epsilon | f9cf48c044d90c94f4814a0577cc36a7ba1ac5dbc9652b2e0e498162a042494d

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Launcher.exe
Size

72.0MB
MD5

043e915471323e762e76803853cda28e
SHA1

8ec1f578b126764217dc696c82a2e0dab6f3b906
SHA256

3b6c17f5720f2db7a5b695486da9f5d298c35ab9a274a5760f5191d24f3188bd
SHA512

f61d0c6408f0be97519ef8127f5130b28965272c15124a3953a9579bc8e92c79dadbfcc92f5b520a745736a218995be98245654440fd794d4085410eea18bb00
SSDEEP

1572864:FejOS3vf8SEuUfuVpWO9cC4LG8UzK+uxoG+YYfeGn+yn0N:F+HEWp0C4LGnsX+YYR+dN

Score

10^/10

epsilon spyware stealer

Malware Config

Signatures

Epsilon Stealer
Information stealer.
stealer epsilon

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation	Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation	Launcher.exe

Executes dropped EXE 64 IoCs

pid	Process
1772	Launcher.exe
1160	Launcher.exe
2712	Launcher.exe
4340	Launcher.exe
2912	screenCapture_1.3.2.exe
3056	screenCapture_1.3.2.exe
5032	screenCapture_1.3.2.exe
3600	screenCapture_1.3.2.exe
3972	screenCapture_1.3.2.exe
2012	screenCapture_1.3.2.exe
2056	screenCapture_1.3.2.exe
2004	screenCapture_1.3.2.exe
1624	screenCapture_1.3.2.exe
3600	screenCapture_1.3.2.exe
3396	screenCapture_1.3.2.exe
644	screenCapture_1.3.2.exe
4144	screenCapture_1.3.2.exe
1928	screenCapture_1.3.2.exe
4028	screenCapture_1.3.2.exe
5032	screenCapture_1.3.2.exe
3932	screenCapture_1.3.2.exe
4264	screenCapture_1.3.2.exe
1580	screenCapture_1.3.2.exe
2224	screenCapture_1.3.2.exe
5032	screenCapture_1.3.2.exe
2464	screenCapture_1.3.2.exe
644	screenCapture_1.3.2.exe
3172	screenCapture_1.3.2.exe
5092	screenCapture_1.3.2.exe
852	screenCapture_1.3.2.exe
4032	screenCapture_1.3.2.exe
3948	screenCapture_1.3.2.exe
1892	screenCapture_1.3.2.exe
1904	screenCapture_1.3.2.exe
4584	screenCapture_1.3.2.exe
4380	screenCapture_1.3.2.exe
3040	screenCapture_1.3.2.exe
2560	screenCapture_1.3.2.exe
1344	screenCapture_1.3.2.exe
4468	screenCapture_1.3.2.exe
3908	screenCapture_1.3.2.exe
652	screenCapture_1.3.2.exe
4880	screenCapture_1.3.2.exe
4064	screenCapture_1.3.2.exe
3436	screenCapture_1.3.2.exe
3040	screenCapture_1.3.2.exe
4684	screenCapture_1.3.2.exe
2032	screenCapture_1.3.2.exe
1180	screenCapture_1.3.2.exe
3352	screenCapture_1.3.2.exe
3708	screenCapture_1.3.2.exe
4672	screenCapture_1.3.2.exe
3168	screenCapture_1.3.2.exe
4684	screenCapture_1.3.2.exe
3200	screenCapture_1.3.2.exe
4224	screenCapture_1.3.2.exe
3264	screenCapture_1.3.2.exe
4348	screenCapture_1.3.2.exe
1652	screenCapture_1.3.2.exe
4068	screenCapture_1.3.2.exe
4348	screenCapture_1.3.2.exe
4060	screenCapture_1.3.2.exe
4032	screenCapture_1.3.2.exe
3052	screenCapture_1.3.2.exe

