd98809d788c7dc752ff0f3f68423f245cadd6945a5424af740b17d14f4f6935a2f2bf030b369dc8a39fa6e968d7f2a1897d
-
Filesize
245KB
MD554415acf2d54c65718c99ed78b4bf3e5
SHA1311937480b01256a1e50d0556df9b4f9f9a46424
SHA2563648945ec3205f590da62f76af957d8a4175890e6ddb5fd1103beeaf66728c7a
SHA5124eba5d0f1be81e72699d8429252877096524b4e27fd7d8ac480ec13cb60a83f4b8288823299c1c4e210699278588662e578814b8061bd5b72b5179b956624fc9
-
Filesize
245KB
MD5c709c2e92d4c0a1a2fd30f5350bed636
SHA131c8463300bdfe0238f167451a1adffc4fa899a3
SHA25637a8707ce5a07b4363579e2d411a1c641913ed1e0377ae1e8cdf70146cee889e
SHA51238f8da72ecbf73f10a8109ba51f162e77b0f567f7415fe2fa17a2bd7677d9562ff8bd5c136251f44c192c7618cdf72684dfe11070f478255828a5bcc5df8c01d
-
Filesize
447B
MD5b09525b48c0023f893d6b64d06add4b1
SHA110ecd439ea04e02eefe17f6c110d0c0a78a1db21
SHA256caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e
SHA512c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f
-
Filesize
577B
MD547ff3e4cc15b8c4a07e3ceb6cb619b62
SHA10318e54c613b8ff00f54d843e90ef88310c1a96f
SHA2564786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a
SHA5120212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e
-
Filesize
480B
MD522efccf38e15df945962ac85ac3aa3b7
SHA1b94a8615dc92982e1637680446896080f97c2564
SHA2560ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92
SHA51241a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee
-
Filesize
25KB
MD57a7d65e41e785a7a848f0b021cc0c0d7
SHA19d61357d9aaec43adb92b95dd63103c566aa2083
SHA256e02e378326e351980325f9cbf4e27327ac03aabf85286e7636c99220da950806
SHA5128f67d2e4ef55abffdc1062997cab7a44cc81e42b16174d88dad41939992903b7a9ce9c7775db10835d30cf4aaecfac7c8d6f2cd1611f17e40d3c66ee0fb928cb
-
Filesize
14KB
MD59fb07e066cc2f213a64d35a97a8c2922
SHA1a70db989f5c562bc69caad89a1402c8ad7c9b80e
SHA25665e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90
SHA51281680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c
-
Filesize
22KB
MD5a9ce4896a111f0ea2149e25ddfcf27aa
SHA15f242727905a3f30263793e3095fff8fe7a3a0f2
SHA256941d60fe4e4f1a66166e8fe75f885ab1086a4037a4627004e391d7493e3e8911
SHA51205d0f13214d60fc4533652f5b1dc161f3f14c8b194d74e45a34412f97267fd69b7b19f1f647f348ebfbbd2551c4060e36e746a6a79963db7e78cd95c92dc4d3e
-
Filesize
21KB
MD55f5cacda94bb2384f9d6bdece58ac526
SHA1c10f095a312e623b79c42ab7ca3f48130b348d62
SHA2562b698fd5d6f4fd959c4a24b47b02c2e1a9f51a72a66cfab3ed72d8f667d221cd
SHA5121ca9373b2eff0620d02249ab82fe46644f6452db36a2b61334cc258d2e9910200c33543f7794e0bdc69761f5b86aedacca0fe6491293ecd1df2992eaa5aaae99
-
Filesize
22KB
MD56b1fc0b4e861692c83e8f36848e7faad
SHA179e064008b2c2bcc63146664cdf1a63f1d5ab58f
SHA256f5684f68c50b3f8f5c1ce0e1266e003f2099d3ae401c848b2cd30260a998feed
SHA5120a15eded536ea683c4493af1f45f8bcfdc24ae69747386a6747dfb2bd3475f88f4d15d2ac77515eb5ce75b65870f2fe2337bdef0fae5758edd72684683a9180d
-
Filesize
20KB
MD5623b1aacfbaf85b09a4e0c180e9ef178
SHA1e41bfa201d627d093bf446eb39fab268528e5e32
SHA256ce6bf3cbca52a1ae369199ee190272f6842a45e64da9ab6cac8b48842aa099ca
SHA51283b91c326561b725483fa703d7bfc66a3eafc55a25772bb22251bc88869a30bf11c2c5aeabd5a07da8fd7f2d2b93ab2ba47edaf025f8055f6ebf07df99f9b77e
-
Filesize
21KB
MD5ea49ac9605d0ddbff07b0e19d6d34517
SHA1c17fef2467a8973db193de95f7b66e6f511529d5
SHA256408c2ff8977fd6fba4ece99f547182394ab62d22401454344f48ea085707ebbf
SHA512e45a6d19a570f496a30eb2b39991a04743d491ff85b29390e52be2a5e146f7819c2197cd0b0357120a0c5ad9c792059584e6c4fe8f8098ecaf435aad6a44731f
-
Filesize
25KB
MD5da7a6902f658d02dffe24e7b29ae25a8
SHA12942cfd645e7de104aadb45d65976c073dd54a64
SHA2560c28d5d9178465b76fab0f5d736962095ecd333d7b2b1775c31becd38aded023
SHA5121079fc5da14e53157486609ec2faac6c88272c74c2acaa8a02f7cc698cd078f118bbdc9d979a40b183055dfd3104d1792d530b9bdeff4b1d1f12131a7f3253e4
-
Filesize
22KB
MD521af008aed42c6654b0a6eadd1fca98a
SHA19f1dd90654b10a1d56c0b7345de9226deafeac52
SHA2567f9e11fcb9567e432cacc5ec0b399fcbfedcdb0838f21ee84641cc4eb7794155
SHA512da2bcca88b89caff19edfc38cae25fb8aaf1805dc80c28b0e1a51f5de64ce7b5c671bceb2ceb897969906fe80477e47efb9df7cd377d62f8aa3ae9ae1200d440
-
Filesize
21KB
MD51d824987054f6109e386a2af3a2930ff
SHA1f0103827d00e343161463cbb436a751135ab7c68
SHA256a5c2f911ae2e891f152d08203e8e99e78735f09de4b7421fc6cf343987b48e34
SHA512df45abf4e8b24683eb3314478bfa9820caa83799e7d685473ec963bc9f07d72e763eab14a80aaaa7e1e44232223efb43cc6e9ec777c028516e7831694994d8f2
-
Filesize
21KB
MD535c829fe17dd39d16ed9ed9d3c3a423f
SHA1e2f498fb2ebd74647eea70edbe29d49dec3856f0
SHA256a3a3183e5f85ef1d84f386deab1052871fe8ee1cfba2800cd6443459e3609346
SHA5124a9db0e592d62cfec1ddf7fb1a67d2ed9338af50edce9582321d9ca798548cd65c53b810631cd862791c925cae2075a10f3183b02b5851cdb2cb2f54db229698
-
Filesize
29KB
MD5c14b9c7f08c0e2a57ccfee06a7c5a05d
SHA1c630e7233059006b1213807f8dfcb38295dde240
SHA256b61b82dbc223e35f7451fb848978a79703b345c7a7728d60d59fb95171e11969
