Analysis
-
max time kernel
489s -
max time network
494s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21/10/2024, 13:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://deltaexploits.gg/delta-executor-mobile
Resource
win10v2004-20241007-en
General
-
Target
https://deltaexploits.gg/delta-executor-mobile
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 12 IoCs
pid Process 6620 netsh.exe 9068 netsh.exe 9188 netsh.exe 6668 netsh.exe 4780 netsh.exe 9892 netsh.exe 6868 netsh.exe 6940 netsh.exe 8188 netsh.exe 9780 netsh.exe 9256 netsh.exe 4332 netsh.exe -
Checks computer location settings 2 TTPs 15 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacksWeb.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacksWeb.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BSX-Setup-5.21.580.1019_nxt.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation WScript.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacksInstaller.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacksServices.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation Bootstrapper.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation Bootstrapper.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacks X.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacks-Installer_5.21.580.1019_amd64_native.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacksServices.exe Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation BlueStacksWeb.exe -
Executes dropped EXE 63 IoCs
pid Process 5336 BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe 5636 BlueStacksInstaller.exe 6032 BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe 5548 BlueStacksInstaller.exe 2012 HD-CheckCpu.exe 5840 HD-CheckCpu.exe 5560 HD-CheckCpu.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 7452 BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe 7948 Bootstrapper.exe 8020 BlueStacksInstaller.exe 5408 BlueStacksServicesSetup.exe 5788 7zr.exe 6244 7zr.exe 9076 BlueStacksServices.exe 180 BlueStacksServices.exe 3900 BlueStacksServices.exe 4988 HD-ForceGPU.exe 10216 HD-GLCheck.exe 2284 HD-GLCheck.exe 6860 HD-GLCheck.exe 6956 HD-GLCheck.exe 7520 HD-GLCheck.exe 7628 BlueStacksServices.exe 8812 HD-GLCheck.exe 5680 HD-CheckCpu.exe 3948 7zr.exe 6432 7zr.exe 4988 7zr.exe 6672 7zr.exe 4852 HD-GLCheck.exe 4392 HD-GLCheck.exe 5976 HD-GLCheck.exe 10156 HD-CheckCpu.exe 9876 7zr.exe 6236 BlueStacks X.exe 6780 BlueStacksWeb.exe 7880 BlueStacksWeb.exe 5672 BlueStacksWeb.exe 5584 BlueStacksServices.exe 8776 7z.exe 5184 BlueStacks-Installer_5.21.580.1019_amd64_native.exe 6060 Bootstrapper.exe 6004 BlueStacksInstaller.exe 7048 7zr.exe 6176 7zr.exe 9580 HD-ForceGPU.exe 9532 HD-GLCheck.exe 3360 HD-GLCheck.exe 8016 HD-GLCheck.exe 7192 HD-GLCheck.exe 9900 HD-GLCheck.exe 5080 HD-GLCheck.exe 1944 HD-CheckCpu.exe 528 7zr.exe 9060 7zr.exe 7896 7zr.exe 1984 7zr.exe 5516 HD-GLCheck.exe 9200 HD-GLCheck.exe 4748 HD-GLCheck.exe 3196 HD-CheckCpu.exe 6348 7zr.exe -
Loads dropped DLL 64 IoCs
pid Process 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden" BlueStacksServices.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\system32\storage.json BlueStacksServices.exe File created C:\Windows\system32\storage.json BlueStacksServices.exe -
Enumerates processes with tasklist 1 TTPs 64 IoCs
pid Process 6600 tasklist.exe 1416 tasklist.exe 1724 tasklist.exe 9344 tasklist.exe 1616 tasklist.exe 6744 tasklist.exe 3408 tasklist.exe 5432 tasklist.exe 9496 tasklist.exe 2200 tasklist.exe 8084 tasklist.exe 2556 tasklist.exe 8048 tasklist.exe 4816 tasklist.exe 10116 tasklist.exe 4672 tasklist.exe 10076 tasklist.exe 5604 tasklist.exe 9712 tasklist.exe 7372 tasklist.exe 7556 tasklist.exe 9152 tasklist.exe 5676 tasklist.exe 5268 tasklist.exe 9104 tasklist.exe 1148 tasklist.exe 9308 tasklist.exe 4088 tasklist.exe 2028 tasklist.exe 4764 tasklist.exe 5368 tasklist.exe 10068 tasklist.exe 4756 tasklist.exe 1140 tasklist.exe 5668 tasklist.exe 6612 tasklist.exe 9928 tasklist.exe 1960 tasklist.exe 8864 tasklist.exe 2420 tasklist.exe 6620 tasklist.exe 10048 tasklist.exe 5448 tasklist.exe 2012 tasklist.exe 6004 tasklist.exe 6244 tasklist.exe 5872 tasklist.exe 7684 tasklist.exe 4976 tasklist.exe 9332 tasklist.exe 9992 tasklist.exe 7784 tasklist.exe 7152 tasklist.exe 1152 tasklist.exe 9292 tasklist.exe 5276 tasklist.exe 7508 tasklist.exe 6940 tasklist.exe 9772 tasklist.exe 2600 tasklist.exe 6200 tasklist.exe 5688 tasklist.exe 5908 tasklist.exe 9956 tasklist.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libremap_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libinvert_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files\BlueStacks_nxt\imageformats\qgif.dll 7zr.exe File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ar.pak 7zr.exe File created C:\Program Files\BlueStacks_nxt\brotlidec.dll 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Controls\qmldir 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\account BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\now.gg.svg BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libmotiondetect_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\Qt6QuickTemplates2.dll 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\Qt6RemoteObjects.dll 7zr.exe File created C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Setting_Hover.svg BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\www\offline_cef.html BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files (x86)\BlueStacks X\translations\qt_da.qm BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Dialogs\qmldir 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_output\libdrawable_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files\BlueStacks_nxt\concrt140.dll 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\discord_game_sdk.dll 7zr.exe File created C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config 7zr.exe File created C:\Program Files\BlueStacks_nxt\QtQml\qmldir 7zr.exe File created C:\Program Files (x86)\BlueStacks X\image\account\Choose_img6.png BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\vi.pak BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files (x86)\BlueStacks X\position\qtposition_serialnmea.dll BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\Qt6WebChannelQuick.dll 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\QtWebChannel 7zr.exe File created C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe 7zr.exe File created C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorBack_Default.svg BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\language\th.qm BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\language\cht.qm BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\access\libaccess_concat_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\access\libscreen_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libi420_nv12_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fil.pak 7zr.exe File created C:\Program Files\BlueStacks_nxt\glfw3.dll 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\overlay.png BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files (x86)\BlueStacks X\image\Search\mini_cloud.svg BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\msvcp140_2.dll 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\Search\Search.svg BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files\BlueStacks_nxt\HD-ComRegistrar.exe 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\libcrypto-1_1-x64.dll 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\QtWebSockets 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\boost_json-vc142-mt-x64-1_76.dll 7zr.exe File created C:\Program Files\BlueStacks_nxt\d3dcompiler_47.dll 7zr.exe File created C:\Program Files (x86)\BlueStacks X\image\MyGames\Card_Detail_page.svg BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-stdio-l1-1-0.dll BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libcroppadd_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files (x86)\BlueStacks X\plugins\video_splitter\libwall_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_200p.pak 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\Qt6QuickDialogs2QuickImpl.dll 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Help_Hover.svg BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Marketplace.svg BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\zh-TW.pak BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files (x86)\BlueStacks X\translations\qt_ar.qm BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libscene_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files\BlueStacks_nxt\Qt5Compat\GraphicalEffects\private 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\close_pressed.svg BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Setting_Hover.svg BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\liboldmovie_plugin.dll BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files\BlueStacks_nxt\QtQuick\Dialogs\quickimpl\qtquickdialogs2quickimplplugin.dll 7zr.exe File opened for modification C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\family\Rubik-Medium.ttf BSX-Setup-5.21.580.1019_nxt.exe File opened for modification C:\Program Files (x86)\BlueStacks X\language\de.qm BSX-Setup-5.21.580.1019_nxt.exe File created C:\Program Files\BlueStacks_nxt\QtQuick\Templates\qmldir 7zr.exe File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\sv.pak BSX-Setup-5.21.580.1019_nxt.exe -
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 7560 sc.exe 7056 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 36 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe -
System Location Discovery: System Language Discovery 1 TTPs 41 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tasklist.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlueStacksWeb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HD-CheckCpu.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HD-CheckCpu.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BSX-Setup-5.21.580.1019_nxt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WScript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlueStacksWeb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlueStacks-Installer_5.21.580.1019_amd64_native.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language find.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlueStacks X.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HD-CheckCpu.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HD-CheckCpu.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlueStacksWeb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HD-CheckCpu.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HD-CheckCpu.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language HD-CheckCpu.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlueStacksServicesSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7zr.exe -
Checks SCSI registry key(s) 3 TTPs 9 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe -
Checks processor information in registry 2 TTPs 14 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 BlueStacks X.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString BlueStacks X.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString BlueStacksInstaller.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 BlueStacks X.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ BlueStacks X.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString BlueStacksInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 BlueStacksInstaller.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 BlueStacksInstaller.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\URL Protocol BlueStacksServices.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff BlueStacks X.exe Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" BlueStacks X.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command BSX-Setup-5.21.580.1019_nxt.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\shell\open\command BlueStacksServices.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 BlueStacks X.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} BlueStacks X.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" BlueStacks X.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff BlueStacks X.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\shell BlueStacksServices.exe Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" BlueStacks X.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg BlueStacks X.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command\ = "\"C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe\" -open \"%1\"" BSX-Setup-5.21.580.1019_nxt.exe Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\"" BlueStacksServices.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" BlueStacks X.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\URL Protocol BSX-Setup-5.21.580.1019_nxt.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\shell\open BlueStacksServices.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU BlueStacks X.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" BlueStacks X.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX BSX-Setup-5.21.580.1019_nxt.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\ BSX-Setup-5.21.580.1019_nxt.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings BSX-Setup-5.21.580.1019_nxt.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{F70C2F64-C6C0-4048-9820-F21A2D5C71AC} BlueStacks X.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 BlueStacks X.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" BlueStacks X.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell BSX-Setup-5.21.580.1019_nxt.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" BlueStacks X.exe Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" BlueStacks X.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags BlueStacks X.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ BlueStacks X.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000 BlueStacks X.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon\ = "C:\\Program Files (x86)\\BlueStacks X\\BlueStacks X.exe,0" BSX-Setup-5.21.580.1019_nxt.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e80922b16d365937a46956b92703aca08af0000 BlueStacks X.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff BlueStacks X.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 BlueStacks X.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" BlueStacks X.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\DefaultIcon BSX-Setup-5.21.580.1019_nxt.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2" BlueStacks X.exe Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" BlueStacks X.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3" BlueStacks X.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 BlueStacks X.exe Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs\ = "URL:bstsrvs" BlueStacksServices.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell BlueStacks X.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" BlueStacks X.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\bstsrvs BlueStacksServices.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 BlueStacks X.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 BlueStacks X.exe Set value (int) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" BlueStacks X.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\ BSX-Setup-5.21.580.1019_nxt.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open BSX-Setup-5.21.580.1019_nxt.exe Set value (data) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff BlueStacks X.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 776289.crdownload:SmartScreen msedge.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 6236 BlueStacks X.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4544 msedge.exe 4544 msedge.exe 2624 msedge.exe 2624 msedge.exe 2196 identity_helper.exe 2196 identity_helper.exe 4896 msedge.exe 4896 msedge.exe 5636 BlueStacksInstaller.exe 5636 BlueStacksInstaller.exe 5636 BlueStacksInstaller.exe 5636 BlueStacksInstaller.exe 5636 BlueStacksInstaller.exe 5636 BlueStacksInstaller.exe 5636 BlueStacksInstaller.exe 5548 BlueStacksInstaller.exe 5548 BlueStacksInstaller.exe 5548 BlueStacksInstaller.exe 5548 BlueStacksInstaller.exe 5548 BlueStacksInstaller.exe 5548 BlueStacksInstaller.exe 5548 BlueStacksInstaller.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 1804 BSX-Setup-5.21.580.1019_nxt.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 9912 msedge.exe 9912 msedge.exe 9912 msedge.exe 9912 msedge.exe 7948 Bootstrapper.exe 7948 Bootstrapper.exe 7948 Bootstrapper.exe 7948 Bootstrapper.exe 7948 Bootstrapper.exe 7948 Bootstrapper.exe 7948 Bootstrapper.exe 7948 Bootstrapper.exe 8020 BlueStacksInstaller.exe 8020 BlueStacksInstaller.exe 5408 BlueStacksServicesSetup.exe 5408 BlueStacksServicesSetup.exe 4672 tasklist.exe 4672 tasklist.exe 8020 BlueStacksInstaller.exe 8020 BlueStacksInstaller.exe 8020 BlueStacksInstaller.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 6236 BlueStacks X.exe 7876 taskmgr.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 656 Process not Found 656 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs
pid Process 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 9160 msedge.exe 9160 msedge.exe 9160 msedge.exe 9160 msedge.exe 9160 msedge.exe 9160 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 5636 BlueStacksInstaller.exe Token: SeDebugPrivilege 5548 BlueStacksInstaller.exe Token: SeSecurityPrivilege 1804 BSX-Setup-5.21.580.1019_nxt.exe Token: SeDebugPrivilege 5776 taskmgr.exe Token: SeSystemProfilePrivilege 5776 taskmgr.exe Token: SeCreateGlobalPrivilege 5776 taskmgr.exe Token: 33 5776 taskmgr.exe Token: SeIncBasePriorityPrivilege 5776 taskmgr.exe Token: SeDebugPrivilege 7948 Bootstrapper.exe Token: SeDebugPrivilege 8020 BlueStacksInstaller.exe Token: SeDebugPrivilege 4672 tasklist.exe Token: SeRestorePrivilege 5788 7zr.exe Token: 35 5788 7zr.exe Token: SeSecurityPrivilege 5788 7zr.exe Token: SeSecurityPrivilege 5788 7zr.exe Token: SeSecurityPrivilege 5408 BlueStacksServicesSetup.exe Token: SeRestorePrivilege 6244 7zr.exe Token: 35 6244 7zr.exe Token: SeSecurityPrivilege 6244 7zr.exe Token: SeSecurityPrivilege 6244 7zr.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeDebugPrivilege 1140 tasklist.exe Token: SeDebugPrivilege 9496 tasklist.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeDebugPrivilege 2556 tasklist.exe Token: SeDebugPrivilege 5784 tasklist.exe Token: SeRestorePrivilege 3948 7zr.exe Token: 35 3948 7zr.exe Token: SeSecurityPrivilege 3948 7zr.exe Token: SeSecurityPrivilege 3948 7zr.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeRestorePrivilege 6432 7zr.exe Token: 35 6432 7zr.exe Token: SeSecurityPrivilege 6432 7zr.exe Token: SeSecurityPrivilege 6432 7zr.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeDebugPrivilege 1616 tasklist.exe Token: SeDebugPrivilege 3248 tasklist.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeShutdownPrivilege 9076 BlueStacksServices.exe Token: SeCreatePagefilePrivilege 9076 BlueStacksServices.exe Token: SeRestorePrivilege 4988 7zr.exe Token: 35 4988 7zr.exe Token: SeSecurityPrivilege 4988 7zr.exe Token: SeSecurityPrivilege 4988 7zr.exe Token: SeRestorePrivilege 6672 7zr.exe Token: 35 6672 7zr.exe Token: SeSecurityPrivilege 6672 7zr.exe Token: SeSecurityPrivilege 6672 7zr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 5636 BlueStacksInstaller.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe 5776 taskmgr.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 7520 HD-GLCheck.exe 4392 HD-GLCheck.exe 6236 BlueStacks X.exe 6236 BlueStacks X.exe 6236 BlueStacks X.exe 6236 BlueStacks X.exe 6236 BlueStacks X.exe 6236 BlueStacks X.exe 6236 BlueStacks X.exe 6236 BlueStacks X.exe 9900 HD-GLCheck.exe 9200 HD-GLCheck.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2624 wrote to memory of 1876 2624 msedge.exe 85 PID 2624 wrote to memory of 1876 2624 msedge.exe 85 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4524 2624 msedge.exe 86 PID 2624 wrote to memory of 4544 2624 msedge.exe 87 PID 2624 wrote to memory of 4544 2624 msedge.exe 87 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88 PID 2624 wrote to memory of 3004 2624 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://deltaexploits.gg/delta-executor-mobile1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e4f646f8,0x7ff9e4f64708,0x7ff9e4f647182⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:22⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:82⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:2704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:12⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6172 /prefetch:82⤵PID:5776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:5784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:12⤵PID:6100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6400 /prefetch:82⤵PID:5204
-
-
C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5336 -
C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\BlueStacksInstaller.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5636 -
C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe" --cmd checkHypervEnabled4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2012
-
-
C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS8D48F808\HD-CheckCpu.exe" --cmd checkSSE44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5560
-
-
C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.580.1019_nxt.exe" -s4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1804 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"5⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:8932 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c green.bat6⤵
- System Location Discovery: System Language Discovery
PID:9016 -
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="BlueStacksWeb"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:9068
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name="Cloud Game"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:9188
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:6668
-
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:4780
-
-
-
-
-
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -versionMachineID=3a1a8e4d-40d7-4bcc-8b77-245f2250264d -machineID=91862f82-13aa-42d8-b253-30aa9b2f895a -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.580.1013 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled4⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7452 -
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\Bootstrapper.exe" -versionMachineID=3a1a8e4d-40d7-4bcc-8b77-245f2250264d -machineID=91862f82-13aa-42d8-b253-30aa9b2f895a -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.580.1013 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled5⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:7948 -
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\BlueStacksInstaller.exe" -versionMachineID="3a1a8e4d-40d7-4bcc-8b77-245f2250264d" -machineID="91862f82-13aa-42d8-b253-30aa9b2f895a" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bsx" -bsxVersion="10.41.580.1013" -country="GB" -skipBinaryShortcuts -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -md5=1090a6897bc62913a9546859e77fc4aa -app64=6⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:8020 -
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\" -aoa7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5788
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\" -aoa7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:6244
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-ForceGPU.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"7⤵
- Executes dropped EXE
PID:4988
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 1 27⤵
- Executes dropped EXE
PID:10216
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 4 27⤵
- Executes dropped EXE
PID:2284
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 2 27⤵
- Executes dropped EXE
PID:6860
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 1 17⤵
- Executes dropped EXE
PID:6956
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 4 17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:7520
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe" 2 17⤵
- Executes dropped EXE
PID:8812
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe" --cmd checkSSE47⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5680
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3948
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:6432
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4988
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" x "C:\ProgramData\Pie64_5.21.580.1019.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:6672
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\\HD-GLCheck.exe" 27⤵
- Executes dropped EXE
PID:4852
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\\HD-GLCheck.exe" 37⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4392
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\\HD-GLCheck.exe" 17⤵
- Executes dropped EXE
PID:5976
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:9256
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:9892
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:6868
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes7⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:6940
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\HD-CheckCpu.exe" --cmd checkSSE37⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:10156
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"7⤵PID:7592
-
C:\Windows\system32\sc.exesc.exe delete BlueStacksDrv_nxt8⤵
- Launches sc.exe
PID:7560
-
-
-
C:\Windows\SYSTEM32\reg.exe"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\n1uhlfua.2d0\RegHKLM.txt"7⤵PID:7548
-
-
C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zSC1DD915A\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\n1uhlfua.2d0\*"7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:9876
-
-
-
-
-
-
-
C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.580.1013_native_1090a6897bc62913a9546859e77fc4aa_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6032 -
C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\BlueStacksInstaller.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5548 -
C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS0978CE38\HD-CheckCpu.exe" --cmd checkHypervEnabled4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5840
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:12⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:12⤵PID:5764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:12⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:12⤵PID:5500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:12⤵PID:5784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:6652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:6660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:12⤵PID:9280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:12⤵PID:9288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:9912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:9824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:12⤵PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵PID:8456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,11079713938680111813,11785029451352339462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵PID:6652
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4108
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3196
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5776
-
C:\ProgramData\BlueStacksServicesSetup.exe"C:\ProgramData\BlueStacksServicesSetup.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5408 -
C:\Windows\SysWOW64\cmd.execmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"2⤵
- System Location Discovery: System Language Discovery
PID:5820 -
C:\Windows\SysWOW64\tasklist.exetasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"3⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4672
-
-
C:\Windows\SysWOW64\find.exefind "BlueStacksServices.exe"3⤵
- System Location Discovery: System Language Discovery
PID:4804
-
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:9076 -
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1712,i,11688352143048134405,14577311356548468680,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Executes dropped EXE
PID:180
-
-
C:\Windows\system32\cscript.execscript.exe2⤵PID:2676
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1924 --field-trial-handle=1712,i,11688352143048134405,14577311356548468680,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵
- Executes dropped EXE
PID:3900
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices2⤵PID:2112
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices2⤵PID:224
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A2⤵PID:7200
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A2⤵PID:10164
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"2⤵PID:7528
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2700 --field-trial-handle=1712,i,11688352143048134405,14577311356548468680,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
PID:7628
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8732
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:9496
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8760
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1140
-
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"2⤵PID:8840
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"2⤵PID:8852
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6632
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:5784
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6640
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2556
-
-
-
C:\Windows\system32\cscript.execscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt2⤵PID:1868
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2532
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3248
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6296
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6756
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9104
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8952
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5308
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5704
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:10072
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:9712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9356
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7248
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:1148
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9976
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7468
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6852
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4504
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2240
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:2200
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6392
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6376
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6416
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6356
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8812
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:1444
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9244
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:2556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7200
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:9928
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:10012
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:864
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6484
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:9332
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6240
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6324
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9096
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:7152
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9904
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:528
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:9172
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5296
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9992