Loads dropped DLL 15 IoCs

pid	Process
3808	Launcher.exe
3808	Launcher.exe
3808	Launcher.exe
1772	Launcher.exe
1772	Launcher.exe
1160	Launcher.exe
2712	Launcher.exe
4340	Launcher.exe
1160	Launcher.exe
1160	Launcher.exe
1160	Launcher.exe
1160	Launcher.exe
1772	Launcher.exe
2364	Launcher.exe
2364	Launcher.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
34	ipinfo.io
33	ipinfo.io

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Launcher.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
644	WMIC.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2364	Launcher.exe
2364	Launcher.exe
2364	Launcher.exe
2364	Launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3808	Launcher.exe
Token: SeIncreaseQuotaPrivilege	4076	WMIC.exe
Token: SeSecurityPrivilege	4076	WMIC.exe
Token: SeTakeOwnershipPrivilege	4076	WMIC.exe
Token: SeLoadDriverPrivilege	4076	WMIC.exe
Token: SeSystemProfilePrivilege	4076	WMIC.exe
Token: SeSystemtimePrivilege	4076	WMIC.exe
Token: SeProfSingleProcessPrivilege	4076	WMIC.exe
Token: SeIncBasePriorityPrivilege	4076	WMIC.exe
Token: SeCreatePagefilePrivilege	4076	WMIC.exe
Token: SeBackupPrivilege	4076	WMIC.exe
Token: SeRestorePrivilege	4076	WMIC.exe
Token: SeShutdownPrivilege	4076	WMIC.exe
Token: SeDebugPrivilege	4076	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4076	WMIC.exe
Token: SeRemoteShutdownPrivilege	4076	WMIC.exe
Token: SeUndockPrivilege	4076	WMIC.exe
Token: SeManageVolumePrivilege	4076	WMIC.exe
Token: 33	4076	WMIC.exe
Token: 34	4076	WMIC.exe
Token: 35	4076	WMIC.exe
Token: 36	4076	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4076	WMIC.exe
Token: SeSecurityPrivilege	4076	WMIC.exe
Token: SeTakeOwnershipPrivilege	4076	WMIC.exe
Token: SeLoadDriverPrivilege	4076	WMIC.exe
Token: SeSystemProfilePrivilege	4076	WMIC.exe
Token: SeSystemtimePrivilege	4076	WMIC.exe
Token: SeProfSingleProcessPrivilege	4076	WMIC.exe
Token: SeIncBasePriorityPrivilege	4076	WMIC.exe
Token: SeCreatePagefilePrivilege	4076	WMIC.exe
Token: SeBackupPrivilege	4076	WMIC.exe
Token: SeRestorePrivilege	4076	WMIC.exe
Token: SeShutdownPrivilege	4076	WMIC.exe
Token: SeDebugPrivilege	4076	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4076	WMIC.exe
Token: SeRemoteShutdownPrivilege	4076	WMIC.exe
Token: SeUndockPrivilege	4076	WMIC.exe
Token: SeManageVolumePrivilege	4076	WMIC.exe
Token: 33	4076	WMIC.exe
Token: 34	4076	WMIC.exe
Token: 35	4076	WMIC.exe
Token: 36	4076	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3396	WMIC.exe
Token: SeSecurityPrivilege	3396	WMIC.exe
Token: SeTakeOwnershipPrivilege	3396	WMIC.exe
Token: SeLoadDriverPrivilege	3396	WMIC.exe