SHA51215e3fe85a248c065429cfb52b5fa3f454d2440ac39612452974c7fe1fc890316c57a2b6c4137de36b3642276aa6791345e1b41af6628e80c4e7a3c6247dff6d5
-
Filesize
34KB
MD519402422b374354b36b182df60197aba
SHA175b68c2f7f9ef4730f0fe738f9477c543feb46c8
SHA256d1de34e55cdb1a8abf9ad3bdf0c875b8f14825ac25df5526da98ced87588aefb
SHA512c2f6991d15bc870a0998bfa74a939c66131f2d17485b3771e41fe876cee02050ece0c8a25cbca6720254ea8e25542fcab6ad569864a8443b5e3a0e266282490f
-
Filesize
21KB
MD53aeda0b485130bfc9dedff4b8fef1961
SHA1ace8100a277ea0f8e06902d68c1c39061a44fb26
SHA2563c465dcb8fe7197b0862637548d7c383574965666dd8305f5eb617444e9acfc1
SHA512319cad94c82fd188103a0178a4aaa6433d57358a7fc99348522336fdc786946f2b08fd405fd104573d7aeab62248577a7ff6a27ad35cff50790d0eada45440f4
-
Filesize
23KB
MD5fcbbad664f3eb4d57764f73eb0765942
SHA1cfb0601f07f12a78993d701168aa93109fa891c0
SHA256401a8d87d3057dc1b2dae6338c93ad8f5a5f7de628ea2d5fb94ab781f9d1a776
SHA512aa077fa7ddf698ba5e619239025775ce81972af515d82d1211039e0c65e5a30524ced698dcc1b7a1e1c943992ab6ea8fd5d28dbdd5abf57ba0c246360e21f08d
-
Filesize
18KB
MD50d168bc28c89f0fd4bf3b7f2d9c65eda
SHA1733690096aabff107a7b9a8d8a45c7a68aa9335c
SHA2569a5032c277e2af24fc596e1d2f535dd8873530cdf055ef7b9a27b84a1e4bce88
SHA512bb1e632e0c6aef6915ff178e9fb2b71173d1a3a00bfb294b59933e2d84f05642001d4201e42a2cbb7716cb4df039e4acc9ee24f91c784a48521039a2deedcdc1
-
Filesize
18KB
MD535dbabb7d08aae38d44bb326ccd10eea
SHA1193c8df23ae63107227a1faa03658c91635af058
SHA256c5ad750e534b3a1ef73e2b8b8aacdb5f591a72c366583f9ae1ca8138eae5979c
SHA51275aa4b75b3a9d76d0306360c6dbb49b86a7ecf7c88d8f31f28918f5a93d623e578f8e5faeae95c11b82d17f161834f65970088fbd293a12fca9f9322b5fad3af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0257d3da-0a5f-4f7d-a213-701449ad338b.tmp
Filesize7KB
MD592904e56706cfe624206c52836f7eb15
SHA1495a39fd167b544efbd967bbb06ad951639a442a
SHA256826bab78666178fd76be70d1b0073c5486d9c12dd5d2189016e1845d7674e157
SHA512b3c923a9b1a49c589880f7367705e3bd24f41915b2762a5c9c9c951994e07bbda8730b003f89120e19ff7641a311163856b39dc00e0b0a62dc2187dc0fa04a20
-
Filesize
59KB
MD5caaa5222d179a24ca5540080c7018b99
SHA11f415a7a73a12a4c16f25709504f4e4e4beae9dd
SHA256b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf
SHA51271b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc
-
Filesize
41KB
MD5cfd2fdfedddc08d2932df2d665e36745
SHA1b3ddd2ea3ff672a4f0babe49ed656b33800e79d0
SHA256576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536
SHA512394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c
-
Filesize
204KB
MD5081c4aa5292d279891a28a6520fdc047
SHA1c3dbb6c15f3555487c7b327f4f62235ddb568b84
SHA25612cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f
SHA5129a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69
-
Filesize
69KB
MD5921df38cecd4019512bbc90523bd5df5
SHA15bf380ffb3a385b734b70486afcfc493462eceec
SHA25683289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f
SHA51235fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5
-
Filesize
326KB
MD540e01c775b4f150dec2ff43bdf0f1816
SHA129cc0f7eb904aced209cec12ebbf8e6ab192da53
SHA2564d21e64e043f3f03c39754589e8131f993de6565a9da3bf86a21c205e37b3ca0
SHA512c868ed04136d1c38c2d4f22f7c16337532fa1b62a3da413df9815ddeb2fbd5a5175d7987beb796193a4e812a679c117928c97a4e87042ce4383433ba479b923f
-
Filesize
106KB
MD5c054cddd96069f22fe75e7a2c17ae412
SHA1d38822115595dad9af041a2ac43dd74c782276c3
SHA2565f2af02562178807d98ae12e1a8e1aeac6928440ed40276a8c3ea791a733ae71
SHA51264506610fa6074e56f710f5e7b21ea47662237751121e2b73d77a9c1fc72ae61f2b3a2fd7cfd95c9b6a9500f56c307d0176f365e426aaa641b2afda81aa136c1
-
Filesize
96KB
MD5443826e43ae39d6b6d996ec061398f84
SHA1a996ce34b3bac4eb02a8c113b1105de8f17f0868
SHA25687fb32803b0681980e6fcf71b9d20c00239b622beffa02de6184e8b15d7b9b51
SHA5126875d9dfaa2d4b0fcced2350ac95aac477e9289ffc4e192f8a3d20eda57020d31d6feff74b5f4978f1e5f6373b13d81fd041ad95978c1a20c867710bb1acd477
-
Filesize
46KB
MD53dda883b89b1f31dd1e8e0be2d4250e9
SHA1ff69000e8307afcb2b4db7d6117b47975f9de06a
SHA256e60268695e6c66a62ad318850e45954bb22d21f2ae62fe9f0c5490dcb1e69f9b
SHA51225176c5acc9cf658129508ccc1b7fc8e93777cc59a404caf06a0e0eeb7c10b5276923aa51d56a99ebfd45d9f05b16f598794fb31ea0aa39565770b3c3b8c8c43
-
Filesize
19KB
MD5654b495cf8877c0a6c9423793216dd88
SHA117526245d961301ad40c738f6b6d16a2afe6ac8a
SHA256e6e0c443422b16eb462ce281ca745a2e8cd58d266c10bec39a12dbd45b92af69
SHA5120c319332fa505d54972ec8046e209f109c52dde42ae303d862856e2107e7f16ed5332375acc5a9c1272d940dc7be3576e57b833e3746ffbbbf9b8c71ec3482f2
-
Filesize
806KB
MD5296107fd9e4b08da2a5eb5381e62e59c
SHA10fab647f77db64c6284dd6335f6f01696217fb88
SHA2569a75f06abaf3c4db9cb4110d32c18ba80356efafd79e6f6255aefc31054ff133
SHA512519f5c12f414e6321e63c5c2992b4eb89131334543310513ffefcb9b4cfdc9cbf9adc48854dd40daa8475b238ec4a1b1d6f31d666e5edb773f433582777bea43
-
Filesize
32KB
MD520adea22eec53811cc6bb3e6fb9648a1