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6972
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6744
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:10004
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7784
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8248
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8216
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8080
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:8864
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5720
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6656
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:2420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7788
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5256
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5528
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9308
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6380
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6916
-
-
-
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3228 --field-trial-handle=1712,i,11688352143048134405,14577311356548468680,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
- Executes dropped EXE
PID:5584
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5836
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8576
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5668
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7688
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9016
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2284
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:9112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7504
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2380
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4676
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4496
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9580
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2760
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9280
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9088
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8088
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:1416
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9748
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:2028
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9940
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:10044
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7104
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:10048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1328
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:10076
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3612
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9956
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:10160
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:10168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5224
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6644
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8804
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6064
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2536
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4844
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:9476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9804
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7500
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7988
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6612
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7892
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:8224
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7028
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:9176
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6276
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:8048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8336
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6004
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8168
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5816
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6504
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:2600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9368
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:6444
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9320
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:2012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7956
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:3468
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6824
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8388
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5340
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:10068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7580
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6620
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9192
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5604
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8756
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:9780
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:3408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9636
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:10116
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:10152
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:7156
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6044
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4496
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7144
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:4756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5080
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:4764
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6988
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5488
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:4696
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:3444
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7376
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9472
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:8800
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8944
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6776
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:1152
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6676
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9152
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:5268
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:4456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3584
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1060
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:5140
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:6028
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:5276
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1352
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:8084
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4932
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:1960
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6140
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5448
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5132
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5432
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8168
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:2952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:8672
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5676
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:7564
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:7584
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8516
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:6200
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3152
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵PID:6488
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:4788
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:5276
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:2704
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:1724
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2760
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵PID:9088
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6948
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:4088
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:2172
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:1600
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:9292
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:5132
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9344
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:3676
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:4976
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:8776
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:4816
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:9476
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6244
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:3136
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:7508
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:6196
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:6940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""2⤵PID:7096
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq BlueStacks X.exe"3⤵
- Enumerates processes with tasklist
PID:9772
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""2⤵PID:10236
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq HD-Player.exe"3⤵
- Enumerates processes with tasklist
PID:5268
-
-
-
C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe"C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6236 -
C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exeBlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=4192 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6780
-
-
C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exeBlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=4332 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7880
-
-
C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exeBlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=7296 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5672
-
-
C:\Program Files (x86)\BlueStacks X\7z.exe"C:\Program Files (x86)\BlueStacks X\7z.exe" x C:/Users/Admin/Downloads/Delta-2.645.665.apk AndroidManifest.xml "-oC:/Users/Admin/AppData/Local/BlueStacks X/cache/ApkParser"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:8776
-
-
C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.580.1019_amd64_native.exe"C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.580.1019_amd64_native.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5184 -
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Bootstrapper.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx3⤵
- Checks computer location settings
- Executes dropped EXE
PID:6060 -
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\BlueStacksInstaller.exe" -s -defaultImageName="Pie64" -imageToLaunch="Pie64" -skipBinaryShortcuts -appToLaunch="bsx" -parentpath="C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.580.1019_amd64_native.exe"4⤵
- Executes dropped EXE
- Checks processor information in registry
PID:6004 -
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\" -aoa5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7048
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\" -aoa5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6176
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-ForceGPU.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"5⤵
- Executes dropped EXE
PID:9580
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 1 25⤵
- Executes dropped EXE
PID:9532
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 4 25⤵
- Executes dropped EXE
PID:3360
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 2 25⤵
- Executes dropped EXE
PID:8016
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 1 15⤵
- Executes dropped EXE
PID:7192
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 4 15⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:9900
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe" 2 15⤵
- Executes dropped EXE
PID:5080
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe" --cmd checkSSE45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1944
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:528
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:9060
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7896
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" x "C:\Users\Admin\AppData\Local\BlueStacks X\Pie64_5.21.580.1019.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1984
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\\HD-GLCheck.exe" 25⤵
- Executes dropped EXE
PID:5516
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\\HD-GLCheck.exe" 35⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:9200
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-GLCheck.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\\HD-GLCheck.exe" 15⤵
- Executes dropped EXE
PID:4748
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:6620
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:8188
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:9780
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes5⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:4332
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\HD-CheckCpu.exe" --cmd checkSSE35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3196
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"5⤵PID:10144
-
C:\Windows\system32\sc.exesc.exe delete BlueStacksDrv_nxt6⤵
- Launches sc.exe
PID:7056
-
-
-
C:\Windows\SYSTEM32\reg.exe"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\c3avgdso.ivs\RegHKLM.txt"5⤵PID:10132
-
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe"C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\c3avgdso.ivs\*"5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6348
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloud.bluestacks.com/bs3/help_articles?article=bsx_engine_install_instruction&launcher_version=10.41.580.10132⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:9160 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9e4f646f8,0x7ff9e4f64708,0x7ff9e4f647183⤵PID:7336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:23⤵PID:8488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:33⤵PID:8480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:83⤵PID:1352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:13⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:13⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 /prefetch:83⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 /prefetch:83⤵PID:6384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:13⤵PID:7500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:13⤵PID:9804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:13⤵PID:8676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10360453568408091236,17325679629561344879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:13⤵PID:5252
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x310 0x4701⤵PID:2520
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:7876
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6360
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4820
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
PID:5792
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD558534ebb5994eca768b3cc4c32c20099
SHA1f73d3838de33f51e601e81eea906fce54a7ea50d
SHA25635c215dd1adfd497f70175934bb15749f7e867a31857e3d620ce56d32eb5425f
SHA512fc9a3fbe73c0e6912c0b2fb5867882b8e15afd7cd33a487b61eb7ee4bb0a9a4552f14825ae272c841061b8ef9c4e5140f55e26529bd308fde261b9cf31de78b2
-
Filesize
569B
MD5e7fdf6a9c8cae1fc1108dc5a803a1905
SHA12853f9ff5e63685ebb1449dcf693176b17e4ab60
SHA2568ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e
SHA512a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9
-
Filesize
653B
MD576166804e6ce35e8a0c92917b8abc071
SHA18bd38726a11a9633ac937b9c6f205ce5d36348b0
SHA2561bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90