Token: SeSystemProfilePrivilege	3396	WMIC.exe
Token: SeSystemtimePrivilege	3396	WMIC.exe
Token: SeProfSingleProcessPrivilege	3396	WMIC.exe
Token: SeIncBasePriorityPrivilege	3396	WMIC.exe
Token: SeCreatePagefilePrivilege	3396	WMIC.exe
Token: SeBackupPrivilege	3396	WMIC.exe
Token: SeRestorePrivilege	3396	WMIC.exe
Token: SeShutdownPrivilege	3396	WMIC.exe
Token: SeDebugPrivilege	3396	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3396	WMIC.exe
Token: SeRemoteShutdownPrivilege	3396	WMIC.exe
Token: SeUndockPrivilege	3396	WMIC.exe
Token: SeManageVolumePrivilege	3396	WMIC.exe
Token: 33	3396	WMIC.exe
Token: 34	3396	WMIC.exe
Token: 35	3396	WMIC.exe
Token: 36	3396	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1772	Launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 1772	3808	Launcher.exe	93
PID 3808 wrote to memory of 1772	3808	Launcher.exe	93
PID 1772 wrote to memory of 4304	1772	Launcher.exe	472
PID 1772 wrote to memory of 4304	1772	Launcher.exe	472
PID 4304 wrote to memory of 4076	4304	cmd.exe	99
PID 4304 wrote to memory of 4076	4304	cmd.exe	99
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 1160	1772	Launcher.exe	102
PID 1772 wrote to memory of 4340	1772	Launcher.exe	103
PID 1772 wrote to memory of 4340	1772	Launcher.exe	103
PID 1772 wrote to memory of 2712	1772	Launcher.exe	104
PID 1772 wrote to memory of 2712	1772	Launcher.exe	104
PID 1772 wrote to memory of 4440	1772	Launcher.exe	105
PID 1772 wrote to memory of 4440	1772	Launcher.exe	105
PID 1772 wrote to memory of 1220	1772	Launcher.exe	106
PID 1772 wrote to memory of 1220	1772	Launcher.exe	106
PID 1772 wrote to memory of 3756	1772	Launcher.exe	400
PID 1772 wrote to memory of 3756	1772	Launcher.exe	400
PID 4440 wrote to memory of 1436	4440	cmd.exe	130
PID 4440 wrote to memory of 1436	4440	cmd.exe	130
PID 1220 wrote to memory of 1012	1220	cmd.exe	154
PID 1220 wrote to memory of 1012	1220	cmd.exe	154
PID 3756 wrote to memory of 3396	3756	cmd.exe	167
PID 3756 wrote to memory of 3396	3756	cmd.exe	167
PID 1772 wrote to memory of 2012	1772	Launcher.exe	150
PID 1772 wrote to memory of 2012	1772	Launcher.exe	150
PID 2012 wrote to memory of 644	2012	cmd.exe	529
PID 2012 wrote to memory of 644	2012	cmd.exe	529
PID 1772 wrote to memory of 2436	1772	Launcher.exe	117
PID 1772 wrote to memory of 2436	1772	Launcher.exe	117
PID 2436 wrote to memory of 3064	2436	cmd.exe	119
PID 2436 wrote to memory of 3064	2436	cmd.exe	119
PID 3064 wrote to memory of 3148	3064	cmd.exe	123
PID 3064 wrote to memory of 3148	3064	cmd.exe	123
PID 2436 wrote to memory of 3952	2436	cmd.exe	491
PID 2436 wrote to memory of 3952	2436	cmd.exe	491