SHA189ccfb989609bb343bff0f260fbc28e78b0ae16a
SHA256d1b7f4208210049da4739648765e40bb8d8f0a7fd4e942df1d736e803739f5ea
SHA51224342b4e909b88faa4b028aba8428bf4b3fac6203a61e74890a4c3439817444826c6d4785f0cef484b73c6116a9913c2980be3c59abaf2b3711942e1e53e6b55
-
Filesize
168B
MD51d7f576ca9940a0877f2fc1734892e62
SHA11a6925a6b79c699684a04b32418724c81577158c
SHA25607a2fe1f7ac8904f750d6226e6845aa39a1edd050a8c0ff90613460efb48f915
SHA512eb4ad838e1fe4f93ec401ee326ca8a4505c97a0d370b52b8c6a87c65087a603382dad53c2d4fbeba578968d0bddc93b379cd287136449c4e0ed4e9ef570981be
-
Filesize
1KB
MD58e7949eccd63e489243f68a1955f30a2
SHA10b4581e2d7858ea500dcea6cf98ba6145876596c
SHA256e35b7df8e5d1eac9f4460c570817f02c2390fb29a2866e1a250ab73391b6efb0
SHA51259ecf14d433f9f94a9389c9ae0cd40c94bc3542262ecdda986be46a92b884f3aa556e82d356eee85deeebcbab1b99dd8f142e6efb73813033ab0b9d765e393a8
-
Filesize
2KB
MD5345678c7b07498ce68e2e2fa13304646
SHA10ed7de2d587429e8c1247e5598c97d5c8c3c73d9
SHA256936fb600a931283084561f117f5e1940133d83936958ab4a54287b1d7dd3b46a
SHA5123e671299f5bbcf451021fff53da51277e3d078e2e5d63546bd941da83403cc95473bc559065b34c01aa9461919fc1ff212bbefaf1efac62d82b3d45ec0d5e708
-
Filesize
4KB
MD5ef06710f026332f4cb28bc3eb2e3540c
SHA12e55865fa5f58f822846ceabdcc01cd901f88fb0
SHA256a3c4acf7ab56299d7f31c3d9f43e141afa8430ea30a745e08fc64bd01cf66f8d
SHA512d6c63e295d5b5cf4680e041b69755b7fa37d16e47804d52a3b0ba2ccd26ce2870d4defc059e502251ad7ad3190b14768d59b0454f8a6afb4b93b15a683886823
-
Filesize
4KB
MD539e184d177d280f01b2b26430654af0e
SHA15301905df34e8888da7f272830de022d44b31e1c
SHA256d2ba5ed68cf72ddaa867e6fab86c84292d497738f95c30fc896af7e87dbae0cc
SHA51296c32f4a8e57be9df2879f54a7de57b9a3f9abe44e858f72c4eab798e737236616ae89156474861c108d04427eceb12cf429be56931c6acd06e7a2e389e0d97d
-
Filesize
168B
MD576fa258a4baae6491e84e69675ec00c1
SHA16ae8bd7e15696ae72adaa592e736127fce901d97
SHA256c87a38dd1028610dc2a4cd1e94b7dd4fb85f0b6f923d5d16afa60c069f9671a5
SHA512c98e589d6b3fa557397b8e0b816fabf1fb1c6b2cdfaacc07c27047c14d42f7c95c2cc033fc0f356fdeb6ce7cd2869a1e20dec095623f1666aec56ef320165834
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
Filesize44KB
MD5bd62a36585291603009924e7f1738cbd
SHA12d44e0e5690e75d8471cd2057e653f147abe8f3e
SHA2561423b4cfd6210689ddcb674e05435df36f9249879090c915c0b129d285dc6967
SHA512c9cef00dfb76e99d4e9a54779401e257b4bb04f2c707724b0be567d836ff1de4fbbf51d7adfe3e0e97458b367c598eaeb0cb7c49b5aa05e4009419fcb28d57ac
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize389B
MD5f28938e450beb8019cfbe1d5f002cdee
SHA1aaf091b45e04f04ff09363cebcf5af68429d081c
SHA256f278dfebf5d58cf523e6d65309c4ef7746ac1a2a3fc43fda23433f81617b49c1
SHA512f847474285f8ed7cbc794037b2f383d31f7a1cee6bf689688dccb2cf96324d953562521b5ea714e4dd52cc214202167f922ac7643c3d214e9f93e3292b27f068
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5ecd9e.TMP
Filesize349B
MD51041d90245f44200792c157e80fff879
SHA194a2f79335f1afdbee62fde8247c86955f62f1ff
SHA2561faa7e1be82bb9273a57fb3de7cc809f3f9a105025ec200c0497f397c422a23f
SHA5126b447e247ae7ad867cca37da48872fe0d1ff0a8ec0c6fcb38c36e7a6d6ab46dc80df32af032f2c9767c74590337d543e041e802586615ef8e98f25b6a1071aea
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
7KB
MD591fc0db872cb4ba24de1941fa3fd4190
SHA12c054ba2dd94687e492e0b8eca89a4bbd04d0bfc
SHA25678602eb3c6f60e3f47536cfd8138466e5fabdd7b123024f405b38c0c3bf5313c
SHA512b8db4e134af3fafc192e86514386c620eda1d5ff0b11eccb966aadd85f782499500e756696025e9a35ab87844ee1f63eca72f00a7ea8e4b4cd81a7083e81003c
-
Filesize
6KB
MD5bb605605c72b1b233f9b47de101c2b9c
SHA1cbe419e46e4a124c860edf4e1886a15ab0cdd661
SHA25675953025bd9eef39146d05fbbd65228c862e5c9f8150e4804d08192450eaa5c1
SHA5125248c886afed71d67204801b39afef1ff72c29bf3a09dea788ebce64437d89ca92a1cf0d7dfb89e1b040afe62e680ce1e4670c1ff10853be2147872e50cbd765
-
Filesize
2KB
MD52a72816ddc3fe0d68fcf9089a5bc272f
SHA130c99ee3395d65c7d5c1258b4e115da322f1d79c
SHA25689eb04109ea26ab626b61649bd3d65e6b9246134d8cf209a7c38686887edd3da
SHA512418204d3db595bc7f3d5552b4e5302a1d31aec8f3edcb0e12fb826fd8d501ad25c868bcbb78f0f229ea4cff8fd9de446705b2f00289f6e27d372d968e49320f8
-
Filesize
7KB
MD5a87858ac6f3e65f66691388e0495c582
SHA1d46b6918de4fce1ef76616faaa46d71d058ea354
SHA25696e208f1d606e9a8e35691d2e588c27ab5057fd0407191364e0aa220fc646fd8
SHA5128bd54699403ee04b9ec5971c6ab95c618c05859f237aeb31243061beeec7a023bc805c9261b8eeac09a00cad78a007cdec630ee6375de2c9c7e2016582855d89
-
Filesize
8KB
MD581c92a55774349bcf89247c03ad4d200
SHA1d873cc12c048483f32893ce857904708d22e0a83
SHA2569081f8405cfb7bf660e5281f9358f8c4eee85a6171565fd37289682a0ec2a434
SHA5125129a95949eb1d523c7a842d5c9d89b8bd115013fa86868f317364203d10fe6c3f9fde51409a709a16c7d303c5cf5ae3cdb1cde6057bfb3a7507caa87d6e9eef
-
Filesize
1KB
MD592af8471b010b178ebc3191eb25d90ad
SHA1d71f2641bf6184e5d313973ccb4e550e5d92eceb