SHA51293c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005
-
Filesize
569B
MD53221ac69d7facd8aa90ffa15aea991b0
SHA1e0571f30f4708ec78addc726a743679ca0f05e45
SHA25692aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537
SHA5125e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328
-
Filesize
653B
MD5dfddf8d0788988c3e48fcbfb2a76cd20
SHA1463bb61f0012289e860c32f1885a3a8f57467f2e
SHA2569585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d
SHA512e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca
-
Filesize
812KB
MD5fbaba140f30a11e5ff4f97d921de6d45
SHA1d12360b79d9fe7ddc5380a22539dc7d4768ff5f3
SHA2564889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16
SHA512cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5
-
Filesize
34KB
MD508d091faf58df0ea8218d7e08140bbeb
SHA138ebf2763bd2082635a5971c4302021ecaddc0d1
SHA2567e5f6998d34d56aeca87f676c12a42c6c4362ae16a753dc567aae00e253b0817
SHA5125cfede2ea2ade7bbc4b63475af5eb52f78af567fa7096a2ead396056271b8745df4dc6e11e4328151ce59ab74c6c48fd49cd13e30f7f4b86c566757e310fd5e8
-
Filesize
392B
MD5ca0a329097316832e4a6ea5d870c9268
SHA14a36b93361d3dc9df9b00313f2c2b394be9e1e72
SHA2564b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2
SHA51251f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271
-
Filesize
169KB
MD5caab63a67c57a39f41b30c825116e937
SHA19e7f1265bfd8c4c9afaeb01921cd296d44919a27
SHA256c24ff1b3aa50d3a30077816f1f3e8cf242b0f422d9346dd8c50f29a5fdd75799
SHA512e8c41b6a0856cf3cd8cb279fb74827a80948cbfc855fdf027a84b6341e83a452ec0a6c7c0c179c07a633cc8381c2f276b39c2a8a8f26a85725c4de212d01eefb
-
Filesize
223KB
MD5be43d6a6bd032ed107f41c3d8714fd6a
SHA1d949ad564fe651a130b126eab859c19cc6d20d82
SHA256fad28f000300bff1b4796c03deddd95bb31db6f0d7bcfe970cb0449ff1e4a6ee
SHA51224a2372b8e2fea6b0f63d3f1a35b219ac1292239e7c40f2ede1c2eafd665d9cc7183cd89fe4b7029044438ac086f342ea308a96d431764604d227765f118ae66
-
Filesize
131KB
MD5169706218f98a42594a8c5c5a65771fe
SHA1b8ded94180212578d86a031eb71ef93dcffe1a26
SHA2563803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697
SHA5121c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448
-
Filesize
447B
MD5b09525b48c0023f893d6b64d06add4b1
SHA110ecd439ea04e02eefe17f6c110d0c0a78a1db21
SHA256caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e
SHA512c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f
-
Filesize
605B
MD52e82bd45c7a8b2e216c27a24d42f12a8
SHA18ff552358b2d77090a54dad0c12c2757af2ec433
SHA256e55ef002466578307998045edd5e10577161efd1cf8f1a71768a8046f4c2ee0d
SHA512d8f44a110bc31d5834b337553baa599c9a127d7335aeddd7e139ba5c7851db006d36ef74d841f10f7fe69e25edffd89a6faea9d3c72eba27bbbade843af440f7
-
Filesize
171B
MD590d5c0e2977d65b21b430f486114521e
SHA1cfb48cef2634d4be33210ba54e5b7c5c197530e4
SHA256aa538477ded33f33e33cb9a21241dacaceaa0c3e5ad8eb1b6830a448262bc998
SHA5129a3f6690a638a69232335b746a4512ed1c623baa984d87cf4127663c4f85e818a4220564c63b764570e2ade8302989482580af7d9032052335d44b9c98d2d37b
-
Filesize
577B
MD547ff3e4cc15b8c4a07e3ceb6cb619b62
SHA10318e54c613b8ff00f54d843e90ef88310c1a96f
SHA2564786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a
SHA5120212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e
-
Filesize
480B
MD522efccf38e15df945962ac85ac3aa3b7
SHA1b94a8615dc92982e1637680446896080f97c2564
SHA2560ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92
SHA51241a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee
-
Filesize
619B
MD58c11ed64e4cb4e992c891a1685f5e0bd
SHA11b125f8aa3f77ab5e23bcf18ff7fd9efa5232bc5
SHA2564c64d4ad8897d3198cc69c27e54c9ad24aafd70ee2818a4eb3a970f24b7cd535
SHA512c2eee227704f0940bd46db419e42f15ce0dff3b006753c94005ac4c063fe2a2f0f24833a6674e9bbe570adcb425277a78bbbf398d600017e05357f33661d7c7d
-
Filesize
4KB
MD5fcba632049814cf0a7acbca5190f950f
SHA1c4eea394a7915d941a13642875f9b48dd455004e
SHA25685c5c2a28d96e68556f3f70c8dab61b8527a9cf500d82a1b34a54f853985f4b0
SHA51270323aa1a1a3249429b10bb6292a3dff7f69ac787fe33123609ece058cfd75d39cfc382417d8bda0fc63bfc9971cf85b56e706b37e7acba0195ebaeee1f606bf
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
487B
MD5586697ba5eec094d871ebe6013d0810f
SHA12c9f68a1f1298517ffb52bda6322c7d8186824d2
SHA2567f09a727eb068178bd8114fc689114b48697e0829307f3e64357242ebde24da1
SHA512e5f8fe940c47392805987bbd3483203f62dd36385fe94a3c366024fd0f5f2ec53592a7a564bcde2f797a61f0df651e9993f09d6307134ec9180ecb976255c712
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
539B
MD54fc2ba513d0e5a295c3b1bd71443e14f
SHA1c741d2bfe96f3d2ee539cc95704ac96be8222693
SHA256c4fb1ab09b79af550dbc1d71097ecf8b299984141bc7648d12fc3961fbd7b2cd
SHA5122f20ac7f199d3d2d9e7f767e98325474bc20fcb574b73fee4524704b409d8a200771f5c1bd80496228d7eda0416c1ae3c220bf3c5b6930386599571af964b637
-
Filesize
539B
MD57c7f4262b7f37cb8b286b6a8936cf6b4
SHA171879a5be3055a02dbae32c8ae053e8d5a46f1a8
SHA256cf6ec4bde29036b7100486db8146b396ad4624833417cef5b3bbcf6af5dcaddc
SHA512d59a054070c698129e0f79354df7a02ea43dbf23318824ec2490e0277544354054efd5d619b990773b474d3ae8fa565b2648e098f2e5be581e2f2ce04e3df701
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
2KB
MD5d6bc307eab466196baaa15fc6bf46eab
SHA1811bdaf18a0ab583251bc9b4e8f7ffab1e4316fe
SHA2563efc66fa2380e64ce13b78b0656c2315f88d01680a551ac7f7598d79adff6793
SHA512c94053fafd07891142cb54aeff194e1161cc456792758fbc7e8c5c0c513c374ef6e7102df56fd289dd6fde028ec6ddf1d79c12005e77dc015dbd1afbb63be1a8
-
Filesize
745B
MD58f2a14eaa29bcfc64215184d32432a3e
SHA1d517c9d339230a4db33f0f1e961fee689029f723
SHA256eb476b467fb0dff944b012c5ccff5c6e1e48d294b6a8a7e3e0996da901a78bfc
SHA5124e5490eba22b62a7ffd07e16d850b7d23a15c3b4ba9ca33ada0e2b0f204df7bfe85c6608512b224272aca0fb7175029b8b11d476c2244f9415e7b21e487a3371
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD5260bcf9fb5b40acb697fcb60d9ee36ec
SHA18b0da5c1c041ec062fc8549de60959b3dbe43a85
SHA256974bfaeea391c21deb0a73e54e749e8c0e4d5340dd0c2229f351aea6e5b3a3e5
SHA51286db0b5ecbbbf2179774cc3dc4e4bac2cca4113136ef6b202bbe05c5a1a56a9805a97f10e343e02440952ea0c0f456a09f14fdba8f507c8bfa31424d02d6b21a
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5222fe16-8a33-4841-9a15-3b814aa37693.tmp
Filesize11KB
MD5a4c56d61834d1d72df059f4cbe5e8fea
SHA1f1b7d699abbeb71f12fb96e3cae92ddc2fd1c86b
SHA256f16e5d7b3d0a92afdae489bdbe13ddebbaa89480ffbe74a3169ae4d8acfa8b5c
SHA5128dedc901b539cef5644583b17456e0a83fbc5c61eee25e1b3443d1bbc660553a75314e6caad0f380f6f2bac30ecb5dd851fee9d3eed9148bf7073df4ed4bd8b6
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5b376138c46cc111800b2ee3aa23ab12c
SHA1ae183d47923cfd379f92912928cb08c8424388b1
SHA2561b0abb7cafcc37971327d974c4ffa5a8dd89ad3598c307efac4fbb99e157e635
SHA5125891fb83bcc389b089f1a51a3768be7e76f169f125635f0ceb6e3077f386c1b8dc5d2d32ab2630f50e55068b978a49791da26aa5af740e6a19868cd4692a494a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5c3b2ebea56f76f39b89c97ad10de1a4a
SHA1ec90711d18273325c3b650f51bd7b25366e141c8
SHA2562eca1e89caa968ed0add7be6af8e55d3a08b9f9830b2b09b3f81b501c9e86661
SHA512ffb59d0507430f6bbe6719acb58727ad707c047f191e06ec35249905f1f9a73700660fd8f081694d105e7670489be88ed777d00c8607fb177f6e9631bb14b097
-
Filesize
11KB
MD5326e8466d78971a47af434f39233d35a
SHA112419f1710a034a39f509e0cc4b62787884ed08d
SHA256cdc0436e7e1a66cd47ab80bbe0fdb5e0c101f19316dd0423102f2af28745e82c
SHA51254c6f6dce9ee59e2de81b74981534063302bcb560bc62e969462b8925093b3a3e4ab59d79a12b9bf343cc0e28b95f72a2d31415abb37649d861ae5cc7a1290a9
-
Filesize
13KB
MD559f917d2f0b25f3ea0aa64d923ca3983
SHA1b23e4719736f60bc19ab79d6bf1766e57ac85c5b
SHA256668c5392ee0bb4da0106a3f0a3607ccff2de14f769a37252a7a61e7cd65e1837
SHA5127f9729af5c583cd02887d459457d0495a9be3e06fe9001a2eafc11ef33feabaab204225a1133111bf851a6e3df6471ee9f1ee6f412e244c05db97c5babb23eba
-
Filesize
11KB
MD55491c0259eb51d6c09e06c3dac81bbfe
SHA1edc54faf691620c60a3374c71f9c92022355cadd
SHA256ddfe77894a252cc5565605ca94be8e2033baf69dbde0f0fac4ee6c2d0e58fc11
SHA512e797ab3567e675fcae92db054fba203941dd531610cd7674bddd593c27553e476a8002ba7b8810f4be6aa04dd5440969cc032d5fd4699ae7b59cec7deec6b78d
-
Filesize
5KB
MD511f2a8283a5cae32013dd6b2c94fcd1b
SHA1727c94a83c45e7a6b77795d7a3cd5c818727ce89
SHA256cda842bbe5eddad0b3623572038b05cf7c571699ce75a357771b2d3d2a81e4a7
SHA512a3af80e373f1f0563482026ea00ac208bc5fd9a19927ed7d2793f00ceae6ec95fe54158e9ac5ba9db1ba71eb1ce08277cfa35252248405ef16b6479158e2ad4f
-
Filesize
13KB
MD5354d1ba6ab40785d63c73a554c916da6
SHA1b5f4d7cbe32654c69ce823d96c3c9f2752365726
SHA256963d5e94600107fdb087122300cd61b3f349b1c82b6910be178a8b86fc3c486b
SHA51205e4b51dbf3cf7e7d930e3164a859e5419d9bf940e162190b0540d9d20d5d28a6a40c84f67af491546fbdc59ec12757d44cb9abe21c855f3da592c8a8a72bdbc
-
Filesize
9KB
MD553c623a8b79e00ea6de70ad88e6c3495
SHA1046307c3326095d025edd7fc547148cfc1c0f748
SHA256a9332aaec5f6e8651adc3adb49ba462373ca3dea4018d12693ac9afa6fea884f
SHA5123c4aae34384b5ed2a78d3e1dad197acf9aae3a349106f0e295d9ccb9e00b079737160d370f2aa0e814c543e5e479dc1718143eb2d2317d4aa556cfe6ed182a8c
-
Filesize
7KB
MD5ffb0d35ad7952efcb48a610a8e4d3c46
SHA116b6428c388ed113c3c70547b71d255469628e7e
SHA256192caeaf239245830b4e118772df4c268baf6721ff839e9e8ce789ada1575035
SHA512459c8b88d541b4eb69de6cdf4f2e1e5cac743153345675de4c7df6ff8d71f9f4b6128979f88af4b58606ebb0aa08010e47cfab4dc844e9dfe0261201bc593c00
-
Filesize
10KB
MD5e05bb0c2714d15ab16721bc8ef4f85b2
SHA1f5f9a471c0d3b848d7502a263aaf957217ca786d
SHA25626217ecf8cf8b7e94239a6106cbb0461299741a6399d3ca974e62ffeabbbbcbc
SHA5125ba07dd26de879853a85536281c3ec01dda8294b72658121947651efe227105a6340be5b2858a6d6dc125f8d091cf94eba033cfaba752363cda8f68f581c2288
-
Filesize
13KB
MD5e64d6f1e2213dfa862a45fd9f1dd52de
SHA1a3b7723acd3c1680b3cf0ff989d0854753b71cdc
SHA25637ae8e8c9b40529fc673cc6f252cf09e4073a014b9715f57786dbbe1e4596a61
SHA51274f1d73d70a6cea49242bd88a3d1a2a57a42ed4ef5914a0cccb7eebbeced1f2a19e2805d6a07634f8b547c12d34167a926585e71c6b9d1131347eec42a7b2b9d
-
Filesize
13KB
MD5a1684050c02eaec471a4bd2d07bd7f40
SHA1f54f65380ace613cd4cd023b5ccfad5fd0386329
SHA256012e193f4aa0c10747c4157cd8d3779f6af35ff289e99158b39d92e24be854e1
SHA5121335dce68ec8ec8332930eaaeaca9dc69e0978473b299505d0190206acfb02bdb1ada345dfd1ce9695fa0c837bacf6d063ebeee6c46f4cff62e6bafa6b87500b
-
Filesize
14KB
MD5c360ad0eb33d2ae2bad73ca67e69cfc9
SHA1ed5dc776cd03fe47d72e81524e49172f1872b48a
SHA2564fb330dbbda6d4fbb8b84a70f505f3a5bcae70cf4c835cf95dcdc3b2c60255ad
SHA51288894670578af8b5a6663abba8ff2287675ef59806c5f8d5a9d9b3a7fc638422f0f78f2184ecfb9221cd54693d5adb5813ada6176924d0ec648224f9df0b1b40
-
Filesize
14KB
MD53fc4f80bcb65e167bc384ac1e83d5cac
SHA10715314deceb7444fe6ce7413bd9db8864849bda
SHA256376cd1b09088bf1dc55276bb1351554ff9cfde8b37b425e4bb128e06ba143105
SHA512e300ea2ada3c0b535a54b62ac2b6cf2119a57ee74ca9bf541e3f53efc5f2ef1f1d58290a4835d4ad9254dad07e3d1d8b8ac0b28765af8942f444c121a013d97d
-
Filesize
13KB
MD538bac64cc5e0892ff2a66ea156a8556f
SHA1a1f95fa5d7f7e7906983cdf8439eb2096f561a3a
SHA256ea2b054fecb7ed167c5d1735c674479cb72475ac7ec256e5e36eeb2874597795
SHA512340c5ae4dbf13bfe5d1c348b900ef54cd8b9a64f3119aa56f3f7807c4e6644e1c7f24434ef5e117e74bad42042542ea16750ca0463f3eced8899b19bc3cc023f
-
Filesize
2KB
MD5432935b33da71a026b6b26e5935488cd
SHA17a1be57b99cd7d34ab2610825cd48f4e25d4800f
SHA25648cc16b8eb5afbd2905956c27f4735db7563deff136c30421fe92c5f38cba8b7
SHA512588d1660a26435c324bc729a8307eb50640fa967f7133d16c3f4111448b688c78fd199f13ee0e510bcbbdbb86629664b97fe1c58c3cfeaafbccbbbca4a1ec4da
-
Filesize
3KB
MD5bfa3dabfa1f077eff30b0928137103ac
SHA10c8a62412c663dbb1aaedd1a63c1cefe83fd5874
SHA256305ebebf872932036ac568080e3caa84e573f1d83a5f90b906183e21f1ca5c32
SHA5124d095c9d253ba99b2395fc6529b352da739b6fecc67dfdb84d06ba1e0981a9a40a9b915984a3ce1c07d238e2fc5d62b501ac0f38970696c8e076ae2376c8f1af
-
Filesize
4KB
MD5126a0a8321c6cf96bdbe7284c99ae194
SHA10090fe5d12ff22a10571091c6fabd5bc733fee50
SHA2562cfdf2f638e50bc0a8b109d6a56a3806b7e5544ce001ded1ca1167e3931cd88f
SHA5121a356ff46d2e81b2b59c0a1ccf597ccc6c4f60873ad146d85e95f78d4015c45e68563741a7771d221c01d7e3ac4cb78072604564d16ffb7eccd9c6e60d10e643
-
Filesize
1KB
MD5e1d878f08350eec97c826ca591d3b09d
SHA13fab4910f6b60667604be44f67017e34ef4182f8
SHA2568bd2dab53892cdf4e5fbb09b1e5ce9d61ea375701dc5f986b55cb9c599a62ca7
SHA51226efdb62e04b85b5d8feb67d37bb07c1d8d9712fe1c99a51053ac78c2757430ced52f8d5bb377380def3c40d2ea06e80d7403c9a4059fb17c8392bba0250832d
-
Filesize
1KB
MD5ee0275b24f41e27edf9b5bad9306b37c
SHA1f86654367f546e1301340bb8a9caf5568f5027d9
SHA25676c44864b9e90f2a8dc7b611cc66adc42d9103e0717cb07fc8fd51579222dd80
SHA5120e33d118ffaa2db82d9a90f1d5ac9df7ebbaa40e58b44d44e31757d6a66804d7bf1f324ea072943f85ec8811f9a07105ff7706736c024e01e10d992a72aed2e7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
10KB
MD57a0d83f380458f321a43ede88ef9a735
SHA1b5ee04e905a59229cff1793c78a8bcf23ec8d781
SHA2568cae0e71b00b127b82b2d6e3d35d1ca36ed1839dc8eb96f03b90f713020efd46
SHA5125903a984d2be75b8ad0f49a0f67b42a03c42381a5b7dff3c26a7314c116a8f9d0fd8373f54818a33e1b858ff791f4b015cafcd19d7927ba14b81322569f36a35
-
Filesize
12KB
MD58a30912b092351a24f3bdc03c5a51132
SHA1891aaad71f350c6d22c3dcf39b9b7913806cb27a
SHA256ad2da4e00c7dba134d0452f89dc92556b212eaa2e4322eed22f0ee7864858fa0
SHA512f452a914dc22dc1b62bd567dbbba62d9c9f2c6c56dcd4beb3783d41685b03f8edc6a09894e01d48a16dab17ae3ad74abbbdc78d3f13d096ce3dbbcc6a01eca68
-
Filesize
11KB
MD54beff4af55bf7737b3edd8f24897ec74
SHA12b0819d6e9bfe7fdc1b6541b7c4ce1f9bd866f4e
SHA256ab0ac910f014fea6a671c5f5ea68d1b44d1de2c1a2cbe63e3860b893f6cb5437
SHA512d0f0046a2947624481f904849e43dd4c06f34b31e970aca5c6cf267b31797f7851f1d90a4d933a2115190724533d01e8a18d302f090b67c8332a2071f2bbf51c
-
Filesize
12KB
MD515b9451473943ec600a9beab50e9d65a
SHA1b7c113153db90a3cfcc7c74b853f920cfa4494c6
SHA256a5ab7714c57796e5f4053bbfe9d41c1ccafee118bd5695e779b8af10cebc538f
SHA51299d8cfeccbde84d65ad9912cf6b6f32bbc71a307bf481859a98723929a30e4c2104539055d97bd294bed635db3b99641df53cde1c48f3418826492742401a194
-
Filesize
11KB
MD5cfd86157efdd4a9d23dd3208d0576d60
SHA11b915c63785aa0825b1ddf36a6f95a73605a12ec
SHA25660d52bdb6ba3d3c44a256eeb1a4c280006484d6b2f4ec137ac556915e0376873
SHA512ddb6763774a7a729997de3c7a2a0a5210e553ac053d8966de5b490fd14344bb76cdaf520f691fe6fbf2c652fa9104c8b4e58a8fad20c9b357c2b05020ffc5c7e
-
Filesize
12KB
MD53b46dbed351d0992ca947e0a7d90c582
SHA1316ee9b6e589cabdd79833c24ed7d72d9cef3b56
SHA256760f622e1a4b09b4feee75a1ff58c2abca643d133866aa75b77e3930073bb6be
SHA512d3ef54e7871adbdaad7e8a8d4893b53fe181a927a7a0c6fbb0bf17b992f93a058cf6b3506ea06b9020b8b1bf248ca82d8e07c964f0b046f287adeef2f240a60c
-
Filesize
12KB
MD583c33a43e36f06ba0b305e101b08456f
SHA11702215c18175c5c39cbdadebade9285d275dfdd
SHA256052d5345628fadd9dc05e032b74538f385e7045facbfe5e8bca3ee48655136e4
SHA5129992ac6b023670f5a08ae98664957d8a2e9245a9db0323c2531194e0fbe44119481b936d1136c8dc7b4be54478237342ecb5249789076eb5cc87e7de3f8110a7
-
Filesize
264KB
MD593ebd5cd43aedbec4b66181fc4a64306
SHA12e73804c68a5a525ffff90e6e0b035e98df797a5
SHA256c64b24ea43279ba9276b894fcad4d11dc035f14204209be223f9f64233216680
SHA51208d4e50b8b79295ab61f50458f0de46917e6b94cdb2fec5a84c748022632cddc69fa9748c868a210fbfe87b7fe4f31a243e7d0ebae7abb983e6206bbf381c66a
-
Filesize
801KB
MD533f277e986149e4b3cb590e052c4904e
SHA100d90936afc6183b612d03a3ec12db2bf4b0c8b0
SHA256a753fb439c724ccfc00a0d5218ba540ed13e287fbaefa55017d2a96c6b616c29
SHA5127aa2f723d3c042d849ac771c190f2c06de532a8f263eb0ba3468f0594a1dd8c58ba545b58a77f611d1c4feb519138dab455dd47dcf483907660089c8f4c82546
-
Filesize
458KB
MD514eaeddcdf2c09f7fb65ded924189684
SHA1479e6d68e8498d841089b6e16b0492a0a54b570b
SHA256a21e6b63ae0beb3e3e83fd0d845736f971375107278028a6c1b4ebad56483552
SHA5128c438ed3313e18edbcc597ec0ca85a48c521f2fc9cc59102d3401f385f0a4cb88c1b31a9427fb6fac494cc55fb7eb52078fdcfe43c678c7d372c06afc4b79639
-
Filesize
100KB
MD5b4d633e92d4dadc8091cdcc8b7984bb6
SHA1af9c0b922f008e209bc7e377170397853882a210
SHA2560c739e65932607d4411ff808910a3a2f5c532e1f59a2030df541dd2430507e57
SHA51282e344a479abd82390fc1fb310a91c27f4283b4946dd0cc30fc171c79d6227187dbdea28c30b29081318c7d57ae664849119d9c8eba1bbb5790b1aa06d3671f5
-
Filesize
799KB
MD5ee7d33a5121214fa88087a979e05eebe
SHA1a4787e83a6c0af326283ff5819ad31249d622331
SHA256b22043158b7dd77575941073c1cca87ca3857d3b848025d9e6d90111b811c7e3
SHA5124e4cbbc9500cd37de0733b446ec7cee54546b5e909d53c380cf86e281975bbe04f614f08fb09d52aab22925d871a77e9d0864c93d9a6444553b1840c8b8ca1c8
-
Filesize
902KB
MD563b327cae6b675a266fdca61c4c8590c
SHA1a64b3fa950fa3af20e26095744657bb5c71b19d0
SHA2562b6d56e6974718c8f1bcadc10491eb17331d79743bc56e75e732db962a4ae476