C:\Users\Admin\AppData\Local\Temp\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
  C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4304
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic CsProduct Get UUID
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4076
- - C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1940 --field-trial-handle=1944,i,6864516122251220555,3360431642638594644,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1160
- - C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --mojo-platform-channel-handle=2364 --field-trial-handle=1944,i,6864516122251220555,3360431642638594644,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4340
- - C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2536 --field-trial-handle=1944,i,6864516122251220555,3360431642638594644,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4440
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
      4⤵
      PID:1436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1220
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
      4⤵
      PID:1012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3756
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Windows\system32\cmd.exe
      cmd /c chcp 65001
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3064
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:3148
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      PID:3952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-rurdxt.d8c5.jpg" "
    3⤵
    PID:2464
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3148
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
      4⤵
      PID:3756
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7FEF.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCBFC6939893431D92E76447F3D4CF.TMP"
        5⤵
        
        PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-rurdxt.d8c5.jpg"
      4⤵
      Executes dropped EXE
      PID:5032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1hmgzsw.uttn.jpg" "
    3⤵
    PID:3952
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
      4⤵
      PID:1436
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7FEE.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC1917053FFA904C73A55AE6386C71BA57.TMP"
        5⤵
        
        PID:3972
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-132sggk.xcsa.jpg" "
    3⤵
    PID:3224
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
      4⤵
      PID:1312
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7FFD.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC8B963AC44E3740B7AB9C9BD3529C1834.TMP"
        5⤵
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-132sggk.xcsa.jpg"
      4⤵
      Executes dropped EXE
      PID:3056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ffu23x.ipzt7.jpg" "
    3⤵
    PID:436
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
      4⤵
      PID:3968
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7FCF.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC7946E4CB927448D1B21FE9ED24A7C96.TMP"
        5⤵
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ffu23x.ipzt7.jpg"
      4⤵
      Executes dropped EXE
      PID:2912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-7u6f4e.c9q7a.jpg" "
    3⤵
    PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-7u6f4e.c9q7a.jpg"
      4⤵
      Executes dropped EXE
      PID:3600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-856zji.i77uk.jpg" "
    3⤵
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-856zji.i77uk.jpg"
      4⤵
      Executes dropped EXE
      PID:3972
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-dhc7l0.wgcv.jpg" "
    3⤵
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-dhc7l0.wgcv.jpg"
      4⤵
      Executes dropped EXE
      PID:2012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-18eur6k.q0hd.jpg" "
    3⤵
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-18eur6k.q0hd.jpg"
      4⤵
      Executes dropped EXE
      PID:2056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rzg54d.8366f.jpg" "
    3⤵
    PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rzg54d.8366f.jpg"
      4⤵
      Executes dropped EXE
      PID:2004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ar42ql.2vzp.jpg" "
    3⤵
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ar42ql.2vzp.jpg"
      4⤵
      Executes dropped EXE
      PID:1624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-stjzo4.jmmh.jpg" "
    3⤵
    PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-stjzo4.jmmh.jpg"
      4⤵
      Executes dropped EXE
      PID:3600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1s3q441.oimq.jpg" "
    3⤵
    PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1s3q441.oimq.jpg"
      4⤵
      Executes dropped EXE
      PID:3396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-tp6r25.yhrw.jpg" "
    3⤵
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-tp6r25.yhrw.jpg"
      4⤵
      Executes dropped EXE
      PID:644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-5hmil2.gfudx.jpg" "
    3⤵
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-5hmil2.gfudx.jpg"
      4⤵
      Executes dropped EXE
      PID:4144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17bhgp6.q7gd.jpg" "
    3⤵
    PID:3600
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17bhgp6.q7gd.jpg"
      4⤵
      Executes dropped EXE
      PID:1928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-19fulp5.54w3.jpg" "
    3⤵
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-19fulp5.54w3.jpg"
      4⤵
      Executes dropped EXE
      PID:4028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-5ly3bs.ur3sp.jpg" "
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-5ly3bs.ur3sp.jpg"
      4⤵