SHA25681b388bbf44a5b7dad1fa4470b0f929e84a2a8ca479832251b8aae25eeec2b1c
SHA5129ce0a220c6b8f9fc50db1c384d7f72bfaa1875690b08438d9865fd5b90fa94dad45eeb1cd2bad5494a0dbf032b876adf8fc3c38883e4d4684b132e8d165ff3dc
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
354B
MD5cf0e6c714bba68ab8b0fd609dd7c43ea
SHA1d35dd1b964fcf940ac097d59adc6fd30b41f5928
SHA256f0d949d263dbcb26fa5158b424cf53d04b4169f34e06b1f4406b5fba325af2ef
SHA512203a9b2075453e42fe4e1d6b2488137542bcd9fb5561f0271e03ce5e9a566bab74a996948caf6baa2d7e7d4f1eb455cc0cad28c2e5467baa45abcf73dc0890ce
-
Filesize
356B
MD5b58b241e862f0695650154c15da38480
SHA1131bf40bdb08d78d5466ffc6332c95b771dea7aa
SHA256ca9df6783f039eea8b9660ab7337411667708a905b3d1848c34721498258b334
SHA5121035bcf37d320707f7c3418d08dcab85ad9f7c857348e05fe3ec8747a7e4db40a75a2eac1326057fa6d60366e99d9909f8e443f87e79bea14bcd5b49ae2823e0
-
Filesize
524B
MD5d29949b0349e7da962eb455516ecf081
SHA1d4f7250726b9c1d7189b32435e4acab99a42794f
SHA2567153b71df61e2c0efb08005dda39326d94788b83aadc4b83c4e8e9a9f991223f
SHA512bcd3aecf91ffd842517a7766c3fe9f992f2bce5a8536189b704d825fee14b5759336edd7cdc96afc98ab78e02c149a966b8ec6429a905b9fd7f1f17d9dd6845e
-
Filesize
1KB
MD5283b985d3850c8ea24e24f1352ad5a18
SHA1cfa758bda5f26fc5eb71edf7b58e9a9539362c00
SHA256dee0274bd3e5f2d737a3135085e2670589cc70b5f6f40a7b9d16a9b467a92c2a
SHA512012c7b3c192990cdbea0f57bbd91564b0b78bc576323932a4515d3220ef1b88181f455b947500084d0b3e1557735d4d333d70635d10db933f69579f9df2a0d69
-
Filesize
1KB
MD57f100f4b1ca23d596f54d661ebf198e5
SHA1eae7033508a63360cf72500be579691fc0de6b8f
SHA25664956d75e53fba86d138b66dbe85626edbf35b29be6a147fd80eac63f2b8fc44
SHA512da3f1bc22ede80345f4d9c655d5a86ad70c6ba9c69caee40dca13dfb9fca8d99079e1be3cb222878b6dfd5bb7e8620e5d5ad32c18d690d1b78c701697837859b
-
Filesize
524B
MD5b7af0bcebb58dfa5855d1c14b83eff84
SHA1f69f00d0e1727dc2c03b392a800e93c388e8778b
SHA256e2b3726eef590b0ce34390c21e4a2ed04e45f14cf888b24be27c3a492d322ca5
SHA5128a203ccf4c887c665d271b7449e977b745aa428ab0ccd56d8c758374949904c489bfa53769a332cca502c9c22479d89bf59e9ed5b0ea6e19511218afb2e18abf
-
Filesize
2KB
MD5a66c52851ffabb29ba39b42becc44437
SHA19cece3996498fee11132481bec3968d460c43d4e
SHA256445cee6cc20d38eee4dbd2dd6255724c82a7ed53594f517d8257ed2cb1cbd709
SHA51227a0756f49141e075a06a8f8592ff62d71ac9fcfdbe695c6e6e245e7e38d5527f6dd58dd0dfe22ee3a475852c695f08680aa83db8537dc8fb3a294e4bf399ba0
-
Filesize
2KB
MD558589003a8844f592c245a2e1f230b4b
SHA1ea26abd83749d395186602cb84865c6d02062675
SHA2566824a1a00fb666c43608a41a28437bcc2ceeaf9e6764f2046eb1c4d0694133a3
SHA5126995fd85ef24dc64789a3fe83509a91be6490c18f3be2ea42ae5a2219160f2066114741f816feadb3cde8ffbcad61ce53b998388c1e9926776f1544d01acd1ba
-
Filesize
2KB
MD5ae4e396912baaae6fde28376e06ff531
SHA109a02fac081273abcfa74ebdbf7c252c49652bfe
SHA256ef0ee8b6b4399c0115860d4834e1f67bc0aeb6eb0bc8339ce5ef68caa655d7c0
SHA512ab20b77a634efddec759fe34ff30f7bc1da5480364e3411c31f67d376d0fe0570accdeb39d875cfae89ac64ff38631cf5c52028bca53e8597898df2875afa265
-
Filesize
1KB
MD5bfc6a1384eaab370360b835bb05550ae
SHA160d003451f9341b422d8e859b4f8c8eae652dd8c
SHA256db874a499dcb2062690e5ae2efa4dc3354e26f857228f16d9a19845f5d58449d
SHA512d737d643a687cdca76e99b9afb812583da6dc197ef950297e9d3636847df0dc5491c458fa3034b5426e533051ecfee8a4a5100a50e56fb047712ed33548c58b2
-
Filesize
354B
MD5f9c5803dd6add970af88bbd4eec2f613
SHA198f272ef5a78493d6277bdee671ca8769d24536a
SHA25628b8b650f1682b7bbb3b44e698bbe9f70e426c44cee805fd9446da1578cdf7c4
SHA5126915dc15c0f0f90443345ae31b976d7540920746d3ad2536c499816e5f4c1ce4d9b5990862ee1d9a12d27d060dc55b1c87b45ab72c9dbdd61f017b0771f31dbd
-
Filesize
1KB
MD5a6b68a71e008fe8d6055bd7ec1d56ce7
SHA1f03726f28410c101431dade415e0ff45beb2bbd5
SHA256e61eeb553d8a46dca53bf92391c46824e9e56f7f0c6781a8e804b7ab52ff73bc
SHA512b2c8d19a1654ecdec508ebf0ffd1c71e9fe7dfaf8fff2ca3c46528f4dc8940eccf5dec978a7da20e8f3190d343b6659471cfe4ad40b85dd26137f76ad2283973
-
Filesize
2KB
MD59bd2a050b64f465ec12d52047c403dba
SHA1a7e2c4a0ae5a43d8c4532788f726ebd5b9e0e062
SHA256eac094035110875efb8526bbf56ca71c65e5daed0bf2227015a21fccfaf3337a
SHA512ff7911036648245eee77b38d451187ead85b4fc1946d49ecdfed4d4a0389325be6b8b17c25c2febc9d555307635b512874ac68d3d92da5a44363178f994d954f
-
Filesize
7KB
MD50724c84b4cd3165a360b8f3ebf882b2e
SHA1e2b171d377a09b993cd3ada88cd749c5598a9485
SHA256a470d9d8ca998f5f729717f8d14e511337c5cd53a9f3ae60ff8cdba903c6715e
SHA512b56b236a8d77888e66ce1afa9c67b21ab458afe8e8dea49ad038de4ec0054300ce3ca2d6296041ca98aa97164a7798ecc3c57dd9bead6d07e5b115408f811ed0
-
Filesize
7KB
MD5d32a737884edb92bbfe2a91abef0e85d
SHA19dae58cdbcf6941f8f0106e0b3d8cd7c485889b3
SHA256ab14c1eb9adb57ecb028c41aa15e4952ae79cd3808e9773f7f40ad72fbd99f7d
SHA512f39949488221c0f5fd6667c7e5bf39e698f28cb931e6036073aff762443fc80549e52226c71fc2d39dfe9392efa7cc6c72afa5a41075fff5bf5cf58f9f2ff57f
-
Filesize
7KB
MD50c62d13f2422df0d095fd938a6cd019e