SHA512d7277df2a9efc5dbb5bff77bc7154cd4d938505efa161b69f76699717aecb8e2d904040bd92e6949d8f0821563c401a4f3a6dccc337050097feb04cc9812ab54
-
Filesize
5.9MB
MD59cea40c72f61eb5bf291954fe13d1cc2
SHA176cbc7df5c107618957c8156bc6045f483e3dfab
SHA256a4ad048100b365f502cf87e05fbd2821c2768e13f1fed884a66c0d1b8077995a
SHA5127e9d6b2a7062e8e1d09b2ee02ad81fd3c121c8092e1550c699040114cd718309365ba503dea38a4dc700c7983329f00b06cca0b0beb42fa38dcec5f8c741826c
-
Filesize
540KB
MD5531913c1b3c5a003e072f2a15f58e1a4
SHA1cfa271e2e30f74d2506d636fe0a8298b1a76a19f
SHA256d44395bd0254733ff245f64953de2637961d3ca828349fa414040ae56f1d3308
SHA5123a4869f9c18c748ed676de4256145246e1ddd4f3d8c6c71c606cc96b320e88c705aa97bc523fb306ec55480332c84e2f92f813ecc9c75ad5b840215c67703228
-
Filesize
121KB
MD55257146586898226daf4dee13145fec7
SHA1a4327cd173ba12fed509d26ef37abdadc232f845
SHA2569c6230b295abc5b8fe049458cda91ed9fec94c6372756ec0021e752fec123862
SHA5121ed0fa8593f76bcfffe0601b219ebff85fbd20e0333a8de3824a83032a1f1da791493c96d3bed9a4acec9d73a5046ddfec3f194a6ef37bc82cd843dcb1feed27
-
Filesize
496KB
MD51f819f619fc841ca7882a07c5b01b7bd
SHA1c8c4795e8b4914a3991a22e38843d85140de164a
SHA256da5b9c5adf8d1d43e40005d3bb37b78aee8eafe8d6b1b38ef958326075a34fce
SHA51281c7ab0e83aa3c02f6a1fa535f5503b60b6778e79984c099b7ca144e2567af13c4e65d9aee26fc7367f039069a1f41f72eaea9acd1fa2c2238cc8cf3cb481ab5
-
Filesize
866B
MD5f1a067104d9bd191b0f3d848a0fa6d64
SHA153b15433f57c61c540c493963aff6a77f9fdff45
SHA256bb9481e3e26069623c4dfaa9cb9c415529d084edd67edda1595854421bfac5ce
SHA51271ec428d3ba43ea5c544f25dea40e58cc3f8605b6a15ea4312427003227637a99e74cb0e8f04a4a95a726026a65c2c02a31c1204db00dfac259298b3cf91b381
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt5Compat\GraphicalEffects\private\qtgraphicaleffectsprivateplugin.dll
Filesize312KB
MD5329586d78bd77e76e91c50602fd2c956
SHA10a9aa198a6b1cb7dae7dc6d9faf8242f4e1acd7f
SHA25619922327ad13710715304f6734ada287f6ca3fcd5921e27d5daa155381d03cb6
SHA512f99747692ca92a1e5df9367d77ff20164e81fd0a3a986868555f935667bcffe290374a4b90c22a0cff6fb4e56e5d30da7a717f1e41d91fd66f94cdae7e9023df
-
Filesize
1KB
MD5dff2761c6a369bb68fb64757f2ce7a1b
SHA11b8f6975a6ace9a806aa332af0f90a92d4cd3b38
SHA256746e523c5ab620100ae9331b0736a7b76013b432982c9aa68c10cf67fba0aa89
SHA512fae63c67b220913fc81f385e9de05f55377eb3bbc1ca3c5d3f51a2aef05532631c1c9d34013eda3a4bd88b98cb86d5e5f78ebde6ed48f0737a16b670daf202c2
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\Qt5Compat\GraphicalEffects\qtgraphicaleffectsplugin.dll
Filesize557KB
MD540a9f3952037a83b01bfed728be9b2de
SHA161c643498ff17937e3e42925733220e88e207551
SHA25634e10130fb528670c01c03c3ab9e1ae7171df0de477211a050e797bf9b0eaf2f
SHA51276d8b87dbb1ef249f9b46ccc57014a8d88b29c9603d2502993c30bfc8d394bfaa4caa2b7e1bc05de28ce65a1e82aa71e3ee493426b929ca1218f0d6cc9e77e66
-
Filesize
6.1MB
MD5b5fdc51aaabe8c0f1b611e003817b3e0
SHA1e856cfb754a1f753c85f10e3e51914b76c916f5c
SHA2568a1af6b5ea341ef0d01573a9005e5c68206cfef6853b5584e8a737c26c9d9ee7
SHA512b9d9973d34087dad86a0b6fdaa0a8ffcb1261c73782459cdd16675001bea9333039e9a75da98c4f2f24891931fd4ce7dfdb090dfe046d47ece6b5ada99368afd
-
Filesize
8.6MB
MD5817b182e009f388672445e69144f8543
SHA1a66cf9f9909bc2c4306dd7a6382965eedebbcde1
SHA256cfce665b7c477ebff815fb27a9b55d0b629183c0cecb5282a87bad666d76daa8
SHA5123e7ac5cf005a11d0d0e23084efce3256a342fa559c393f40bb81ced616898e03ebdf265fbbc855864d402665471010210d6ed12a2688f9fdb4383a0c659043b6
-
Filesize
844KB
MD5bdd2401c24e694769007d290744fa00b
SHA1b1d5b2333a643fa3010fd4d1de8a403f6a42f033
SHA256d65d749813c1778264115ebd03ecccd87628dd1432a03560f13b009330459306
SHA512922ebff563f4c9a2c04526ae9b3d0eb63a4a3e2a60bb3843c08aeded55f6cce4dff247ddb70b44ff31de9c6e49fd9af78cbee45b4b05b2b8e6264fcb86ae134d
-
Filesize
230KB
MD5b5a48a332e16e6728a2d26714c126c49
SHA15f6b55c7a2eb5afe58b5c09185d2ce1eb97e4518
SHA256c87fa93fd57a6fb2f7d10e9c45ec09c9cbe1298ddd5f4d7458ff896e99b17b85
SHA5124a5f92f87c6eeade882d088ef6c46cc93a57786fb740422806e6a603db4dadfc9ddd018829add5c59db40ed86a4d5d25c933d97b712cb2b757a32a7c8771037c
-
Filesize
1.7MB
MD5794760c25a8de30dcb152808dd5b7416
SHA18a4fbca5e2a29e56e5d25db6912a23784fe1a644
SHA256f6702966e341d9a2f1707df5833db984205b3717fb5ce3cd2a37383ac347905d
SHA5127d03a3077644e394aaf0e9ebbb1dcb28c4394139a508006c4134891670541d599216a8fcc1e229debb84ddfd0c2248392510597e2fa1073675e01728a0d8dfd8
-
Filesize
1.9MB
MD57e0773c305ab95833cb14884766fdad1
SHA1566c5942e445e42ccda7766bbb2c7a5ec7219948
SHA2565180dc9d9394d8c4de756d6e97e6f12e4f27639578124236589e08ba837f0d3f
SHA512809599445c48b9fe486ad157891ba0459d446cc268374419f64650dbe2b11d3848d917811115aa11ad613761da9ff556a788a81cb2c5f390cf7150fd2fb75c39
-
Filesize
509KB
MD55918eade11bcca3d515081fa588d8483
SHA1a83686f6612786a3749431a810b90cbbea6e4926
SHA256ed4660c36afabf34e5ac18430c94ef82122e770c28a3f71b88a09fff0cbe7a69
SHA51278167e577f241d0ebf2fdae86bf4d89410c36043ff8bfea7544942d779297434e738db5c8d8f928d13244515d9fbf3535c8e8adbe99d351bb95242cf9cf73bee
-
Filesize
4.9MB
MD5903ee7dcbc454a86d6eb9827ea627966
SHA12fd693ba9ea121e2055f12a966028f2264ce9275
SHA256578afdb3822eac599b48f6e101a35d40744afcbdea8f35bf3c69b57004c8ad51
SHA512042bdd2283578faeee87d8f338e47db5b138e0118de24fb4533c353e8a4c7f5d99c7dd6ff699a8d9da706dfc56e5d712d285e17e2088a0c56b531206cfef03ae
-
Filesize
715KB
MD53d185167828e5b21ba37d2f7a366aa6c
SHA1a865604239a8c960695512e494b6a876ba052720
SHA256846d37da5d81570c08824fccc2a1fa7b10b40dc15bcb2a71b9da553b87680992
SHA5128d41b405fe4c1881b2f6aed9a4d655ed9a3041a92b977ef7e48ab7f27af1e61f6b8c97b48946a15ba7ac3b99ef06186670d42bc9f0f68b7f8e02ae79e0de8f55
-
Filesize
74KB
MD548f041709a6b31471d6eeaa090232d19
SHA1feb934bde6bc8d4042e96b579b7b8a2b01af3679
SHA256c52c62b7feb5491d2d914ae10478f3a0bfa3fb58cb75189932f5dd5ffad31b1a
SHA512efd6169527836c8088d78741b2d813176ffd6050536187323d19e41ec1ee58eaf28ef51412665fab2425709955d046dce370f5d7613c64d2713e81111140482e
-
Filesize
5.5MB
MD559511eaa8c0fcb1af74123efd644e849
SHA13538e0948e97f898745b0abd268ce15c97d00715
SHA2565deee180c5947e3370cbde40ca5151367d8cf48879fdae1d748fb1ee995744f5
SHA512e2373982457febcb021e9eff401df3092d9edad7134e87f2ee6d0717da2df8ca47d7d089279c396502235a9ec4cbe748ac53a6613ee088f1fbd0814e49f63bf0
-
Filesize
93KB
MD5c6a5d1d04232d1f649ecec45b6a3f01b
SHA13a11301f621170b0aada088753f83b1c917edfbd
SHA2563e8892f343a7850884d88935cf67c28a97e186271c34d33dda7e5d0c83ab22ea
SHA51239ca3971179a6b11b1293d473f82cd22f8bbe0819773c96d9c952a42c93cff12e6050eab6b5b8b618c66ee93f72fa0862d271c1318e30c305e1a8cb828a2303a
-
Filesize
1.0MB
MD50efd67dea0c545954384c802b361830a
SHA1fbc6f799b9d048957dd58975a358f0c5706af5bb
SHA256241f93951bd5354b645dc85db5fb4f886e7486f624bf007ba7d233a89e5e4f0e
SHA512ede83a52bcc79014fc752360f2cc72d7c82cc2a4a3daf5764758b5a200c434cedeafa299012b4f47f84a38004f449493010faa7e5dfb734327041d42cdf2e0b7
-
Filesize
60KB
MD58a6e9a37ba9e1b09c20db8e36ceca0b5
SHA1fd2ab3d9e63dfdaaad1c5e0913e8b8988920fbd2
SHA256e584ad5196ba39477c82b53c4494e2634f1d680662366e13e9d196974f4b09d9
SHA512462e37a8d7f49f15c62c495e4bef728603b37e3d521637c04c1f009b55acfeeb9b3f782f43795ead5a280663f086018a2197b665d82bafc275b3617b17e9e1ff
-
Filesize
282KB
MD5cd9c82e899b96d90664d0fdbd3b9b328
SHA1533d7cbd433d88aa815e530c1898d2436c5cf26e
SHA256b1f431714c90b70c990378f4ed8d598f333125803a8f891b5f5d49d62f37045f
SHA512539e7f6ba69be8d86187aca70af18e59104098a7979b2258e6a6b6459d3a40b34c70ea26af524d4961b0de3da6766ec672d36d6f8766b2c17758661e5d448b9b
-
Filesize
156KB
MD58edd41e58cc4203d53ff49d823afef39
SHA138dfd9301113737d4d6fe3444e048d1bf4dd3dc6
SHA256bfb0dc7f2d715f203b19a0a39f16542f00892c7c7d2c9789d878f97b8e646b2d
SHA5125f68ef40292ba9133d43b259fd1441813ec130b935fc6a664a892fda75fadef38cd332b4175dc038ff75e60b4285c4992c0e61f6267e2961a2e0b1dd32045932
-
Filesize
1.7MB
MD51fed3fe9d304c1083e54ea30b383635b
SHA1aad2eb155460089e8d6d3cb00821bac8c5d00e7c
SHA2562560952163e1de8d982e669dd271bde723e32b2c93de6721e3ac6174fee91cbf
SHA5121121193477e8218e9aee2fdbdabf5b43f42f922b2af72143240e013268b6ba1fa4a42bb13099c7ba6e190715854798488706c44158408e2ebabc4c0983f7b099
-
Filesize
48KB
MD50206f58a2b914da1ac21bec6858cd61b
SHA1b0169cdba3e35229d29809e7da759b1fe198707f
SHA256e54f5c10133e2b331c5da0095dbee0b3df4c0f29f2341db9d3878ff5a825209e
SHA51298e390617a5cc898d45ab3cb204a9c9a688158487e1bf55f47f3e492d9a66edc9e47a99d4610c39834b2488d06a8c0edb634a703f0188293eec6094fcb77c9bb
-
Filesize
217KB
MD58a386180bd4c11a96a1ff7b2a9b47320
SHA13a25f58ac2dd640469730045f77a1c8d36349c84
SHA256ba807b732f8b380118a0dcab28aa75c2df3bbbe1952f0b14164430a7d348bf30
SHA5126d0ccec63889f4d7b54aac8ed97e11b5ca2179ddc0174b0fdc111ef670497f349e81e4a5961abd1d4b260ad9cebd25a1ee2c5ad8dde7a9a06192c52152498e4c
-
Filesize
249KB
MD570b3be941970285ab6c5df7da09c7995
SHA19e9cf814123537cd6b4c2c78821d639457172e04
SHA25696c7d04941ce1e2aa053756c24cf770eb21d5d87488d12e0e52ff1aa23f2120b
SHA5126a0094d53fd076e45ab445435590e3c36243517d97e31b054180298d9873d67986554be182e07a4c87f7ec03346c567ee2288e12d0c8bf7f9ffa2bebe21983e5
-
Filesize
1.7MB
MD5ac8c3b6ea0500c236b1f78f7084bfa2e
SHA13d93090b8d5b4023287fad1834413cf9ea838ae8
SHA2569ce15041acffb2a9c2967cfc8144f4353f26b70113ee7e0f12ce582fb6cf4a74
SHA512269d7fabf3dd5819402a0dd7fb2b7ac81abeb775ffaf4995f00acade78cfca81613d89476638c110898e9e1522ef3c2a477f410efc33860ccd6907b27e1dac4a
-
Filesize
806KB
MD5d1996fa4136cd8c2f643a3770ecf5f5c
SHA174cf4b91731a518ee3124ce649884a2757d9c615
SHA256f3e3ae32eddd2290021c4e55ce3b519f2000d20e7e648102a1d0a3976e718e47
SHA512a9f6af09fef0f94fe7cc50a2f98e28a8148d91dbbef081ca73011f8335bc9a746e74d55b7a94d879a10ce7a3cf50e69113a9296d29beb8f5366f5be8c9d788c4
-
Filesize
495KB
MD53b75cf39102e5152a34bab94edf82167
SHA1ff99d035fba6f8e20e7ea5fecaa3435dec919cde
SHA256cc8fefc7bff06fe18e7994039b0943a26b3fed4d5c9b09845e464bad3adf4f66
SHA512ff46d4a54e4b4c7915ee5172dc8e6b176039fc6c180cd49aba2308fd7143f49529f96471d0c7e7a0f9abf101600d4414a765fd0b9b7b80c5698918b1a62cefae
-
Filesize
241KB
MD5e1c366b3a51c734adecc49be9a0142ba
SHA1342d3d3f03f3b56135b0f59a6f2b5191e3900b20
SHA25652653500fd113610125240f5d18b64c5373eb0b75c8fdcb2718eb68ba02acb70
SHA512b84b4e3c1335277f8e94e297ea827cc1ea787a6d4508435b77d7c93aa093ee3aa81b2e6b6b1d87058acca4adbc42b3182e08db5d9ffebc4e683e70cec106dbfb
-
Filesize
60KB
MD5ddfd4bea4e325844d083ca06be370a61
SHA185ac85fce3ed43db9cb8286b74a33e01b4b48b65
SHA256e842737a7a88fd6e7822d85a93a8eb0b7873f09cf1c5ff7bef21b53d2c4dbf41
SHA512e462089d9f01b93efb769bf75dc64fa8fb275aa3a37fe48e1a3d1bdd33a9f7ac9125f8fce538d39ec05f493a673611a69cc126d10e7e55212472d9a7c4c9e37d
-
Filesize
534KB
MD597814a8961992936598f1b7683aca5cb
SHA16644cf3079595f1337116881e9cfcb2ef11c818f
SHA2561585dda7eda1e6cca66d840257b23fc0b25b0f4b448b25c0896de790ec744cb4
SHA512a6c2b88fca842a8aad3b3b1d878f50b90f573830009d0499248f3f1a38a8ceae42978cc106894855eda40708f09a215c77615960d06cdd1da634e280c94ea448
-
Filesize
148KB
MD593c0440d85f375b171fd01c5b43ba85b
SHA1f05aeb8c34aa2269a1622d1748c6702334774fef
SHA256efabaf7879040b2ff01dc1db582f15ad1d28e04684eb67f3907e24c780c4e014
SHA512b9b3c2af9678cd6610317fb7a64fdb2e1607980c515d213efc74851e8580301c9b9520bf6cc8a06d8abf8ceef47f169048dc7cf1bfd31ca268384c21752f4827
-
Filesize
207KB
MD504cc26f549ab23a726f5625d773f659a
SHA166f7b72558335121d676fdb276e3679fe4b5da17
SHA256d955e7ffdf0f3ebae045796a242949f851db07ddfac9cf50df45f601e04b0e57
SHA512b3f8f4012f683444f09e3a7a48586143e3401e5d165c6455af4bebc04c6e01d92bc3255c3dbe3fcfad08f7b55f6badb3216b342854d1870951cb153ea50c5640
-
Filesize
6.3MB
MD5c3241a2e538115dbaddf3a8c283c7966
SHA10833370c511d9e44d6a9fd44eab950a77e6908e1
SHA2566a97350bbfe5518c5e41453062548f493014f8037a70645246549de33e6cfc17
SHA5123ee01be6b0f3f112cf0f64ea3d446bc819f310a9fa23b96e6839d4a4c007a70603a7cf595c25c107f04a65110639b3d617094c1b0d1240dbae9e54ee42e6b148
-
Filesize
152KB
MD58169c439135d3453614e28466d0f3e8b
SHA114cfaba32e6f878e94ac2137852dae5dcc67e3b7
SHA256fd6e3dfc8be003418f40aeedd90aef4296ce39aeac544a3f4c04bc86ba1b06f2
SHA5126d2655020f76412a45adc3b6da7b0c5ea9e15031161f346ebb8b8875dd2356fbe0d66d9ef829292f5fe5bd6fb495e003413b4b6cefdd348188b8cb8892a66a34
-
Filesize
253B
MD5b7d5c74f4485b2550ad065e16252976a
SHA1af8c4cf1a294e7efa6bffb00bf3a66ed9750f18c
SHA2562a0f427a8594e31ed6b3fbc1b2242856976a02131cddd8c59b23858dd3d67cf5
SHA51225581e90656d77023d91e2ec5797b6290e805caec2996ec58be98c618e2284c3657be93f5cc18dfabc6ecf662279a1854be08f888805b217628172ad040c47f7
-
Filesize
32KB
MD5006ce437705bb2b7b296dec8d971fe51
SHA1e0f334a24c8710c044f5752b8d958885a49dbac4
SHA25646af14e6e6873f6c878ee68def05934a30d1ae4328bdf1904cba00d354322c5d
SHA512a0ea63d3bbc4f072449d9a5390f8a4e2394ec927ba390084c786446a72c8ba4cce94f50caa910a2ebca8b70d8ed5148542b08aac746db2f18f2902c4b2ddfcb2
-
Filesize
260B
MD52d775cb02542905e995fd826dda7c026
SHA164ecb2070786b0d83f8f01b4f0fc8b44fe0a191a
SHA256516dd5663b9e122cdbb2d212509724ccbb826b0774b1eb08cb96c5f82fd38ac3
SHA5123b2aa32bac27b3b384a518926d4e26d5655a4434a907b327cecd61a0c25ac5931f81fcc49d16d0b25cfc00f98d346bd269310829c6064a54df2664c60f43b718
-
Filesize
30KB
MD59db78074c4e988c40441b7f318d31a29
SHA1b507f2a12d6698cc4acccc14423f8adcf6da5dae
SHA256e478700ec9dd0f1de166f43eaa408a38b9bc2f8b994a80846649ff934d8c0e07
SHA512917bc4a6f347b81e0b0bab1b6a9782d0a021771b98684cd9f9c2abedf155491006a01e3d56b5265a01ee7aea17965bdcee0ba290dcf92e782937aa816d2b041a
-
Filesize
240B
MD5d23134f3e810ba1311f1526c8e784685
SHA1409d8050b045777b22529a814be8fc7daddda2db
SHA256872dd0ad9c23701f8e551ca98f6b15b1551b3af0d4fafd2ceca61b328d45df60
SHA5123b113ace75caee2268f196aef8c636482b3ec84de6055fccda50eb518bec03f9b4db2f4930177ee3d4e6ac896069a3bf27d596d9c45475428c2fcdb1e3f3afd8
-
Filesize
30KB
MD5852714229daa6a278feb0d01f8e34375
SHA192e768efc89624434a610a7201721e74db49f0b5
SHA256c02b6e8fa0a1b93c50096f56218d38e0d15099c7e1b58ddb31b24951d3e1bcb0
SHA51281152863a5758f73ef72f852e4435d5b147fc130805272a676dfe3fa415eddffeea9193ae70e6834513d0bcf09cf2881bccf18a98404f27bb3b84a1b466d49f9
-
Filesize
305B
MD5d6b02bd0093c8bb00347b387e01be80c
SHA106ad73d6ebf391957932c537f8b933ebc82d1bae
SHA25689daa248ee0544aa92530173d3e969d4c5b05ac2122d836173cc50d069805cc8
SHA5123b0813529bf0b1fa3541798a1c1b8a738f13d0a3f769b0d49aa242aca18b5ba8bd3e3e2746ab7ac0d5cd680d916777814fdda5420bd31bdeed270be8e4428fe7
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Controls\Basic\impl\qtquickcontrols2basicstyleimplplugin.dll
Filesize30KB
MD55bf2a01e2dd7ade5616ca79170a8d23f
SHA1cee7440be25c58c73600a50cb11bb6fac7136a61
SHA256554e784f16b2150058eaf4cd3003c018e980b4fc5cf93ce1e93f3eb14fbb74c9
SHA512e42aea99eb87ea4a2bdd815c95c53b91b80a0df5603d7786e0d9b1c3fb0031a5670574f9360f17c5fe35582118e73595f4a6a5f2b830dcce32a6b8aeeb0329dd
-
Filesize
3KB
MD53329231d19c34ec08997356bd2df27a2
SHA19f7214d9f3b15263ee2fee5568a9940b3b023a06
SHA256142346c196c2b2674fd0f0e7f8c1fa23fb9964bce47c02d5029041d6a9248c69
SHA512ae9a06615a5037a46eaaca120b4ccb176466d8aa0472fefea59dfcd7d83e5d05a1773f941981f41d268d8fafa421cb0f1b21bbb28e3918a3f548603a1a939c67
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Controls\Basic\qtquickcontrols2basicstyleplugin.dll
Filesize31KB
MD5bbe4d4b6f282dcdf020edea17fa11234
SHA1ea871074fb5abff1baa4087f1aaa6409f6a5f10f
SHA2564907a1cd4ad812637b1c5f7359b12f1219c462962eadce8e6f8472fbea628104
SHA51250ad4997a84da6c272c79d3dc820d83438d83512f5c35c8250e319577863903f4a8eb4a2e995b6c3d023c15aa5aa147f8345ebf573dd5083746bc25521a57524
-
Filesize
295B
MD510b88077e9248124cc7eb9a17b5d6906
SHA1a519e508367c7e7002fa17fbf1be61a0c7242e5a
SHA256d968aed9b217c5a95b8a0d3d3f48635302696b9b2f5f7e73ab16e8be6a9fc66b
SHA51290c735b12bccfc14c8583450a7df0e0a8a0d56173e2ffcb377aaedf18e6d9960b5b52ad53494da8a53c69420175b56766a0cca29b096dcd2918c533f7cda5ab6
-
Filesize
30KB
MD542cbd88fe9d6570f24b4b517e5f30694
SHA1f7109c9ca08efbd9040d983b3f7b1f6bb6c4b1d0
SHA2560736118554729f3a01528082c106c0717f92e728dd93b4f9761e7d39b050d64d
SHA5120f6e8f4c1b1d23197608d1a35827665454e3cc439b2ad80c6b358a8238ffbe2128b5196635e2f78f0ffb0302958c1b7a54eb0e8d5309a91c1ba00ad123093101
-
Filesize
598B
MD5a098009511c5c0a59833180919453a5c
SHA190ecb87885d6fd7aa15cafd2c8d67a68c4d43f25
SHA2569fd5547623ce4b95247351517534bc5b4b29d43f36f57b7f3378b24acb58ef0f
SHA51263ce67b9f9285453f5263a6b1ed612b9434c804cd0097ce56ca31448a45ddb7befc592f2901b83e66211b33cea7ea46635d9213277eaeec8bfd683ab65e62c8d
-
Filesize
40KB
MD5603a83e1eb93e0b4e1c7fe1b768fd105
SHA13f5d29c06475ec16b7436a121fc23ecd861f87e8
SHA256932a269dd90d509b03f32abdd2d2008db697f4750df47bc25eb6b02e965f836d