      Executes dropped EXE
      PID:5032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1h45jiq.81ck.jpg" "
    3⤵
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1h45jiq.81ck.jpg"
      4⤵
      Executes dropped EXE
      PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1a2w74r.kvgif.jpg" "
    3⤵
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1a2w74r.kvgif.jpg"
      4⤵
      Executes dropped EXE
      PID:4264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1d7xydt.73bx.jpg" "
    3⤵
    PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1d7xydt.73bx.jpg"
      4⤵
      Executes dropped EXE
      PID:1580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1cnhje9.dh47.jpg" "
    3⤵
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1cnhje9.dh47.jpg"
      4⤵
      Executes dropped EXE
      PID:2224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-93pgfy.w7uc6.jpg" "
    3⤵
    PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-93pgfy.w7uc6.jpg"
      4⤵
      Executes dropped EXE
      PID:5032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1nobes1.sgt4.jpg" "
    3⤵
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1nobes1.sgt4.jpg"
      4⤵
      Executes dropped EXE
      PID:2464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1hf39ld.cq1.jpg" "
    3⤵
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1hf39ld.cq1.jpg"
      4⤵
      Executes dropped EXE
      PID:644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ptvrf7.ixom.jpg" "
    3⤵
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ptvrf7.ixom.jpg"
      4⤵
      Executes dropped EXE
      PID:3172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1eemg60.ygj4j.jpg" "
    3⤵
    PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1eemg60.ygj4j.jpg"
      4⤵
      Executes dropped EXE
      PID:5092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-23q6ze.thlq6.jpg" "
    3⤵
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-23q6ze.thlq6.jpg"
      4⤵
      Executes dropped EXE
      PID:852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1sliaie.v1mq.jpg" "
    3⤵
    PID:644
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1sliaie.v1mq.jpg"
      4⤵
      Executes dropped EXE
      PID:4032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rq54ie.tgo2.jpg" "
    3⤵
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rq54ie.tgo2.jpg"
      4⤵
      Executes dropped EXE
      PID:3948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1nny20l.x5jo.jpg" "
    3⤵
    PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1nny20l.x5jo.jpg"
      4⤵
      Executes dropped EXE
      PID:1892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9h8l9e.pdy1j.jpg" "
    3⤵
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9h8l9e.pdy1j.jpg"
      4⤵
      Executes dropped EXE
      PID:1904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-so8kzb.e3mh8.jpg" "
    3⤵
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-so8kzb.e3mh8.jpg"
      4⤵
      Executes dropped EXE
      PID:4584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ne5mnb.ovpz.jpg" "
    3⤵
    PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ne5mnb.ovpz.jpg"
      4⤵
      Executes dropped EXE
      PID:4380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9u1p4f.zoh8.jpg" "
    3⤵
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9u1p4f.zoh8.jpg"
      4⤵
      Executes dropped EXE
      PID:3040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-15lbhz6.77eu.jpg" "
    3⤵
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-15lbhz6.77eu.jpg"
      4⤵
      Executes dropped EXE
      PID:2560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-piotzv.uzao.jpg" "
    3⤵
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-piotzv.uzao.jpg"
      4⤵
      Executes dropped EXE
      PID:1344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-qb1rmq.mizs.jpg" "
    3⤵
    PID:64
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-qb1rmq.mizs.jpg"
      4⤵
      Executes dropped EXE
      PID:4468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-10nqdc3.bp6z.jpg" "
    3⤵
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-10nqdc3.bp6z.jpg"
      4⤵
      Executes dropped EXE
      PID:3908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1iplpog.zhs2.jpg" "
    3⤵
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1iplpog.zhs2.jpg"
      4⤵
      Executes dropped EXE
      PID:652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-z5i5c0.08jf.jpg" "
    3⤵
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-z5i5c0.08jf.jpg"
      4⤵
      Executes dropped EXE
      PID:4880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1yueumi.laat.jpg" "
    3⤵
    PID:1180
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1yueumi.laat.jpg"
      4⤵
      Executes dropped EXE
      PID:4064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-7wgezo.5jx1u.jpg" "
    3⤵
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-7wgezo.5jx1u.jpg"
      4⤵
      Executes dropped EXE
      PID:3436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16ne3an.w107.jpg" "
    3⤵
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16ne3an.w107.jpg"
      4⤵
      Executes dropped EXE
      PID:3040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-phdeil.7olt.jpg" "
    3⤵
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-phdeil.7olt.jpg"
      4⤵
      Executes dropped EXE
      PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1tbtff7.5jt.jpg" "
    3⤵
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1tbtff7.5jt.jpg"
      4⤵
      Executes dropped EXE
      PID:2032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1fvk4d1.n8ei.jpg" "
    3⤵
    PID:4872
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1fvk4d1.n8ei.jpg"