SHA17ed302eef18e4ec1a01a1772d60a75255cf35ff5
SHA256d16390277b307b1fad78118344fd6e1c594a06b14b747de41dbbc4aa921292e1
SHA5126d3652b9bd26ab5a3909a2a643113a389a760ef0b671deab02b320b1c4cc6b19e6fac1f01c78e527486d02ae49431f2283afef9ffe558e49a687da0bd72974ff
-
Filesize
7KB
MD5b4297ed0f6973d95c25a07cb7020224d
SHA1fe47e1e57e4ddae18b7efffb7c0f14126c4d13bc
SHA256e0f5cd617a35f1f7a1017eab05db52c4eb0d37ee3bd382aed4e7e83876ac227b
SHA51221df5a4c456c40a4c4f838c6577ba51828ad628a630c7750302ca7b10ff397a5dfaedd65b778464dc855838cff1f8e25ce763d3995c097b6ad4910c6d34603a7
-
Filesize
8KB
MD571505e4e1f8882e8c24242baa05af668
SHA1adfaa4e1c58e4c9832d62cace2a7484a70b4dd39
SHA2566b6d4952718f2cbf7a0de99cf6b511d789a5391838c5f5002d3b30098b784873
SHA5121e11fe3579ab1168ba85043da8e12640743b789a98808ce5cfb8d643c0cd41856c2a8512e83e6688616ea85963be6795cb6e5aff65ce54afb71b4f3f20b13215
-
Filesize
7KB
MD5b589592947c1eccda54a516a282877b0
SHA1615d581f824af09cfce0c8a04fcff5d3324a7c07
SHA2569ed99af0c09ac3d234676fe19163ae2b91234bc27ee1146e0c091dd7064ea88e
SHA512f721476ff027c76e99a6c744470934521b3276a8442361525963ba08db7904069b1338f66c297345a0e1403069a1f7075b91ce8c6f5ab5a52083817d6815d352
-
Filesize
8KB
MD51d2c503ac593e3fe04fea08930898dcf
SHA1962a4aad8cf69c822bac749875d0c36acd510a93
SHA256baf7d8cd5af65bc2482cf19d32a69480c0bb11f9bd28a5b8079b4a9ffb81bd81
SHA512f634799270603032c2e17aa35416341cf9197cec5dca5d7d09eff3f735af613e0ffd4c6ee3e69653cebe086639cdf045e6271f6b401ac412ece1f4b5959fe27a
-
Filesize
8KB
MD56cc7779ce799439ac649499546d270cc
SHA173dc33b4f1bea58b7eb4c5e6090b289e45b98b14
SHA25669c0de40b536aa65dc765da450a94b131d337becd5a6eea11c72c3ebdd1dd506
SHA51246daa67038150f9dfe683ded71930e4753ee5f77c21f44d5b05df2a1e2233a78456b3f7041780ceb508f29c86c42b31622a633d43ba44ac3f0fee2b19b1aa2ce
-
Filesize
8KB
MD503c9ea25f545592dfe97f6c5d2d9fcf1
SHA1c65e778516b7cfbf212d03b1e4d41c09dd13791f
SHA256ce2ae238374c95d2d26cc93ab7e3dfe1b394b5c0fb79880323ff4ed51e689472
SHA512764cf1b3f602ba13022d06c65b839c8c912a8f09463cc006da34e82e8b67afb104efdb50dbe41e2bdffed1fc2a50a239548add207481d111918f6c84e2f5d785
-
Filesize
6KB
MD508449baaefec53465c4c5da2a9ffd2c9
SHA16d0203bc276a27dcca894544bf5197a132393cbd
SHA25620792f799a940c44adfe249092b63bb38bf8dd8daaf87ef289220aa1d39667f5
SHA5126b12572aaf6f4f1d98ae8d97768c3675419590d0621b61f9230bc9bcc7c08c546bbcd4229522500575b62e1b3f54ba996e29bea2ec950d322156750411fc22b7
-
Filesize
7KB
MD51c685b2324b04688f3ea933de95cb02f
SHA1faa305b6f1282d9778954be23f04af56946c2fd5
SHA2569977dbcb0efcf05bb9d6f6b8b83f0c595c9f2de7044013eaae48dbb14db792eb
SHA512b65db464c69e725736eee365522c915dafc5d7bda54bcb5ae651b27fc5719acfbd5c2b45495e75966998d8989f562176fb44d7330cae249bea237584a60d0b3f
-
Filesize
16KB
MD509563358ebc36e795262740f25361e5d
SHA12f27584f8e7b83e93778900d9d9089ebbd335adb
SHA256d835b428f7da1b49bc5928979da5e10dea7cc027fb1dbad81a05523602299ab8
SHA512033b6445fbd385efcfd216a7a0d2ba1caae0fff91ebc6a9960f863a7aaecc7bf7cd3e587353cfb0c01ac24cb052ea926fab6b2e360e20c2e0fdcb7bc2d736eb2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a0121768-2b00-42ca-ad5d-4391e237ea68\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD52dbc54b1217789f37a77b8e08ab5899c
SHA11cfed3760085d06e96152d3aef8c77afba16103e
SHA256486a89047038d48d1f54cbe315ee928e372621dbae7296ae27ce4f888bd4113d
SHA5127de18b127184be8c21b38ddd9384f788f43044899cf9b9603c206dd7526e906c0ba37f82aea43ac0695025d0fa7508e9f423f9fa39d97a5fd1bdebab9e1ab7c7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD594275bde03760c160b707ba8806ef545
SHA1aad8d87b0796de7baca00ab000b2b12a26427859
SHA256c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA5122aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD50b3593d918899d45a4701e9c1dd53c9c
SHA182c6e14135c7e030487bee93607270d66b42bd74
SHA256fc99648ad1f3a486353090cb13d82d2cff49f228bfab37ceb019b5e440bd496c
SHA512c2be54decc742f133fe5063155b06c89709e3b7065c917233acabc88de6e4ec7ec758959015232764689efc02a7ded1c49b523fd1adcbc5dbf647feb5145934f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD547a33e5cd941ceba6d22a13597658ccf
SHA192f8c6709019842f6d3a0d20f4c4700fbab597ce
SHA2563c1831451ae3a9eee645b7bdf4649da2dc56300a2ca2c7e77fa3932e754a99a7
SHA512ca778cd4030677c1e65de67931b9dd84a2d2130108a08ac93e8826794dacc2e51e3a58fd56dbc9a5abe42e9b543e0167e78f4f230211e235caf0bf38152cb3ff
-
Filesize
278KB
MD51397d90bc81b7b403b1e2a6704b1ad43
SHA1552f035c810cd7ad08ddeb6bababd951186cf716
SHA2561e78ce771d9f8d026bc16cc5f55e13261f09878164ef28ccd139fa25a8f55f30
SHA5125871f684e78682a67ae5a4407bcb342d620cb1d8deb8b575a5b657cc364f6718c4d319b5c4efdfe724ca5e066a50f02f28ba62cb7fa138987cfca856a00301b6
-
Filesize
278KB
MD584c78b5b597d8bdc1df906ee09e5bf7b
SHA16b1904e7436415295f90fb7892aa7ffcd2fcc2c0
SHA25612b4b447bd916d97ca96b673300abfab61a54e9fb75355df76930f0ee849fc65