SHA5120f39d3091eb96348222a935f567509c7f5edfda74f7481453386c3e7053405517296d28cd264872fd1a50951d3bd417b4a40df24dfcd425d4077a3a78d4a0080
-
Filesize
273B
MD582ef8bdd05ae26b81ed33e11d06e28d7
SHA118fc845d32c1deca96d97d47a5a6900ab7f99747
SHA2566b547b8e506fd70e034967fa4678368a515dc8e7cdbbdd0fd2b1f263b28fe46c
SHA5124541c30ecd7178dd6c238a99eb3f0a9fa46029e2366ae3eb1ea9684619038832534e5a4b0658973d47597ae7bbd6e344c8cee2d74e1126c2657a6be8048cb393
-
Filesize
30KB
MD53d45a03c422d0604517d735180f32b65
SHA1cdd53042670df5cbd2a94b595553658ce21ab2bd
SHA25600edeaf6b5447c16654d1e8f010d882d909aa2766afe44f4b6e38b260a9928e8
SHA51254e288db318376cbf782890bf46b51160122e69fe4a6a61cd6ca42b614c37ca74d38f85f24717ac78efafb6ee14d844a2240dd94a41597c09875d7d651ee3e6a
-
Filesize
2KB
MD5a732e1b574ca5ab3590b8c6d6de8b2a4
SHA10bfcf7f7af86f82b196446e0542c367f88023f24
SHA256947b7856d7f3ac5e731045d2627973df06744aab3ff392248ef2eda5d42a6279
SHA5129dccaf5a9258c8907d58c0d72c9ba315e32d4878d3d31168a58e3e5c4cad234d34d668f6979d57e9e47bb5c5fbed538f4e4f7009ca3c17f614f7367addbda4b5
-
C:\Users\Admin\AppData\Local\Temp\7zS044F3B5E\QtQuick\Dialogs\quickimpl\qtquickdialogs2quickimplplugin.dll
Filesize30KB
MD5abfd86b2b24ad23f3aab3edd952ab053
SHA13f82656bff4f357ea40787d43f9610c9e4a2337d
SHA256c5ee749b4f347a1e00b1f912ebf5e4a4e6c34ffcb8877b5db556742b0c46eedb
SHA5129768741702df37fb2bccade5d0118c114cd6440bff1bd7e76801a51c34c86b82e681cb4b195cbfceb4cb2936c81eed0b40b14507084ffbbe653b1e0f68ee27e6
-
Filesize
250B
MD559476cc514bb3c0e6d94b0450fde47bf
SHA1ceddc40c1c97d5f88831e76460afb127b808fdde
SHA256be7bc0d0defd3037fd4493987ade323210f191bad527255eb32d1df15b1b8edf
SHA5123331f35f7c6c6e278192017b73ead6802ff1c394111c82c061120cfc7cffa365c407328a5b31d239f847fd3567ecc2afdb3f005062ab948c504bbbae21a381c9
-
Filesize
30KB
MD5fe46bb3ebb124f1a49f3b057f53fc117
SHA1c0b2d468629ab2f517d8bf91916b3d1361526a2b
SHA2568b25efda99d9978b84c99fb5c63b423ebdbea40061611a835cbfde745e6892f3
SHA51274d428d7737f6d0ff723c92ef680f9807c8b5eafbc472a3ba021217e0d61e74847930c7a46e598b39bd8e792c205988da51b1776076a2be598dfe1d316798863
-
Filesize
207B
MD529545ca5555980969d58494c03e810db
SHA1b56a6150c8d39708e502b53d2c7535438aa02568
SHA256de2dab12c07574207db93315ebf5bd6ec6656d1aa506df756328f73342b2a7f9
SHA5126715f3b9f144ee65cb37cc200c1be14a827cc40b6fbc47e456a5ad04eeb751f69b1cdd8d4c3fb2a5ace30173c2d61b6633958e7b8753a2c6bd9c3d27275941fa
-
Filesize
30KB
MD5cf18f633aff01189246c1a2b257bd8e4
SHA1e782db1781c57ebcae62b01d594ecc81022e6379
SHA2566be600ee9189a6c84e35eae24e91534ee5eecfdae33797e15472c6ffc8ef039c
SHA51278473cc3e4d2cde99759988e47d4387b44a5b34245d59d0b6f2dd9206f96ccf7aa2f06d841c546fcfadf239fe0a6d1cc8d775f74797328bc4bdf2746345b43a5
-
Filesize
237B
MD5d6238b74f2a445964a7f223b96bc6442
SHA1a7fbbe96872ca73d293470ff50f4a0a7278c10a7
SHA25660e185a2a878267d15f2b54f6088e1bcb3c7e66b67ac016b121b9e79b305a9ac
SHA5125cbe2966e26f6ec1227fc36e3baa363fc9997e5e2322100d8f7dcb0faf520d18c210568a7682b85156d5d73c90465c4934e557de08d82a1ca95989eca1257d2e
-
Filesize
31KB
MD5d804c42ee7783da45affec5016be7546
SHA17128d899253257f14829ca2f28fb9b7606f38d15
SHA256e931944d5eb53bd373d2b4dc9e2562951a44e49c40e177670aea7735f3a3497e
SHA5120508477329365f2bc49176d358df4c5718eeab85ccdd74a928e2f8df23eb75203115980c6f3b9ae948cc3b9f3cf434b27784933ba36f89f43cee9ea77cec4a02
-
Filesize
213B
MD594ebe16c3ede17a27d79716cf1b00d3c
SHA134f50446b26c05a86018c2fe587d0cecdeb7db29
SHA256cf518c3574e25f91acaec7ad8831e28c18fccfe15411672ea56809b2eb94077c
SHA512f19b2326600b902bb124a8c5b07d70ac2e6b6f65a02be9bf7f95b7641e9c44ca3faaf3a409b5e47b4203fcd1fa62eb49ca4f09eee0e95c7806428e58971ade6a
-
Filesize
31KB
MD59703533f14281d6ddb3635ab0fac97f7
SHA1bc26999f82b97e56aef84fff6b2adacfeccbfb49
SHA2569aea4a0ab67426a0ca989e62e8a5cd8290cc169fedea5dc6912be3d32144ab0d
SHA5123a4472f522924f3e9a930438e514d034141732d9c0df76961dfc8ff4d8059ddd89fb89ab85bfabd5ce7493b15d3ecd4ee4b61110be4ce9cc011aac1d7612c938
-
Filesize
215B
MD5229c819d9d388357c948f58e96513964
SHA19580844569cb3de2d0f728695d9c83c6713d5c74
SHA256137c386f9b2ba49fb3a3417b55096f6f1bd15a794a98613a862b490a6fe4fa79
SHA51261fb9d95be728ea658b31b137216ca2db2a52ae4523ebac1f7bd7b20fdfde4442b6570b03c7defe9047a96905227cffd0160a6e3f42940e27ad58dbf3b3383ca
-
Filesize
30KB
MD50c90675a28d95f6bb1050b69f6477de4
SHA1bb8518a467430fc41322060361534ae73879f362
SHA256e9f4fa73ea93efa6883c8256f74e4351c7cf808db721e0e1d49d4f5af97cdcac
SHA512c338061443eca85503619b9b9e5397a480ad60b2478cfe3468db360c88d0d5f938fc577e5393d8dd4ae8c40c335000bda9a7fbe9490f112a5ed0d2346be0a605
-
Filesize
205B
MD5e0e05541afe2a4120f98b955aa43f663
SHA18ca6194e64beef2352bd3df18770eb7cc478744a
SHA2560d728adee8ed1308524a8b3e5234781d8207a15dd6c738b74e62246f9679d21d
SHA5120333def621780792272b2c9af8ffab76ada8ebbb4733ecdcc6353cbceea94b83b25c861f424b9d5e37d4d63f198da76f58ed6d77196ba29483aaf1dcee786a71
-
Filesize
28KB
MD542d0cc66b8adffd8db1c44d4c5ebc188
SHA1092487413fe9e4cc7d65b7fa7e7540a4f5761055
SHA25689e99655ed1de0d8daa34f7fd550509f0e64795ddbe4c866c66715adbdec97e0
SHA512fdba365a2dbf7dc34bc67313ead8ed406f98412d87cec2f2c95656861c61e606929c15a834a9d8b8e339b11fb8db2deeec617a82bb4991b3f3cae268ac6b0786
-
Filesize
244B
MD5305905ee8126ed39d5f4b5312aa2c99d
SHA146a27e297e6fc3846f64d23b6b54512c70ebe1cf
SHA2569ce4a1ac66b6a7dc6950b0abf7040117c107aecf0432ede1d015d45a8883bbc3
SHA5122b2c9a56f77f5581ec3758622ae47adf28f790a68da61cb1759af3ba2c6c1906940d2cc9707b2ab4a2b564096dd144eb4eb453a864e36600a7ff8457be13becd
-
Filesize
31KB
MD5fcc2017d74e088cbac65104c90474063
SHA12b4d32cb48be3cad1f2bef4c6786065f5fd0b733
SHA256cdd3e9f9c1dc7cdd1f20b0d932064f69081e84aa32f1061322dd84d4136ffec5
SHA51283a53d4cf8102131e2d400daeebe700da4964d80262848a72070931ed8046f2831f2bf9d37a53917ab36d25a31efc7f96e19a9495735d9985d32dee4a7afbbb0
-
Filesize
197B
MD5b37b47dc81d0ddd5733d3c3df54a0ad4
SHA1de3b51b3fe652e502ee44061552affcbfe6448c7
SHA2564ee99fa9bbf2dc0c4526df9f10c54f7833fb503b508e6b2cccbe573b422128d8
SHA512f3111cffb73bb28dc43afd5cb5ca6ba2ce68620ec363caeb7b86275def0f06236103f2d1753c731166d222918b0fb059b73fd5d6298a1a078b91a5ac038debb9
-
Filesize
73KB
MD56162f3f09fc11878e4850c1c0ca57d06
SHA1c454f1985b65b8ff64ff133c559ed9528c8cbbc1
SHA2560935f9f612bfd0fc905e86535193663cffeee560a8af83433bd67cd7291eed1f
SHA5127b5ffa2d36938585565954b564abcabd15ea3dae56495b199f09d51bd92421e2f5da26e5e99e6a79dc24b5ab73a155fedc147a347aa4eec77a0d88114ae74f73
-
Filesize
230B
MD5e49a668b90132546b4d746fde6428b49
SHA146870297a9a52118a50b846db083215b3233b2a7
SHA256a56a9f3e36f099d7ecdc2d0f12bb1e4bca34f0c9b6218850a8dc676c29280e83
SHA5121da70221873392cf25856a76f2810a0290c4ffd490cae22bc8183a3b165f645a10a2e47eacf373ff34bd1f4ec7d9352fbb814e52bc84c1bb514bc905c39134cf
-
Filesize
285KB
MD55995705b62f1ca954f74b0a59dcc99d5
SHA1342077d1b46d5bba36e4f0333dd7258f55ade651
SHA2568df3e0528be697ca08e5c82cb2e77131bacdc8f2ed9324d14a3ce7fb8d2c7b25
SHA5125d391cfaa898a0501f54b5a6248b111f63950731427944d4d40341e4c0552692e8178297bc31e63fab4106d30099defa50785565eba01e23bee8215b0fe7f493
-
Filesize
12.2MB
MD55c9a91c44c5646c0d7d2ee4cf990cb5f
SHA165c34751b36fab3d4bdf6e79e34d1e9ad50c3291
SHA256639f445c807dfef8a42a5e1bc0b1a19f82fcf2523b46820c60465bd47d8e47a5
SHA51211f227a0431451e15426e5fd34fcdb69096f50d589762e2f17ff834b32f70d5305c5e707eb61efe07740f2f001405c905a7ebaf5b0e91b4b040a8b14062ede3d
-
Filesize
2.4MB
MD5aaf5e285e8e8ed6a6e428b52728ed18e
SHA189794b8e834a617724f24aa18de745f413221045
SHA25617e49a141502a26655cb3adec68c45ea19491e713eea13b1c3c35e458e77cc1d
SHA51267cb2a03ab2740ed4f10955be1c2b7025f5e16e1eff7814fa6176458cc676dc892dc4b6d53ab0ac94be1c6176916f29b49d9dd3e1dd8e08c002d968c90eaf051
-
Filesize
1.1MB
MD5203009102eef773a714cf83515723b4f
SHA17d3a4941e2ccc42e9d313a5ec2f1f7bad65c1a61
SHA256a8da1bcec215e8b002c4f8da2ddbc340d93937c93c480cd30d42b1d506f77a7c
SHA512919b8badcdb3e1a78b5a96ec81dcacdf5cc9b76bca53d27dc7916700cc1e77e416642338d456345a617118bacc6913fa62bfb43c8937048ae346c1d295b5d8b7
-
Filesize
308KB
MD5c4fe3f03efd3188252caa101f954ffeb
SHA198b613aee45c71aed9d2be0d61d7ace323929e9c
SHA25695bb425be3d515a6a58f7399d44dd9e032baea11667dfdba29517c460171880a
SHA51280018e0bddf079367d3568433a5f89f0144aa0a75286b0105fe32aeeb5d80876c9b2e1ecaafb70fb041271e27a234a2cb88a2d3d160a4aa3768ccfcfc574704a
-
Filesize
4.0MB
MD55faba8b020b313253703b07591d00379
SHA1f5ea546901c3faf60122a4ec2d15a86b916d5d10
SHA256bef3c125122bb459434bb02e763454cc21454257a78e63ceabfb5b347d46efd2
SHA512b23f0df210b25996953e51ceb2304bd85aaed33c41c75ee1577f6d76f37bbd2a2e96be0ba7561270e23b26cf0db2c8ae60567cdf91fbbd2d0577ae88e9ce3939
-
Filesize
47KB
MD5cda2aa5f7792f7f6989fbfb976c76107
SHA16f1f2a75b11689adb68175d2b382e9cdd435d395
SHA2564db6e6109b1771f966deba62abdbb80300fb7d154266a2fa8c77e2fa6d4abcb0
SHA5120068f8ba909533b2d876e80882a0ad10bc8323afdce405fc273b2c8dcae5f34be76bb2c04ed816c136c8dedb513356af0cd92d0cd832b066ef4c26f3149e138e
-
Filesize
554KB
MD585089a44f0a801bf0df3e529d5dfdfe0
SHA19eaf3133ee6e4f504092bb67ab86241b5734cbc7
SHA256ed785d7a87abc60ef8e9df6fb9a68eeea65f354a6959fdaecd325e56182af7de
SHA512f95542b9357a911dcbbade0545f4121847c5bf64fc7fd01592bef7faa97b9a24af0ccb345893d14462a0bc32d139cac84849ce12ff02578f739041ada2001adc
-
Filesize
39KB
MD5b90e88e9952dc0a930895feab50348c0
SHA1768a2797e6d0732faf54ba3994a804374dc9bf98
SHA256f04ec129d462e1bbf3fa4b8fefacab7fdaceafd4a2ecfc50a677e8c85f7238ea
SHA5123d573d87bab03edf59dad9c30381e1f6da140c016967cfec801ae335cd6eb4d8bc169c03602d457974ce1d61667c13973f7c6ff57881c7ef416b20ece7039f15
-
Filesize
29KB
MD5be6ff0ec680921380c04331351a1ca2f
SHA1164a58758bd929d3f61f5193494dc4ea188c34c2
SHA2565e287e7e884504b524dc4610bebe79e013f0bc6f87fe788dd1f5562b70a6dd65
SHA5128603d539b08c32a9777eb5749ea9707a26a025dee72e8b44a34bc7e5270d8d88004a3dc0625986b4814402a3891ce32d815a27c6ec7e0079638a36b68d13890a
-
Filesize
3.2MB
MD535b10fb121ff7c4f85636c4ac075307c
SHA1ced4a1b68ec66eb8bad69651e8d2d7ea63028f8f
SHA2565b0acf994cd091c5c07d707219a33de7d5d9ce2038bf93644a7c3d8d64de48d5
SHA51214fad63bbe5bc296206656b1b6075167d4d86278e2db7afe5ec68144e7896227a07ea07d93e3a5b042deae6089984ab1ff9f38f80c9c9b128787871d13f28d71
-
Filesize
11.5MB
MD58250677840b42fedee69a49687233d2e
SHA10de289ac14cb341075187170f06daa0f01e9f3ea
SHA2565c307c8e60bfe7e8cd71fa64daf6db2044bd0b7162bdb00c28ce0ff87d352d24
SHA512894c51dd238f0b1bac9a90c1f6c40b838b1121857b3832cf391fb994a83328c3a0a23b3af6e969e57d28939ea74bf31e7d3cc534f41ab26edb3991dad89b5856
-
Filesize
54KB
MD51d2a0d23e35b93464bb5b09e5e4c02b2
SHA104d1a1eed3868433c5b7652ecae0fdcd29e1ef39
SHA256a577b5fc4e3a14ae141657c30a38d11ff8593135e51e55485b252eb821d47e75
SHA51218a0db760e4c4d9c4e014cff5ee0f433b298b65fdeca95b8f5f172b9bc534a1c7f64a1b2751b90e89cf76f41ee1ab468415466d2a657905eca9835e41cae264e
-
Filesize
19KB
MD54266e7bb9bfce998083d2f4f938b11c9
SHA123fc9c4c9de9fd3e71941df86e26c4dd44f2a95b
SHA256e1ee6d29e30708ad5812035626bbc1058ea12fd5503d5a79d28c9cb67fab4a14
SHA5125dc1e769f973aec3f0f766ad7c2364a184b9f71c1266f5e5a874c3e63ca7082e9a2c38346d387aa516e2f23acaaf62979434819697b2695644883ce07bbfd867
-
Filesize
465KB
MD5200a2431241ea2b1bebf61d1c242bbf6
SHA180a6e9298c6ce3af44d7f829d5359534979de266
SHA2565b8b003a86e49e3c4d1c750c940c6620fe6d8f0c2cb4e35b01eebf5899c958ff
SHA512b4ce3565d780a8201a7f01f74cc830e577a026d1002f60c9de28a13491160213dc76831a80265539c8148044db92f9e4fa76b77f86fa82d0e84c93a3b09f5cac
-
Filesize
287KB
MD5ecbfa8c49ca2fa398553fb71dbc3f2f0
SHA1c20cf6528683d7d85d2498bdcb99816466b92c33
SHA256d1ac17c7c60869dd6c974a443084e7b5956e8d3d15b36327d9ded665118577cd
SHA5128f1604ea33b8a6363af531a4b8ce4ce8564a4e18e9c796f9a311181ab970aaa8339c286e924671b69b06fddcbd5580f40faa6f63b21e91124694fcf422b929d4
-
Filesize
445B
MD5880dbbc36b6f1d4a6ca9a73419564776
SHA11b4eaca846ca50a9fecb6a741dd19973eee9e557
SHA2560d111e0260b3c11e1dae2b5328bcfd2d1fb21f15f5b49064bd07e272a8bb0822
SHA51219980cae5bd279216d737cdabc9e9980c74f8918234879b9d5fe9aef1e265cf426931e9db798e2582399272258e18dc04d817b0dad6557010d04b6ff7a715322
-
Filesize
890KB
MD5b3c0fdf5e0c90b2b11ea47ac30d00dcb
SHA1f0e77ea6359b825483807c4791cc802afe584839
SHA25682886475a18ea367f9d409946c8d1ad99a6d926e20a40a6e2ff8edbff0dd3b4b
SHA51270815fbdd030c0b174b186bb59ccb2705c4a9d5e04621c24f9c1e6908d0e223e7f5a3284c874ba9c3a34be92779ca3480eb6cfede5f4e2e40fbae59fb00432b0
-
Filesize
10.2MB
MD5e0f1ad85c0933ecce2e003a2c59ae726
SHA1a8539fc5a233558edfa264a34f7af6187c3f0d4f
SHA256f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
SHA512714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28
-
Filesize
2.2MB
MD5f249e5dd0eaf7ffbcc2843fccce85ef2
SHA1ab7449a0d3fc68daa29f2cce08263fc290c4b046
SHA2567e9c3c381c6a1bf31b4fc75c68a9c2f30ca34d9999291ada1d3eaf0b79618d4a
SHA512be88d39e01828788e5a8b8c436cfc73d2863debf7251b92323d2ca3c02a8737d8edf1c70d24b98a9b11388cb3650129ed46e8134ce3b168a8564e37c3c67e215
-
Filesize
145KB
MD5698db9c6537b8d9dec4869a11355af2a
SHA10d2450a12e0b3405ae30b3c7f5ad233fd6cbbef2
SHA256c471280e5c2b50d0089c069954c84b121a70a7c50a2865b061e6c5eda329e634
SHA512deb7faffb6e3c28616e200d10e18707df229a649c9d16e6db8921c3eec7381aeb977e1308dbd07bbf2c2a839b19de25bb6f8a9ba9d094f1243c3aa2d2ebb3f16
-
Filesize
189KB
MD509da93dd890313c6051e3eb31cab562e
SHA1ca4281451381360393c0abac1029aa4c632b5ce1
SHA25670418cc40f2078d59972bfd5d182b1169beceec2a828a5b81cf6e77933adf6f4
SHA512ad00145b99f09ba25ef886ba89e3339c52d09c8080d0d9cf33707f23091e9bc8fde035ba99be291303f727b99cfd798ec3c77644e9ff46c0c6bf64c8d3e91856
-
Filesize
611KB
MD538a09bcf4160f5b345942462b63c1c7e
SHA1c4de02fecac708d94096d6e3e16cfac3472781e0
SHA2563202f8ca18e49da8be573afdfe3ada8b98b351f8c5f1ec08ee92e8f00cd8d9b2
SHA5121dfc511b0b387db1876989d4faa74bdcfde66714af76379bf768f71252874a6743bb803035a137f87c530d120aa180009215e8ce1020dafbc6f531381e891995
-
Filesize
240KB
MD57eeba1942a05fe865cf997fc90430093
SHA1b63c26c162b77f80bff2fad565d07b34c8051310
SHA256baa987629e36f324a77a8922ddbdea7652a3ae8b5eb55a0f03b475facdda8293
SHA512e466a02df89336002f2f2cabdc1b9f208c150702c5e1b1679d5012fa791631b99443e25867940e5d60e812c64874a5fb2847716e6712ea6743b6ff8a36cb8ea6
-
Filesize
694KB
MD560ee6404315f42cfd111ffda6d30a1a4
SHA114aafa75e18202af1a4bf23d526d1738f96c4156
SHA256331c66b7974abbd85639c63e9ebf63c62858d5b1d8a47ba52c7bc10715aeebe0
SHA5128a4d858ef96a9cbe311bda94492d6759460f93751a79dfae826fb6b63748626134b11e3f30a37e19b6fff1567556d6a3f51d22211885bfad433f8a4451d2abea
-
Filesize
102KB
MD55240566cd1d97774f03c319606396659
SHA17715e321e912f413561e0e3e5f6316ba1ea77525
SHA2569039e7af3cc64ff8d653b71f8bf9a90549ef5f35de6beed23cab336f4e3102fc
SHA5124958b92c632253fd18c2816a3dc288285e92a96a265766679881efac284a8c49f9d49ad5596206ec374506e4341a9e10f5d66354fc8120f29375ed0feffcfb2e
-
Filesize
312KB
MD52ce461340c36cefe018d18bcfa0bc943
SHA1f4116728002c0d1e1667af27b359ac0d90fdf356
SHA256d78806f6c92310172e095240b112bc966c60c7a34eaaf3aac8497ba31e6cd95a
SHA512ca0822cec7e6f49a2d9f8ba889fe28d5309de4b6f25da585f1fb4d10420a815d2817f3e39cd82207fbe68e755ee98a9700c6053d5950e3442d865fe0eb487893
-
Filesize
257KB
MD5a79fdae77d68c47599a2501224a1bb1a
SHA111d3bf27e0e54eab9c8cbba8639e37fd6c2cf647
SHA2568a25fc4b8d29ee934fac2a26f85f98b82eaa4eb5b0ea924a98bfe597cbe7cd71
SHA5125c2941da9cbe7973abe90d25b4e5e56a0bf94d67d43c0d5652859f032146461f9db5b0de5580e97abe0de067aa82bf213ae32b98c90ad1ea3cf25d5bef0743b5
-
Filesize
712KB
MD5bc4c700b7c415ad4c92e3bef4ae7c4a8
SHA1345931d353f78872bd3b516e2252acfd72c534da
SHA256ee3bcc0a396a18e14e6ac1b4f2310cd6118c7fa9a317e67e273d5e2b8ca01d6d
SHA512fd0ca4632c6a7c166c226c8f84f3a39448b3e21e7dc1404ba912470eaaafe2c891e435d5b2c3347a7017aa5bf34fb45cb74abaf1bcb8a2a02946681ec49070fc
-
Filesize
776KB
MD53368204e7ff3e30e61651b6872f7a6b7
SHA1ef64940a8b0d955e4f2c441a967166fa55064137
SHA25665266af2212453cc9cab96296a516070375924119ec55754f41c8053af3d8048
SHA5122d0b4948e191a22837ef2dce2db59ccc12aa111ec378de6efa7281e875e98c9c160adb94b4b373e16744b65aad5c85eb1fef0fc7a12d2cb49ddcabdc95dc6d9d
-
Filesize
810KB
MD5fcae54e530f1c0b4cab64328c89e4128
SHA1bc54613a70daac0cb08dc938ba830a3332bf5656
SHA256bb6107701d4184539f914a33634ae0300d0a9e2deae979b88a3ece53605c5179
SHA51200b32d37822a1bb74a8e7fa22157b5034655c4be523df9060961bc81637b554fa78b3033b51253c2be9312e0caf3a0e30d8794d3593e038b24f8adac87f64322
-
Filesize
1.0MB
MD5e5bfbba7a15e8d989257ab6f4cc65550
SHA140726da19598b58271c650311039ab6f7d7f2bb1
SHA2569d9bd667d75539698c1e1febc4f0d9f37accca2cd0813314fde01df8d130a20a
SHA5127b26b407d51d27c73e3337e8430ecd5e53f07293edbd3865774f0cd76efd615d4d699bfce6c05ab3d44ecab6fae13c80359f2ea94a08ffc1d822d10033b82ca3
-
Filesize
492KB
MD5dd10c97f6c8153faec769dec63aeed67
SHA137fff3ede19be23bc01c4d297372ec2a4f4338bf