SHA51283bd69f948f3c807aca5468a6047ef9289be36083e2ecc0afba1bf1972a031131d08053b2de1832ee83c91459b8e3dc5efcc48ebc736afaac646ef2bd7da9d48
-
Filesize
278KB
MD5ec57d21470c3be07e363c6f729feb2ed
SHA1d7fe191ac72e0fe1e20c666dfc06e9b7dd91fdce
SHA256623dc5667496cbd6086617109e19c38487ec8878a399832c16ca829be324eaf0
SHA51243aea135e5c2d371bbe4d38b305eaf556c40be6424e93ab05d0f90d92b7b4cfc1236a2bb2b49ead64d63b7d3c414c1f1507896dd04b470d3f971000cc0d63b24
-
Filesize
278KB
MD50a353d93465630c81a78a0c4fa666974
SHA1fbe4febf59b6eae99319d20ab7e0ff3f6aa19c0c
SHA256a8d0a9c92c26c488800dbe6e8e4017ed3def0fb6b696d6b27c0340353f078168
SHA512d307b34582a57089155354a24d4f3b0468fb4be8f5d72a76dafcbe6e314f2fe0cd8b589af6909c4bc84a2cbf15381b0b21639864f00665e47e65ece0642065a2
-
Filesize
103KB
MD5bec72ae30ce1a5b95610111b56f8a437
SHA168de29c05de66ddf72e5257f1be5e42322245e41
SHA25625b1fe26243c4e96f0346f108286b05aa726644af1adb7af35bf8092540a974d
SHA512901d4b475c9a9ce532d8819f359574dd8d1f7644feb460c6a5ecaeeeb21f003524c28e8dca4fa7c33f6fe8f3ccd87c9a01ca7f482ebacfd8610b209e8a3e2439
-
Filesize
88KB
MD5a8bd3955e62562655a02ee14e0859e1e
SHA169bc2b4db2bd566d2851433b4da992333149713e
SHA256d9f7bff3449f16f5ca5cb3e2423a734346174e8c435317f5cf4157b01d2bd714
SHA512771964f4849c9d2a52524b11e32c9ab8bcf62e6a4e62a19b290e71ed1ea4c1ccb151dbb69e8e712cc66be4e00143bedd382c259f0df43a94544e6a3124c89b1e
-
Filesize
106KB
MD543a8b734e79899a7ae4de535702a90f0
SHA1a06f5a0c999445541fe27edd2e7ffadea0ba2600
SHA256fa82f40c73354bd2cac552ed7d578bd62e208bd39293f58145a9d36755fc4859
SHA51262219fb78ac8f9f899cbefe78ff512d7c8210ff954e18b3b540562c5c09edd1e95b42662cfca094f94c1ccb9a9615b5eca4ccde6a77ffc66db1e8039c7e40de4
-
Filesize
105KB
MD56edce8f9beec6d170da2d1830e25647f
SHA179424f50152196789796a62822b0224f9cc36421
SHA2560218f648781361570009743826c3c48140ccb02da9c755164693d9f9eb0f10c8
SHA5125f848e6224bdb050847a5531ed9423a819d959f238e717b563be7a6297e1abb6bfd11f506d00e1ce97d338e0d06df28339cb6ad1ada4f0674ad1b0ed5a62605b
-
Filesize
83KB
MD58b332b4b3bd9fa02c57883753b38d420
SHA115843c88d512c9ecdb7a80c5c95d8ac908893d81
SHA2568ee432fe9b9c61a8a28a35cb57646cc968c47afae4ffbf4acd59836d95713cd5
SHA5121610066683b2071bea692fe57ebc5cfabd397cb1fec849fb596a9b5265b89686a76c6c1e1b256598a677219ef5cbfbf7fcef93976b3d9e2c981f205a4d9e7596
-
Filesize
128KB
MD5ae62acf0c62192d60b6851cc2097263b
SHA1c9fe80e98c455c44542df2a47624fbe17d790eb3
SHA2561aaa75f7e60f649155fc34ad293f4d8746293bb0683eefdac165db1fc882adb4
SHA51240e6f4e49c8bf7115b16e571f4937d972034bcf870833ce97f446dc1d436bc841ccf69d1faf0130f612ec5c506a229419b19cec4e0ae8f225eeac1a6fd8c3e37
-
Filesize
15KB
MD5ced07c9db242115400e159d9a02bb7b7
SHA16f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77
SHA2561318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90
SHA512d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70
-
Filesize
15KB
MD5f3e05f142e742e25a98d4f5af3ae0623
SHA188363e81ddef700803f4859d2f3f0b4af516bbf3
SHA256d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424
SHA5125f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a
-
Filesize
1KB
MD5dab2c4538a83422b5deae0e0de9b7a30
SHA178c2ab2271aa4020df1e0289bc3c1ba9a43fd424
SHA256666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89
SHA51224cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc
-
Filesize
1KB
MD54aaf83d2b3fd56ad806708e60474df39
SHA1144777a265879b69fadea3eb3ac6939458918578
SHA25684e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f
SHA5123b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304
-
Filesize
575B
MD592c2bf222d6ab81fe7a0c072bf31c107
SHA18853eb08a2aa3e99fae6dabb9cff6461704f2a2e
SHA256bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709
SHA5126548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7
-
Filesize
112B
MD508fc39a69fa17e0f529915919cea1633
SHA12966a3f739698e2ce368585fb7f6ac4eae4497b1
SHA2562599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95
SHA512f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805
-
Filesize
112B
MD518fb6465b029206477d0222e8da6fdf9
SHA1b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b
SHA25657aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d
SHA512f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f
-
Filesize
19KB
MD53bb85d2c8cef28c89a2d07adf931e955
SHA1596d13e7742455afce8a534382b28cfd2f6aa185
SHA256b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b
SHA5127075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730
-
Filesize
306B
MD5ae2c73ee43d722c327c7fb6fdbee905c
SHA196f238bf53ac80f5b7a9ad6ef2531e8e3f274628
SHA25628c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf
SHA5125a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b
-
Filesize
214B
MD5fc2a0361a751177d3aacdba9c31b2682
SHA10a8f672d7a8777d1106e3b8ee36bd6e45bd322ab
SHA2561a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd
SHA512a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb
-
Filesize
15KB
MD5624e84e9b49bc150043aa9fb0eed2822
SHA1f23f2a4ec609e3e9cff9319533e561968ccabb22
SHA256c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1
SHA512288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460
-
Filesize
15KB
MD5b1e53a76b6ddb3ecff52bfc1a8e5b09d
SHA1012b5879e879fa25bf48e4bb62c35ee829eea571
SHA2562da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0
SHA5124369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68
-
Filesize
670B
MD526eb04b9e0105a7b121ea9c6601bbf2a
SHA1efc08370d90c8173df8d8c4b122d2bb64c07ccd8
SHA2567aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157
SHA5129df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68
-
Filesize
212B
MD51504b80f2a6f2d3fefc305da54a2a6c2
SHA1432a9d89ebc2f693836d3c2f0743ea5d2077848d
SHA2562f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6
SHA512675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94
-
Filesize
153KB
MD5e896caa05303bdbd59395225248889bb
SHA185681e927d9c44b1260609ee88d12eed9a612100
SHA256b96937b386fdd06060a61756d3c0e2cf0b99908833cd91490fe88db6a44d394e
SHA512584611be4bf3574693c2fc9d835379d644cb568fef177b420e74548483b41f89ea8ccefb55c4464fca60e2db9fa2e0fd40d7d3da1c2de5cc25e8c4822ceeaaa8
-
Filesize
15KB
MD57ff5dc8270b5fa7ef6c4a1420bd67a7f
SHA1b224300372feaa97d882ca2552b227c0f2ef4e3e
SHA256fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1
SHA512f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef
-
Filesize
15KB
MD593216b2f9d66d423b3e1311c0573332d
SHA15efaebec5f20f91f164f80d1e36f98c9ddaff805
SHA256d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb
SHA512922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32
-
Filesize
17KB
MD503b17f0b1c067826b0fcc6746cced2cb
SHA1e07e4434e10df4d6c81b55fceb6eca2281362477
SHA256fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b
SHA51267c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2
-
Filesize
78KB
MD53478e24ba1dd52c80a0ff0d43828b6b5
SHA1b5b13bbf3fb645efb81d3562296599e76a2abac0
SHA2564c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904
SHA5125c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d
-
Filesize
14KB
MD5e33432b5d6dafb8b58f161cf38b8f177
SHA1d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a
SHA2569f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183
SHA512520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf
-
Filesize
113B
MD538b539a1e4229738e5c196eedb4eb225
SHA1f027b08dce77c47aaed75a28a2fce218ff8c936c
SHA256a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2
SHA5122ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc
-
Filesize
279B
MD503903fd42ed2ee3cb014f0f3b410bcb4
SHA1762a95240607fe8a304867a46bc2d677f494f5c2
SHA256076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1
SHA5128b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857
-
Filesize
15KB
MD5b2e7f40179744c74fded932e829cb12a
SHA1a0059ab8158a497d2cf583a292b13f87326ec3f0
SHA2565bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b
SHA512b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c
-
Filesize
192B
MD5e50df2a0768f7fc4c3fe8d784564fea3
SHA1d1fc4db50fe8e534019eb7ce70a61fd4c954621a
SHA256671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396
SHA512c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998
-
Filesize
623KB
MD5c8ec5e0af9329936df1fb6382f092687
SHA1fc8a59149198e5acef2ca6a51f01d1e3ff0f50fe
SHA2567b3fcbf635508cde1dd74e41b3914f5b85bdb8de1bcece745ac6a05ddfde63da
SHA5121bd43948428d964b94befe7e2b9cd74e0cb5d6af76f5adb166323510b2f775ae479e781df104222197ac5e04e83e885cf6a5ec65c7bb3c5aebd45dead24439cf
-
Filesize
324B
MD51b456d88546e29f4f007cd0bf1025703
SHA1e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6
-
Filesize
200KB
MD581234fd9895897b8d1f5e6772a1b38d0
SHA180b2fec4a85ed90c4db2f09b63bd8f37038db0d3
SHA2562e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c
SHA5124c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16
-
Filesize
411KB
MD5f5fd966e29f5c359f78cb61a571d1be4
SHA1a55e7ed593b4bc7a77586da0f1223cfd9d51a233
SHA256d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156
SHA512d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be
-
Filesize
19KB
MD5206562eed57e938afe21fc6942fa8e59
SHA1779e90fec866c0fd2f47da020651db71c89ec3dd
SHA25627d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45
SHA512275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26
-
Filesize
80KB
MD5c3e6bab4f92ee40b9453821136878993
SHA194493a6b3dfb3135e5775b7d3be227659856fbc4
SHA256de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6
SHA512a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895
-
Filesize
23KB
MD53f3a4927a4c46058dff16c0fe467c649
SHA170ca2bebd44bc6a62543ab9139889155382ddf58
SHA256984b767fba7e9dc38ac09d2f48b07a1de7b92e8b9fad1f89b55647d5195bb62d
SHA512df3c65c756b93688233cc32c6cf2e816e1098c2b3abfaf8acf264e019b50e1e76501785ccdbbc66e822ddbbf2254558fe8fba59eab2b875d14cd465b9c750b32