SHA256beec5dbddc73c0d80faa6677298f002c52dad4991deb5f533da8f07cef775be2
SHA512a387606c54404e2b07db9541d23124a3d8ccdfe6e3f6f27492f5bcaa0fb5be4de59b50b3fb288c5261d02b719e4ec05ec767e53469ae96e6d943a3bf2920f412
-
Filesize
507KB
MD52fa44a92c2e2304f8180f703e2363d2c
SHA173ffa3b6999acba487a76b77e26d52d10a4ff69b
SHA2566e6e158da321c3914399aabad1bb68f43d907e21c5568c182ac12539ed308672
SHA5123377284037652bcd9a7cd1b9397e0c7acf084c42c7ef5170cdd92c8e1eb2005b6cdd818abe6b9f24c1cea2c10531c1571c351f331da42d68320267197b1d21d1
-
Filesize
458KB
MD518300a43e13aa570e0ddad7205e4c528
SHA13a13f35888d22437055347ec0fd8b2e67cfbef28
SHA256dcf563b44cf1bce09dfb017a8e51da2e5653e834e312e7d9c3a868c4b90b5a7e
SHA512a1c4d8333461c723bf6ec51622759f9a7f3a89ffe03f63b3223d296ff99ed926d2836c819b5ac4da2cd33eddb8adcabcd15a18d5c9bf41d399da17c9bc65702d
-
Filesize
489KB
MD5ef63e015c168179a884821c9db90bfe4
SHA12dcab43076d76cd723e6d01e99fc6ac30271eb99
SHA2564fd6c23374b3bb860a705ab343bea2905cda824953cf2729f2da7c86ef314f99
SHA512de21ce56b1f47fb42b671167265b8d493f6d0d27cde4bd97e1fe6d86f26ca07208a864b47b0d1ec7a3b2163447791c986e71fda255b1702f2f0f6bc7f50235f8
-
Filesize
887KB
MD5800026f5d9237f49835886db2c53b295
SHA18a957b90218585fefb8c11a7d7fbc1e0dab02cc1
SHA256b5e5c07f0a8837eee32bdb0954c1bfd5ea48e069a7fb50a97610457bb2d96de8
SHA512c75df40d4e5be9c56fc3c5d1b6a0c2accf08ff714c62091165ff892655fc8dcfa28f3ce5129adc004b270c04fa3f63188f40320f1f235e90cbc720651b730e3d
-
Filesize
399KB
MD51d94e3d6893a9f8e54962482186ede36
SHA1357a64334864a48d72b7d3ac8969c28fab065505
SHA256525d94f828b967070b72e6043e0b9d1c55364b382be1f040b010b90a41b6a815
SHA5123be8fc06e379df5d6389547a2d3ca122f367d8092c00e87089b23fffec60e6a4a8b1edc281bd96fbbaf3ff02b77548259d44edc93d7e5af46b0b32ce78f2efd1
-
Filesize
403KB
MD5f70ea9666c4b2d503da8e0237c46eca8
SHA1f150561cbdfefb7327b9824fa3a291c792a44d26
SHA2562ba506930a8da5c3389d0616ada76630dd7f41d5cb8ee850f2406028f015d3db
SHA512e8e4b03c6b1e5b7c6ae082e372f903bc78f61fac0c2308e7c716b02ff2f8275eace5f541d7ada90b9fc6d33ede29008fdb3e6994fdcbc736a705244d360eab98
-
Filesize
485KB
MD541a4b6343b952185a4fada57ee9fcbc9
SHA1e2475227c6f62da6f8a1467b2035f89d9741a132
SHA256803dd9d993d27ee7ada530046f6933dc5eaf35af1e43cb678b1f82e41375c5a2
SHA51266824110cff65417d12a46ca3d6c42030038dcf1032aa6dc6062323513eb781778851849f84f37dc0225f951be29bc94534a33f74647910bd4ecabe3edfc44c7
-
Filesize
485KB
MD57d3755aa3480aa469e6172b451ebd0d4
SHA1f91b913cd06aac123678ccdaadcbb4f0cca4a5da
SHA25697ed628a013d27736ab03547e5e68e25392e6b47d5b531d4fa8abbf1544a65c6
SHA5128613d17f6234ab5cc96cbf870e63a6622994b10ab4d135255131ee57b1757b1abdcf26678b978faf49175db183300cbb09613eabac82c6691179479c1bf1bf4d
-
Filesize
439KB
MD503aab03a3d067c79b8ad078af1aff9f6
SHA1c5e402fa5b148f09895bfdce750033fe8e5c3e35
SHA2567b301a55543e15c5255db083b7156a5cbb1bd7669c863376651e7c536a0d3c03
SHA5123fbbf675a1b26e92625f30a245b92c80ab5cccbe3559e4d79bb81b6bde33f796e82e128bbfebfd29b324cb6a0718edaf4fc53be28648366288375fe615079538
-
Filesize
722KB
MD54003031412d00fd89eb2700e6be45b66
SHA1e903cacbbcaeecf37773f1491db4be0c727462f9
SHA2569915278c25a19420b400f28859c504e3f82fc8d44046d769e586d6b97deb44c0
SHA5128e72aaa570652d3f95ec5b963a5fb534826c3b32b0ef88627bd099934ec849516bffa43e3e3cd074eefb53f63ae9c1a9fbc9df533da82f62dd099dea63cd10fa
-
Filesize
449KB
MD51fe6aff5d58a2e9078125a3eba51310d
SHA1bcd0b0afa94a51281558abe598ecd6916def3600
SHA25655fcad7f30965e07a749a79d4e304cb8aff79afc367c6870738b8dbe78ae3ced
SHA512f6dcaa2890347f05096de8f70e0c657b6c4c8bb1e428f3ed4d31c942f214949745afd5216c44a7f5cfa875825dd41c683f1156583646eeb1efab570ea3ae1dfa
-
Filesize
509KB
MD53a9fe4cb75cbf95a747e4a98e9a5134b
SHA11a39f169d11ee06ef63c028a7708af81926d7918
SHA256af5917413713e97363a62aef1909cf7a800f031ca68bbf211cb243032a68b461
SHA512bd2da49b2b6425708206aa4607a1c40c4da68847becf59ed9092ccf16a79f967c58428d2bf7b198bec0441358ef05141a56549572e206355a3bec7ddc088038a
-
Filesize
526KB
MD5c63cb62bf919064b0b6326a0e598da50
SHA1b3b09ede4892391fcfe51288e55d9503b8848aa6
SHA2565b88cebd089e9bca4978cb9df076ed06f97fd5f6d496f6a47ef6d42441726566
SHA512dd51706d7150367303dba7c99029d5468ecd1d57abdb28c1688b5937700547e14d707440b12f2040b4120cbd0f4c4dec67e99f175761b58c9f14581aa0e0923c
-
Filesize
1.0MB
MD5e3074b687e6a6deb35bf1400caffb425
SHA15e524e883b510a67e05b1ceb082f3661b5890341
SHA256b558039d718858f3a15ceaf9c2ba5a89282bc5f6f15ede43a1e552fa458114ff
SHA512489d922276ee9e7f42ca0d003caefd97e62abdb712d678d1cb8e8c756be707a1d07ce080201c6957b529c2b7a9eba26e7d0a5ffe7251051721ba1e44160f8fb0
-
Filesize
632KB
MD53d3d2134b30ef1d443e07250229e2678
SHA1fba103c120d78c07f3000ac7709d3681688809a1
SHA2564dad9b698b48ad90553bc3c82ce8faca6e4f8264ec6ac5b9e1bf2cd20f2ecce6
SHA512c806b7f37d87957904c5f0097fa4951874a115f06392857a482ae50af6b19178acf478296a8859d031a71493960e7b807b6a772fac04bf56f88200d93073872a
-
Filesize
1.1MB
MD5248182b1fe577681f70dda64b046e120
SHA13c3f2726be0921121486f5dee10886b74cb37556
SHA256eef6fc72fe85670200ca23656e69804d9d02d9ef3d0c1ccf7d129d71474ef400
SHA51286365716669d960fb67e96e0ab903e1412a7c5387349b49cdbf8d0ebcaf118c0d99c93df0f166089f32aae2d0b5f2c2e34734506f6558c9a8819729abf7f55e8
-
Filesize
490KB
MD5b556be50b983d7d62a8f44dcb24efea5
SHA16c6840dfdf83a69dde3536e8236358c32b6a8535
SHA256155a03a996003ae7cf7ba22894b0fa479f0fc6a04578baf6a888ff1b2e8473fd
SHA5124dbe58000c5fe799be609597078535f321e62210dbfb6ec6e9613dfd569e04b16dc305e5a827c6706acafd250fe5c00eae2f24e9784ec304ff5d0446c194f847
-
Filesize
527KB
MD510f85e5fede463e2486ed890a561bed5
SHA1bd0113b5573d79119fbb15d053da17fdfb4e2d50
SHA2562e6795aac09546926d93180082a3e4ef64b08a18ac513d79493ea8fa168e9cc4
SHA512cac4858b1ba904d893250028afc8a10bd9ffa99c7301efa0448e316585a2a817db1936edfd325c1d6dbca5fa21af0f0a8f4b8ec0c6506df035d8d582688eaf08
-
Filesize
433KB
MD5e1038c2d0ea1eebfd9e25dae192a868d
SHA16be7fe8751880e14ed8322f7d29794a8cdbc7467
SHA2563134fa4e6e3745d206aaff3d8b4fbc289ca29b687ef1d8f16ff22012efb3dfef
SHA5125dba90a2850b2851314620be62cff5d593a048338cd984731eb4d6e5e77d806296c6e1746b5a7c08be19beca1695ff418d5cc9e1b84fcf5dfbce5e7953a6bdd4
-
Filesize
479KB
MD584030ab6437d9279b2e93a4e83ab5d56
SHA17cde75bf29eeeb84c6226983130e7fad0442f777
SHA2566f1cd9d09ec1be6033bcb0c2efba08a961214f1d6d7a9844b88e7d612e7a1860
SHA51286aefece3ac2862144f997ab3e69b9aed98be5ba5e9941baa02600ef63ca7ab9099b6e083f3263d077e4cc014df308ee8231c0268c06ed846f6c59f6f2e6460c
-
Filesize
585KB
MD5286a4d7ee7e011a524e8f4c70592d1ff
SHA1f62452ecbbc5633bca65c6485dbfe9467333c290
SHA25687831c3227dad088afaf94a2dd03dc66fe14aee7c2e031c7b7798ff4b11b30d7
SHA51286bc78f53175372dba41be8ac4867f45e2d962eb3dab5798d9a71a22e450f6876d335fe347d07a86621d1560aa0538aa3c2180452f72076983d57d9db48d4c1c
-
Filesize
1.2MB
MD53638bfec55b3e6146eaacff7edac9976
SHA10aac7b431980d1df51170c2ab5e5e960604364df
SHA25677b514e529b8aba4da86653bbfae0fdf3fc4eee0d84caf40530a23bfa58d790f
SHA512477410a6ab9db7b74e82e5de5101fcdc13a42fa8c9a9437419fbebe66cadb9b57d61930a3938b53135d90527419f30bcb5381997cfddc2cc51f65b121b5d5482
-
Filesize
494KB
MD5bd258202d84cb6cd398c38eb444d7c13
SHA14b03cd62fd99f107dbac2f600130ab070cdd7e64
SHA256d1e47481b8775c11c7b4b42fd73c7fca614e16950581e892ea739def6cc9dcbb
SHA5120a0ea62530b9e8486b8d081057174b0bb6211f5ca4e23f1db4ff7316d252f4c1ab09803c33368b1c068045341d35977b1fd8d6b18efd068928b170d7adfe34c1
-
Filesize
532KB
MD582c786051cc71dac807c37fca436a91e
SHA17c663b0225b90bfb1dac4cc10f950349c0281b89
SHA2560050421881174da761b3177082de0862eeb1f20165169eb057ee74fcbdf95eee
SHA512dc8887aeeb5d2f88f5ff01a2b417c7f8d471ec386adeb848f4af2af32c97152eb9bb50f7c78ee9cc216cf64821f761c2a25367e96eb2064e4ce2d00021c7fa4c
-
Filesize
529KB
MD584509c858c9da5347db91821960af8e8
SHA12e4edff02a0e429a9f4a633cbe3877e5ad7bb38f
SHA256624c7917250b498c2e643421212989b7dfaec944d06a5a0954568f8e9e90b0b2
SHA5129aecf65282432c8b7bdb327f373b715a48438fd1730bec5d2e27270810b5ec880b98d13e8f4a0586a420a42b700feed50abd844fa7e3d655bf9f723bebeb8365
-
Filesize
1.2MB
MD53f2d7238334e87c1dd28508ae42ce499
SHA1f368408c86e61a2fd972876f659247dc4f1a2090
SHA256c182a95c3b75b2bc5795bba0af6badcb2588ba2d84cd68925e75cf5ffc0168da
SHA5125f0ac10d7fa2e6fdb0d9f8fded6f055febb1a3926013e28db108f8f8a8ab8c24216329f1d4b0e8bfea6da9220294cccdddfab810e60253455e99d52ae26bfd44
-
Filesize
1006KB
MD569217e4bad9444e0b36b9dec6d13587a
SHA121d7c31c656add29346bf61cc5f01b99cac4c24a
SHA256ec720a494da509c7f6d6581bf83a7194d20a4da8fd260c4cd5590399506fe89a
SHA5127821f7291cd3fc1fcdd5a92cd189c5238fe2bd0806f58c2e6786b253d4f67924bfa63542511a40d88edc29418fc70db64206edbcaddd5bee0c0978200397123e
-
Filesize
455KB
MD57321194b6267c9cdd0bda30e4203b859
SHA186a4f9299ed0ddcf70b44aa65427a752af2dae35
SHA25647f77f32d6f18d95c15c0e4c04df8ba1a05784c8c671360aaf2db487520ddcf8
SHA5126a831e9afd3d50c698b1e6ddd18f6ec95bd07bb8d3f4d6cfa9a19b65371a430c5c63adb5276f44d3e9a7c2b4e1502f239ee793ee5035f60f57988685a918c110
-
Filesize
442KB
MD5bd58803d4cd991cc7b562da68428867b
SHA1fe36b791388d2a1137ab2377b72272fc8dacec82
SHA25643fbabc2a7b4ab2dddd00fb511aafa241a9905af40409b7c3f54210b6152302f
SHA5126f546f39fd47f81e73bc1de8e105882c91b56d32d6517ac115401f173c4c7202d8db9de72bd131526ab54feb3aa3745d8550c2f993dac211b14ee99d71d4801f
-
Filesize
456KB
MD5a17f9d1ecc10a7da391a2fa71220e123
SHA1025d8fc0ee1eba270973fa2ad2f10701bbd708b9
SHA256bf1b04e7fd896333e4e2ffbc411563d5de30e4c241e3f7e0c60548af1310bc1a
SHA51247079ecc377e85e907ee779a332fe6dd8e66beb39c94dc0643a8b5baa400b97285b42d727ee32efe88fae26ff59e18671974766e9ed9b744bb7df11a3c5e74b9
-
Filesize
510KB
MD51e6a60b03abd6dc4f8c869dbc774b680
SHA1f3d02e9d34dd05bec55fb69846342282b32ab405
SHA256cc4775d2d1a1751cd6ee4de5adc7d4a13b079e7b132898595cb2865e0a57c823
SHA51254c2d9eabc73ca873314336df35e5c38302dcc78da5194b097cf16c0bcf3b64ef4a9bf7230ea7367b23fa9785d1a2b94bbccdaf0f38eb45b3b4226f32be5a2eb
-
Filesize
480KB
MD5fc5c376e32878058c7fb3dd691de3338
SHA14791055d548d678c76fdbdd50c412273cf935630
SHA256e2a95144584d124e754f20c743ea91ed31f96d375bd24df8b0df3c411c6e08b9
SHA512ebd545258e4c4d1448bed9a94c5e0527df06527717b0f19edf83866673705859dcf13c53af8e5151bf50da024128da28f1d697a51ae4fc4293c9d9e55dae3004
-
Filesize
481KB
MD5c21418f325ad1b9d86b7957b41ecbeef
SHA127fef99b33f81f53cbb63c326aa386957db177a8
SHA25698e2b6e8c3e67da3a2069040330461f0a4b6feb05c6d3981d07b748ac191182e
SHA51255c340510d92b938d2c696ed5c73ee3d54e9d931cc97ac2f425a83e4a25b2ebf48aadd8a06fd24902365da3ca2376f36c5339d8fd4c099aa3da8cd150a8328fb
-
Filesize
500KB
MD53f570679307286594588bcad66a13f8c
SHA1dd3d0a1d51ed81e8620b9625ea5d43ad513d58e4
SHA256f916fe52080eaccab979a8b527596e7196acde3aa90b1f836801d9f7b90df1fd
SHA51211eac14c5a26810ecfe9130ddf96732dd567f222499ca4c7a5cc363ba4e29683569e9abf37f4fe695553fece3dd9a97c57a84376340f33ac7b463c03f14a3fa8
-
Filesize
817KB
MD57cde65967d57746972a785d73223a7f0
SHA116bddf07f603fa4281335a9f6c60e543aeefc0de
SHA2562d4583e3bbe119224a4dbd80ece065a978890d294d0bc1f3948a10c33ea7f06d
SHA512c4e9a364bb1b36685d03ee7e5f1e847d99fb875151023c7ab2da446ad5d91bb73fe84622cb46da3b544854cda755912262260b445667da1d018f597f52653bf6
-
Filesize
516KB
MD5097248216acaad35198b979dd2bee4fb
SHA1d8d51024575138afa55217960a623469a7e65cb4
SHA256c7609346fc5d8cf34d3f6e6b5fe4366f6eac06731e14e6453b7820f02c21b635
SHA512777aac33755b874e853f5f2189babd99d0d9408d182e4094f27af26f4d451d8ac3e6efa6892307f90c51df7008394f713d68efd76ef1963b8593c201031b8846
-
Filesize
495KB
MD5790d7c9113c73b8a0274a1b5a43fd7cb
SHA1e1ed463fbd33e0731bd0c27acbe6a72841643e23
SHA256d56f8cc78078bc7904203c078425d7e5ca943509e6ccc87947eb866671e5be7a
SHA512177903a73763eca159cddd45a7b24b01f8a8867d4edc2befcdfbffc69af8191f6f476b8d6ebe0b0ff330343f005478fd375bb083288635c1849bee01ec12edb9
-
Filesize
764KB
MD5ff5e1f8f679fcf45ace4b095d23841d0
SHA1dcb7cc4c3afe6a4c9baee3cf7e2c900f530ce3cc
SHA256b8d0bb2ef02f21acd435e4e969bce77b7b3410263763d2ed76a2fa73120e5e1a
SHA512fd4940cc1e3106eb73b35ce13a63556e5eae05fe03139dad255472d25d37a223f25fac85e5e45b468383edcb174e3d8bd342574b0a55ddd27bb530a1ca614a2d
-
Filesize
444KB
MD5bcaa22655669b60765b38521b21da875
SHA1f34e37dfdb5521ebc332a52baeab8c568722ffc0
SHA2569ba97cf45ed07f4b8b3304c55bade120fd01f6ef0c2d7685765151c40b2b3acb
SHA5129e8d7d7d58ee7ef352d850ec14e22f5017c0059c66d7ae7ac7b3ae26a0c5cb7a11b90318e5cf189e2732928f658868fd5e13596369513ae45926e9dc1c0e8ae0
-
Filesize
469KB
MD5a76199fc5387610c34c10fe432de8ae6
SHA178beef278932682c53755d2ef2ec7bb702920fa5
SHA2568e37295c46adc0afe92ca7f4a1a2ed52a97e14423d11eb05e8a14b543493195b
SHA51268990913627bbe34292b65074f24f399c0172282cb6b55a631b2aac1c2b12109135192f8eec22be5e533ebb25a590a69d91caa4c8bf304a2c26e512515610eb2
-
Filesize
1.2MB
MD5984e4341b5b8077e4d0c76fdfd14785f
SHA12c41c6f0844c8e321120b8bd5808594ca686c03a
SHA2563683217dba2149b98f418cbe50920561c6dc7d702a85dda98efe8981da669585
SHA51229823eb9c37d7c26324536a50fc80ee985995be8f0e59b57794c965f3b06b3e8d1fef6253b9afb4c7b8ad89386ebdeceff5920288b8ff7d5a59e626e4c9ea889
-
Filesize
1.1MB
MD5ca628239fb9568e6badcdb848bf764de
SHA1c2d6324d2605a9e6186cc7e8dd7e341bd08010eb
SHA256294f64705018a555ef7d76f82dfd783fd81d2bcd99d521841be0f2d887e4d3b9
SHA512859d07b604081925f3277d49586af78299313ddda6abe280dcf3f7be4d10a1ac65ab23db61d9babb35850fa48ef27b9aec942b049701cb251bd7c0149dc655f9
-
Filesize
944KB
MD53c92d82202b5169d4de9dcee45708772
SHA14a7025840bcb20955c655528d23d41c155ba8fc3
SHA256719d26daf93fb83bd66e97984cc907a55210e0cb0af3a226bec535451d38fdb7
SHA51294c832de7b33e69ca8606d79ebc6a0b0b37bc61ea5e5be223bd639b9295300a9b1ba2b75860949fa7d452122bdc81f402bb8091035e79d5b2761566432ddeef7
-
Filesize
478KB
MD50b215cb173e45ca6b3c5b117380249c3
SHA154713fc7a589a39fa51b0b724e3b79f6af82846c
SHA256c85fc7d5f699150c5643702e694ba82f94f0e630730441223a214a9d9437242d
SHA5127a62fdc6e19613192d4d80f7e59aacd8250181f92766603eb92320a1b9391781a7ed4f058094ef5b91aa42cb92a802b37bbcce95ffd67f654d9ff690a513a497
-
Filesize
817KB
MD542f48e833a462cacf030bb0a0e9f9439
SHA131f08d6fec67b2c296ebf2dd2193fb8d4ecaf7f4
SHA256dee2afb40fa3b7c6788b6d8e3a775953b9b0589a131841ad9b520f580cf92881
SHA512e24ece15476c9fd77aa84c7139823bce7216fe06e7f8040db94cf46220cbe431dfd634696165950621961bdd045c0365287693b807f54bdfe5f28d56b6365f64
-
Filesize
567KB
MD5844b68e44ccbaac773f36d442e59a339
SHA1915354dc412fd0d2a60f99520462720e7796b6c6
SHA2568b98769b3b97df10ebed4f25a0b115f2e0b059e9adedebb96c444a71e2eadf17
SHA5122107bf5ee8317c7c7e9b279255df376e53eeba56185071168a8246bfc50aa738329b2886711164eacd877c7f0bc0fda7137f766be03e7fd5d3fc3e93f7df60bf
-
Filesize
409KB
MD5917ab791cb4d24be5f369956cd059e21
SHA1433a3aeaa06d6066ed55718564f5980e8c6d3ce8
SHA256331e9240251d1191c599b09230d7ca9f8b11e51e5d94ff8bd63108512c0ddc58
SHA512969f4662eaec6e3788fcc5823446135657b6816cd2419d8a3839acb07bee629d3c9ef69b2bef48856e16975fe31b7ee5d0d390ce4fd121a700d096348500b2fc
-
Filesize
405KB
MD5ba9709f6d6363aa06a4838ac8344e262
SHA13544dd9c7ec8720c3d135b5df32e71f4b1c88983
SHA256b81e24415243f7470f714379363157f2bd7b2d22e203ec5966878ed4b68140d3
SHA5129ceb5e9340a3a38507419972754563823f0b3f808b39e17d78d8a18a171231100ed2bc0c677a75da16237219071996702dd7fb8a6a6dec098e69bdad0b3dbf40
-
Filesize
326KB
MD57ef7eab654df53e087ac4703c9ea0b16
SHA1743dc76d168326b60f09347945fe1342a6effc4c
SHA25613e568fdcde1b7b7f2d1c97a474bdb8858f5ab761157f0fea7201ccecf84b9b8
SHA5120b860f10c03acb3866e82fd6044c29d63a2c6a1d5f6628f3d31f1cd1e44d7144e3660df3446b7a0b76b7811b261675e5aa39fb27efeec060d287fde3e630edd2
-
Filesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
Filesize
36KB
MD57667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
Filesize
670B
MD526eb04b9e0105a7b121ea9c6601bbf2a
SHA1efc08370d90c8173df8d8c4b122d2bb64c07ccd8
SHA2567aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157
SHA5129df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68
-
Filesize
212B
MD51504b80f2a6f2d3fefc305da54a2a6c2
SHA1432a9d89ebc2f693836d3c2f0743ea5d2077848d
SHA2562f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6
SHA512675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94
-
Filesize
15KB
MD57ff5dc8270b5fa7ef6c4a1420bd67a7f
SHA1b224300372feaa97d882ca2552b227c0f2ef4e3e
SHA256fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1
SHA512f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef
-
Filesize
310B
MD557092634754fc26e5515e3ed5ca7d461
SHA13ae4d01db9d6bba535f5292298502193dfc02710
SHA2568e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1
SHA512553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a
-
Filesize
15KB
MD593216b2f9d66d423b3e1311c0573332d
SHA15efaebec5f20f91f164f80d1e36f98c9ddaff805
SHA256d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb
SHA512922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32