-
Filesize
12KB
MD536c81676ada53ceb99e06693108d8cce
SHA1d31fa4aebd584238b3edc4768dd5414494610889
SHA256a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38
SHA5121300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c
-
Filesize
11KB
MD5959ea64598b9a3e494c00e8fa793be7e
SHA140f284a3b92c2f04b1038def79579d4b3d066ee0
SHA25603cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA5125e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
Filesize
9KB
MD5f7b92b78f1a00a872c8a38f40afa7d65
SHA1872522498f69ad49270190c74cf3af28862057f2
SHA2562bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
SHA5123ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79
-
Filesize
3.0MB
MD597293a34cbd5897ee92dd96bb666fbbf
SHA106d39908d3ac86332758159d5e4accb80753aaf3
SHA2568b08f564483fc6f4e61d0dc33ee8da4572055ecfb669c9d73645130aad17b4e6
SHA512bd3688fed0397f19bef1f831d889a8f2d168262d243b9dd388ad77ab6422eca6907dbcac670092b3d7d1f3a4c0c524a68d7f10942d67f591931cfb7c9fa3046c
-
Filesize
434KB
MD595f6f6ab9509bc366ab9215defe4251a
SHA1e3f4a6effd6ca5838cfe91a01967cb72edcc7b0b
SHA256a896a9ece055d334d431cd0f856113ab925d9ee86d2dee383c0bfbbef11a5b50
SHA512a853f70d2ea7f384df99be067724bf3ca73c63f3c3573c112f5528fc86a96bd34509d934b038e2a81833f3abb3eedbc5894921291139100e01df6e35696c0ecc
-
Filesize
24KB
MD52b7007ed0262ca02ef69d8990815cbeb
SHA12eabe4f755213666dbbbde024a5235ddde02b47f
SHA2560b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
SHA512aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
-
Filesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
Filesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
Filesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
Filesize
6KB
MD5ec0504e6b8a11d5aad43b296beeb84b2
SHA191b5ce085130c8c7194d66b2439ec9e1c206497c
SHA2565d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA5123f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
-
Filesize
424KB
MD580e44ce4895304c6a3a831310fbf8cd0
SHA136bd49ae21c460be5753a904b4501f1abca53508
SHA256b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize8KB
MD5dd88ab23b63312097033a5a33105b140
SHA144357e37b4429eade84188d61f3ab0e87319d0c1
SHA256bea500aa0d507016a7d4ec20ea7c13eea5bffc49cf645ea2dca126529fa96757
SHA51214e001db7a9e20f8578b36cc762497c9b5f94e6d5e4b3302a2cac640d23375a54dbd610cc0fd84170afd30481f1c8c2f14328e5e55b362d0c6caaa8e0debe42b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize12KB
MD55c49b87c49583889e2563d612a609115
SHA1732315eda57a2f8a32d2d3e449722501ab4573c5
SHA25618fae5a62412ebe3386e6425d0e2dc43e63b71cec9fac09c6ece2888fa357ce6
SHA5123a3b7e3c6f9f344711502692b4c3affb1a74127ddd0bb0af0a1ad4b93d97211eb37f25e606616f02f7450bd6ae496c3d8cbf069b4fabfe909dfbb8b631effb80
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize14KB
MD537c7a38bdf4b2c563131cf238a788564
SHA19b0cb5c3aacdb2a02bae081f28530f182cfeb15a
SHA2563bc79a543bd516199b468b539f285cc3a81dbe4165663e3aa9d5d8710fd6a621
SHA512b7d65b0867ea02d337fb15ebe070719e786ade4ee292ad6ffe90d2e8f74c3b3ea6d65b35c407fe81184911dfa93668f969efd79f8f90b5d5c6f58facbc034afb
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
583B
MD5d55f480fe907d8e329a98cedbb46e92f
SHA1b7ccc8196410296514d2703589050f5f340e1519
SHA256406688b3627405f4d3d66e62da1ff58423898ac73c6d38a97c7e323563f71cb6
SHA512262453162d9b6503219298da2c917c2179be2fed263692a852c87a2c96284663bfe9f68f6af5d35fa89836796e2fecfd5fb8761a7a4c1782ea23990f40d0f613
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
57B
MD5b71d1813b629f50a0ba5706d71ec9e9f
SHA1af6e3c808151e1d20610880fe9790e11424183b4
SHA256c41b2b682f5497a3775278e17e5fabf849b555a66a4e86d31babeb027c9597d0
SHA512e096f5c8f2ad2f5738c53ed0ee066deb96072dd71449261cea996f1506fd1f44ebc58c198c64eaad926438f754cb9e3bb2d980e6f1474333cfff8eaf0bd5c2db
-
Filesize
92B
MD5487fc6e243eef27429beb166a15a3ec1
SHA1b488193e077b4a6282b4b14eef9367989a6920b4
SHA25690df765357f11a96139ffde8addbabe6d5842587b3158dcd3d6667ad2c96beb5
SHA51231d16830461207750e7f958cc73f761f8649276e71b420db3d17cd67cbb4ac76d0c595073638776c803568920160a293d708c63440f523fe81326ffb78dfea3b
-
C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_64ba815394fc55b27f001d51176920bd_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier
Filesize354B
MD527bdcf74c8172d25fd9e576cd885a999
SHA1c862104de26a7643b4d2ec6768cc9359afbdf437
SHA25668543a3db7efd410c6c86e3368e89efe9375001021bf2404a223416ff9946117
SHA512b24c1abf1dc7e009ea096d421d76e984ce252023d07d170b968eefd676a2832e0008caa83195c521c8c40d699b7b836f3b0faec73012dd9b7427bd87cb4196bc
-
Filesize
910KB
MD5d2c72208f8783ec83b123324e8093cc1
SHA14afbc9f19f8a194bccd5216e05083e0d7617fff0
SHA25652ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26
SHA51203b7c6511e32f9822a42182776b2f862bae7627a2df374f874df05f3d46f90857a37afaf12d7d29a960f5d22536878dea9240c5872d84c9835663d219c5d531a