-
Filesize
17KB
MD503b17f0b1c067826b0fcc6746cced2cb
SHA1e07e4434e10df4d6c81b55fceb6eca2281362477
SHA256fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b
SHA51267c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2
-
Filesize
78KB
MD53478e24ba1dd52c80a0ff0d43828b6b5
SHA1b5b13bbf3fb645efb81d3562296599e76a2abac0
SHA2564c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904
SHA5125c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d
-
Filesize
14KB
MD5e33432b5d6dafb8b58f161cf38b8f177
SHA1d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a
SHA2569f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183
SHA512520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf
-
Filesize
113B
MD538b539a1e4229738e5c196eedb4eb225
SHA1f027b08dce77c47aaed75a28a2fce218ff8c936c
SHA256a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2
SHA5122ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc
-
Filesize
279B
MD503903fd42ed2ee3cb014f0f3b410bcb4
SHA1762a95240607fe8a304867a46bc2d677f494f5c2
SHA256076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1
SHA5128b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857
-
Filesize
15KB
MD5b2e7f40179744c74fded932e829cb12a
SHA1a0059ab8158a497d2cf583a292b13f87326ec3f0
SHA2565bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b
SHA512b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c
-
Filesize
629KB
MD573b3daa696952a00a7f13f9914944434
SHA1161acc05228703462838d28b211d40c05530d999
SHA256bf6ac9756c4443c67b23b6f881fef562b1635b7ea7f5c8095f5837fa1e8f1c9f
SHA512aee071a1dc76bc98e51ebdabdb4824d0e902093ece6547d67384792ed597c96f18e5477c2edb34673ee17e8301d3efc7880b3e838f54b9aad81c264c11fbf5a3
-
Filesize
324B
MD51b456d88546e29f4f007cd0bf1025703
SHA1e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6
-
Filesize
200KB
MD581234fd9895897b8d1f5e6772a1b38d0
SHA180b2fec4a85ed90c4db2f09b63bd8f37038db0d3
SHA2562e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c
SHA5124c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16
-
Filesize
411KB
MD5f5fd966e29f5c359f78cb61a571d1be4
SHA1a55e7ed593b4bc7a77586da0f1223cfd9d51a233
SHA256d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156
SHA512d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be
-
Filesize
20KB
MD5a1e3293265a273080e68501ffdb9c2fc
SHA1add264c4a560ce5803ca7b19263f8cd3ed6f68f0
SHA2561cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f
SHA512cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece
-
Filesize
80KB
MD5c3e6bab4f92ee40b9453821136878993
SHA194493a6b3dfb3135e5775b7d3be227659856fbc4
SHA256de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6
SHA512a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895
-
Filesize
538B
MD5ce144d2aab3bf213af693d4e18f87a59
SHA1df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa
SHA256d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3
SHA5120f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe
-
Filesize
412B
MD5ea22933e94c7ab813b639627f2b38286
SHA1c5358c5cb7fb1a0744c775f8148c2376928fb509
SHA256d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20
SHA512ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964
-
Filesize
15KB
MD56db7460b73a6641c7621d0a6203a0a90
SHA1d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3
SHA256d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd
SHA512a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852
-
Filesize
15KB
MD55ceab43aa527bc146f9453a1586ddf03
SHA188ffb3cadccb54d4be3aabf31cf4d64210b5f553
SHA2567c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0
SHA5128a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e
-
Filesize
15KB
MD5ced07c9db242115400e159d9a02bb7b7
SHA16f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77
SHA2561318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90
SHA512d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70
-
Filesize
15KB
MD5f3e05f142e742e25a98d4f5af3ae0623
SHA188363e81ddef700803f4859d2f3f0b4af516bbf3
SHA256d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424
SHA5125f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a
-
Filesize
1KB
MD5dab2c4538a83422b5deae0e0de9b7a30
SHA178c2ab2271aa4020df1e0289bc3c1ba9a43fd424
SHA256666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89
SHA51224cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc
-
Filesize
1KB
MD54aaf83d2b3fd56ad806708e60474df39
SHA1144777a265879b69fadea3eb3ac6939458918578
SHA25684e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f
SHA5123b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304
-
Filesize
575B
MD592c2bf222d6ab81fe7a0c072bf31c107
SHA18853eb08a2aa3e99fae6dabb9cff6461704f2a2e
SHA256bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709
SHA5126548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7
-
Filesize
112B
MD508fc39a69fa17e0f529915919cea1633
SHA12966a3f739698e2ce368585fb7f6ac4eae4497b1
SHA2562599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95
SHA512f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805
-
Filesize
112B
MD518fb6465b029206477d0222e8da6fdf9
SHA1b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b
SHA25657aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d
SHA512f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f
-
Filesize
19KB
MD53bb85d2c8cef28c89a2d07adf931e955
SHA1596d13e7742455afce8a534382b28cfd2f6aa185
SHA256b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b
SHA5127075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730
-
Filesize
306B
MD5ae2c73ee43d722c327c7fb6fdbee905c
SHA196f238bf53ac80f5b7a9ad6ef2531e8e3f274628
SHA25628c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf
SHA5125a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b
-
Filesize
214B
MD5fc2a0361a751177d3aacdba9c31b2682
SHA10a8f672d7a8777d1106e3b8ee36bd6e45bd322ab
SHA2561a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd
SHA512a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb
-
Filesize
9KB
MD57a2e5c21140aa8269c2aafd207f5dbaa
SHA14e0d9e7e1b09e67eba10100d73dc51623517821e
SHA2563d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35
SHA51263f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde
-
Filesize
15KB
MD5624e84e9b49bc150043aa9fb0eed2822
SHA1f23f2a4ec609e3e9cff9319533e561968ccabb22
SHA256c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1
SHA512288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460
-
Filesize
15KB
MD5b1e53a76b6ddb3ecff52bfc1a8e5b09d
SHA1012b5879e879fa25bf48e4bb62c35ee829eea571
SHA2562da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0
SHA5124369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68
-
Filesize
192B
MD5e50df2a0768f7fc4c3fe8d784564fea3
SHA1d1fc4db50fe8e534019eb7ce70a61fd4c954621a
SHA256671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396
SHA512c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998
-
Filesize
176B
MD562d7f14c26608f8392537d68f43dece1
SHA1add4f30e7c3af4f7622e6bc55d960db612f3bb0a
SHA256a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d
SHA512e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4
-
Filesize
153KB
MD5c1bafb46e0073837294968e0e2a1a8be
SHA1a7a03632199e61f51ce317514c52e057d0e300d6
SHA256d7620e5052fb81ecece72ce9fd923430b4eeae0018c140291f6d70ab69d354ea
SHA512b3224390302b23b7b96f405de1dbf8db566afa75b7424959aaa500abaeca0dbb5c17919d808ec5570ab91d6851f0b5eb2f27b6a74828e69d1288ae5a77777d75
-
Filesize
26KB
MD57dc7a16b5e42818c9249db888ca17075
SHA142f6b065b90017078fca7161cc4c26ae530dfbdd
SHA256e696f4f231acef534d62ec9d99a3f4fc7b74a1c1deb3f9bbbeb4e94194bd9747
SHA512f2706e0bb348a691d3cdc9d05ff4f71979804628547a41386aab068b008fe4933b8689500b5e45abf6afa6b6f1db3024ade2846659b2664b37b724fac5416a74
-
Filesize
14KB
MD59fb07e066cc2f213a64d35a97a8c2922
SHA1a70db989f5c562bc69caad89a1402c8ad7c9b80e
SHA25665e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90
SHA51281680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c
-
Filesize
22KB
MD5defbcf66edf5e18b0b13c8062fdfeff8
SHA18c807de19b131831b72325455f1bcc3ead0a09cb
SHA256a9d87275086fd2d700d588f45c3121eb6a75c64a2e6c4a8714a61032403cdb03
SHA512a30e142679e942932d82fb8179a9f8ca2cd5882577de64e8e4c38eb84c99e359235346c35b6237133159288261b0f6e9032dc6b14f512e2a431f093187e1447a
-
Filesize
22KB
MD5412ce0feb5a656c908775da52043c31d
SHA154a35431dc77d66fde2c828f10372142926b4c47
SHA2567db48c44d717c50011a2fe2d8f5eb0214c817c7eef5bf1f656feb70270a53458
SHA5122209d911c91d21ceb44a8e9375fefa9b5ea55cb800f49f709a7baaa56d52a94f5711fce850d880394f6ae78d23d0e3f1a5727514b970f940d0b670e2e978a997
-
Filesize
23KB
MD52625613573f48fa7eaa813d7fc16b63c
SHA1a57a1cd71dbf2dbabe8bc873839adb2005f54c7b
SHA25608062a8ae430d89af04c9d090506dd6e380490387eb2909f356a47c01540b271
SHA5128a443771fbea7708479412c5d6c336e5e74745e097118712fbecc279277ecc2ff693ddc8e576f91c6b61ff658d7a576cd37c5b084d5116bc9606434fbfc4222b
-
Filesize
20KB
MD57e8631459def09a456900fa9d3cba360
SHA1b5204153e26b303598c473e7e92b01a87818787f
SHA2569620d50148651dc75d3741eb12a8a23fbdeb5efc29f1be24842fc37d01b71f8a
SHA512f813863475538f763733b0668f3b5cd7d4b6f7132c1a9df3b4665907fe6280d6d8c9dd4f6e3e06bfee7f90a2a527f7cd66bd647f08b8203664395f31321cf84b
-
Filesize
21KB
MD5444e991f12d84ad04baf6c8eeccc7a9d
SHA1f4bec5e01161d6f5cc9107f2cba325cc9b0ef325
SHA2564b1f6e0fbc834a783ab8230e678bfd1506ae6c18b0ac0a5bef1d8344b5b2531f
SHA512ff61397322d86f36a225e9be7444c643e2760a556311c97b230583b0b2788208d11f723e500c3d291d55d076b5cb0a52d92b50a8b1fdfe348fd61341b915f855
-
Filesize
25KB
MD5cb5797745966bfbded96d28cf53e2f93
SHA11cdc380338f076c608a4143cb685e4cab2bee916
SHA25625fbeecfbeec0b2a8ad45f8b7da31c4eb6fdbe413f46e75f40cd22d874c8f7c3
SHA512f42ef0a3566f02a4487daf50725c186a0cd8c03850c569eb0cf4134ad2c2004135730ff8f672207bf12837980fe722c4581bb0c6c1eea5dcc9014da5719901b7
-
Filesize
22KB
MD5299768cf839ca0926344233731549181
SHA1773aa661c5bbc1a92a41b2f02e59bf1d78b4b142
SHA256883cf4af6b2124bb70f51d683c7a1f4b3cecccc4ea61163b8c4ea967155ea839
SHA5120de4317aa9139b415d4d10aba7f64cbfe39f0417e2d19dd8e69ada7d0915a81f71be242caebf5e019a2638d6d0457c042493c80ea0d24c2dd43c18bfe76dd2c2
-
Filesize
21KB
MD5c61810a689ad52145f3b644b3e4b01e9
SHA1ee7f7229aeea4a0ec6e18805b69d0ff928afbf87
SHA256c5cdf3696ccd6e3e600483836c81b290e5270984fd7ca12becafedea42cd64e4
SHA51279dcf55c6ac864764fa4c614667053c99cd37f408b2b573ce18077fd09ba70877b3cbbd1f57b680ba6e9b5ed5a4d257f11d12c67a0b56dc9a099bf2584e0c393
-
Filesize
21KB
MD5f7ec10775c6fa5d5ab49531ec7910ed4
SHA19d3b8f8474328725097de234a961b32b2e1dc9ba
SHA256909f5b1bbfd2cc1779dda1bf4f481c1d6ae1e1af3d9902c1518a535962860668
SHA512d7d8ea4c15d54d9e4a2b75e4962ac9b81a316d23803c64c8925ffe6348b200fe21d445c6a0b0bd1a5b0a7e413bd5f5ad8935ee15cc56485886a5f4b29e51963b
-
Filesize
30KB
MD5a7748f70870a0f2cf2e5804d05f433fb
SHA1ee74469bbfa6e5d04043dae2a2cdec1a777c5b28
SHA256f74bceefe2a7e7d39650128096f9b97aca5e929fa67e451bfa8238d7b90cea34
SHA512122025652c05ba9336b339db79b925b781862a635cdb0c8d5db0adacfeb6e0e43ef85c283d417f119d8622640d0ed15cdc6d915749ee3cc1a4f89b062ae71075
-
Filesize
35KB
MD5bfb84603722e804e4697a52285b867b2
SHA15840e5e93319f981dc0f6df4c7d7be23547f6655
SHA25698f156d8184c10d504189eab0077aeac8687e1d6714d0bb228704d660e01446d
SHA512e26cc6ab7087a252471cd6233e3baa9d9a66c0a7a0b3703987b31ff4f91f89d00854d8d970f3090b2d90155d5eb5f724a096badddbc6a4dca7dd1a53fad6ffd5
-
Filesize
21KB
MD52ddee14b7986e234a208189d650a2e4d
SHA1ab60bc9393258e556c7ac20a8d68f632ad44ea6d
SHA256fd9c690e597fc7d8b3bbcba7e39816087c424227f89bf3107da7d16d444fb3dd
SHA512116d06a37e836d4f48b59aa9cf4164e1ba4abc081e62adfc6f3c8d112f46b57c060381dd2fc361fb83a162ab12f915408df193bdac405490e3014bc0effecc9c
-
Filesize
24KB
MD52ffe813470cfedf7384207e61dabf1df
SHA11673c446a89a41afff299acd0f74b4df65cc29c1
SHA256e666975aa6894c7d5230eb44a6ee85564cac7a51188ed05b77059beb60545ac1
SHA5123288001e68c5533ae092460d7bcb20ca42c37c04fbdfd412c1046ba41f0582ca3a135f136303125f680165c401536b9bacf6d6435e10ec1477d7f9b45942c34c
-
Filesize
18KB
MD51eee99faa98b0385fd8077acdf53e81e
SHA13191f6c03d6fd3b4db1944e3e7b3a8b85ef20dde
SHA2567d245f9271426eb08f976a83e8b229e9a830f51674e47b6bfc2181716ec0ecf5
SHA512d2c116c7c56d7fd6154c2ab856adccba5848ba1fe1ce5ae38fd740e388cae77f095feaf90d4161527a4b3c99c129374156f85033c18f3293defde33f78708691
-
Filesize
18KB
MD53ab7d825111b89950d8ca4b3da1c00c1
SHA1cdf4ec4344598ca9593665465497d370a35aa178
SHA256dd286cac4e14fe69877e4c2f35eab8352de125f7dc757f47e4fc8329572460ce
SHA512ac0c2dfc6a963a88657304c83d9f00cdadb5735f208571e72d43c410d767ff6c2cd05c4fcfeb5d4c7f8882e079608e8eeee8b1aea1e2cb6442f78cafaa8ffd09
-
Filesize
129KB
MD5ab3ad690c38f9d0612646681efe6efbb
SHA134779d1b8be65f5cd40db5b988209971f0fa1805
SHA2569bc49d5e127db360f35c8f61e66f482cd4d00f5feed6e13410562430f1b22065
SHA5128f5a6bba4a78b5ab6fe1a66e7199301dc63cbe737b5f68eec4e1db7875391ca9bced61a04d98be1ca0240445fff72034e14b7969335ea81a1f136dd2ee6e33a2
-
Filesize
12KB
MD536c81676ada53ceb99e06693108d8cce
SHA1d31fa4aebd584238b3edc4768dd5414494610889
SHA256a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38
SHA5121300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c
-
Filesize
11KB
MD5959ea64598b9a3e494c00e8fa793be7e
SHA140f284a3b92c2f04b1038def79579d4b3d066ee0
SHA25603cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA5125e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
Filesize
3.0MB
MD5d1aafb4ca97f043010b8772acc7fee54
SHA1aa4612976246f1fba951f24929de236c828c7cd7
SHA2567e3933eee407c42b21a578fcbff4131656ea23e3ba80127461539168c2f463fe
SHA512d4f685d5d29a1f930d2244520e9551221f0b035a8eeb25be20b96b59043508380f8ca9c03a012feed1914f76779e13564ac7a8e91d0547aea823c1090077a97e
-
Filesize
24KB
MD52b7007ed0262ca02ef69d8990815cbeb
SHA12eabe4f755213666dbbbde024a5235ddde02b47f
SHA2560b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
SHA512aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca
-
Filesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
Filesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
Filesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
Filesize
6KB
MD5ec0504e6b8a11d5aad43b296beeb84b2
SHA191b5ce085130c8c7194d66b2439ec9e1c206497c
SHA2565d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA5123f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
-
Filesize
424KB
MD580e44ce4895304c6a3a831310fbf8cd0
SHA136bd49ae21c460be5753a904b4501f1abca53508
SHA256b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
493B
MD548835ec9faf50c547b25adfb99cdfd2c
SHA1ec1075ed8fca5a9c48b672345f0aafd4280b6055
SHA256ee4aa05ab4d06c7bf5b6ffa9cb5c5bc2d4be593a0f4030c6f2934f283a6641f4
SHA512a6934ae9d66cc5e6ed6863518b1b18571ec6ac3e72a15b2f99a33505bbe9b8a935207364f4a0f058f0a68d4b5feabf4e662d7466657995a280426a14613833d6
-
Filesize
92B
MD57e629b8fd876f7d8d03a9c441f488bf5
SHA1f84e248d0fb7eea49df5071e2372c0d639746f3b
SHA2560dde7642ad1021f2ed95ad10e508c86313fe6c33c75fc3724870916fbe61f0b1
SHA5128bf0ffb1fb80dadf4d16c6a94f2653bcbce06b9447a1a179ca51e594881afa334ec42ebc8ef89e38ffa7c7d81bec1765921cb211939f36cf5d7a0401056f6b99
-
Filesize
57B
MD5ed2d157a8b231e8fae881d1b37273913
SHA12164d59122893eaabf44ccb667b15cd4d6da66a0
SHA25605621534f2bb6b7006227641827494b581d59cecc2ffe5d1e7c73ddddbc37763
SHA51298440a2cc950d79f2863ae1fbeda7aa00d5f9f5cbc4ce134d0dcba2e3eb7a8e77abfa8e67e424fe3959cdac218fd0950a513430db6dd211dfe6477c7377725e1
-
Filesize
119B
MD5e851b53c89348c496321af2d06926b14
SHA12d253d4ae82a4f38dbfa4d3b6ae352584eb3210a
SHA2561e5e23341e87a2a483d3ab27548e387976b5787d00d89f897362918218d63ed1
SHA5120b1bbe713bc70946db7ebd74a5fe14cb6ccb42e83c04a89ac05bdfc173346cf9ca3454f6f4cc2ecb9cda96da708c34351b9a08ec7e93a9902c7d7896c7e6ddea
-
Filesize
1KB
MD5445eefe93f0feabe16e9b542ad70bd6f
SHA10a72c47793b551d649a0b296e1a3ff66c9bc7578
SHA256e18ea18812232fe04fe3a2728d4940ef9c0863f1b8a741201d16a47aad6fc8cb
SHA512aff690f193eee5db1f94573c90ab6f08161dbab42416138c31e0790fbf5ac11a1c484bab639b3db59449b098b493b77843723b128d73e911bb80a0df4526815f
-
Filesize
1KB
MD58df06597db32592ea1016f722a09b982
SHA1c824d8504e06d4e7d3bb38b17193a460f1918657
SHA256b14cfbe577c2f1ff326438bde9150e847a2cb1398f7cbfdc2c97436be251a879
SHA512f07faa3111657431b28cc919111448e4293f3dc30d0e4b3f21e9e544cf882ecff252ee5f77ebb1fc5cd61be5aa71a363f9d600503a41a322350df557d90f8f09
-
Filesize
913KB
MD58b3199b1bba7cec2f65da8bebb8b4bb0
SHA15cdd79e1e8c037ae205009195170e96054e079b5
SHA25647dace19f7d3bb97dac6d871a321d19b80cf1e1b2cca7bd6aeebc22b45641936
SHA51285108c2addaef1d81abe4d58262bfbbd78e22efda6de6cca73924352b2dd18a3bef74a7ecfd22bd50f238ce5287f30c9a793db52655f2ef9a684de4310c3403f