      4⤵
      Executes dropped EXE
      PID:1180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-10xmnje.72l6j.jpg" "
    3⤵
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-10xmnje.72l6j.jpg"
      4⤵
      Executes dropped EXE
      PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-xxawzw.da7c.jpg" "
    3⤵
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-xxawzw.da7c.jpg"
      4⤵
      Executes dropped EXE
      PID:3708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1vbjy1o.y2yr.jpg" "
    3⤵
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1vbjy1o.y2yr.jpg"
      4⤵
      Executes dropped EXE
      PID:4672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1bt26h6.bj85.jpg" "
    3⤵
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1bt26h6.bj85.jpg"
      4⤵
      Executes dropped EXE
      PID:3168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ox6r67.gxim.jpg" "
    3⤵
    PID:852
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ox6r67.gxim.jpg"
      4⤵
      Executes dropped EXE
      PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1nzmkgr.ayt2.jpg" "
    3⤵
    PID:2336
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1nzmkgr.ayt2.jpg"
      4⤵
      Executes dropped EXE
      PID:3200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1g8nzyq.djegg.jpg" "
    3⤵
    PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1g8nzyq.djegg.jpg"
      4⤵
      Executes dropped EXE
      PID:4224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-x71aug.mpwq.jpg" "
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-x71aug.mpwq.jpg"
      4⤵
      Executes dropped EXE
      PID:3264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-8w0ouw.uvrhw.jpg" "
    3⤵
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-8w0ouw.uvrhw.jpg"
      4⤵
      Executes dropped EXE
      PID:4348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-b3a28x.nm4vh.jpg" "
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-b3a28x.nm4vh.jpg"
      4⤵
      Executes dropped EXE
      PID:1652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1d4cuwe.y7u2.jpg" "
    3⤵
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1d4cuwe.y7u2.jpg"
      4⤵
      Executes dropped EXE
      PID:4068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16f709p.5mugi.jpg" "
    3⤵
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16f709p.5mugi.jpg"
      4⤵
      Executes dropped EXE
      PID:4348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-auzi1q.kqv64.jpg" "
    3⤵
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-auzi1q.kqv64.jpg"
      4⤵
      Executes dropped EXE
      PID:4060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-djctgf.3259t.jpg" "
    3⤵
    PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-djctgf.3259t.jpg"
      4⤵
      Executes dropped EXE
      PID:4032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ah5ba9.uyg2.jpg" "
    3⤵
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ah5ba9.uyg2.jpg"
      4⤵
      Executes dropped EXE
      PID:3052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-11mnjtu.nscgk.jpg" "
    3⤵
    PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-11mnjtu.nscgk.jpg"
      4⤵
      PID:948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-uwbeyp.z4a5.jpg" "
    3⤵
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-uwbeyp.z4a5.jpg"
      4⤵
      PID:3200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-c4cic9.lxqgs.jpg" "
    3⤵
    PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-c4cic9.lxqgs.jpg"
      4⤵
      PID:4316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1c2hyac.kyo1.jpg" "
    3⤵
    PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1c2hyac.kyo1.jpg"
      4⤵
      PID:2556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-558561.7idn8.jpg" "
    3⤵
    PID:788
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-558561.7idn8.jpg"
      4⤵
      PID:4032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16l8t3i.l1j6.jpg" "
    3⤵
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16l8t3i.l1j6.jpg"
      4⤵
      PID:4316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-oiuu20.6dcx.jpg" "
    3⤵
    PID:216
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-oiuu20.6dcx.jpg"
      4⤵
      PID:4672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-o92jot.yg8w.jpg" "
    3⤵
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-o92jot.yg8w.jpg"
      4⤵
      PID:788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9zw313.0tbgg.jpg" "
    3⤵
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9zw313.0tbgg.jpg"
      4⤵
      PID:2512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14iltb.uype7.jpg" "
    3⤵
    PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14iltb.uype7.jpg"
      4⤵
      PID:4176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rqgr1.tfaas.jpg" "
    3⤵
    PID:216
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rqgr1.tfaas.jpg"
      4⤵
      PID:4304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-2ot9r2.g8pip.jpg" "
    3⤵
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-2ot9r2.g8pip.jpg"
      4⤵
      PID:4488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1pjxd0r.488t.jpg" "
    3⤵
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1pjxd0r.488t.jpg"
      4⤵
      PID:4932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-pfjcio.m46lf.jpg" "
    3⤵
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-pfjcio.m46lf.jpg"
      4⤵
      PID:4028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wiuhnm.2kv4.jpg" "
    3⤵
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wiuhnm.2kv4.jpg"
      4⤵
      PID:216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-nc8cmr.i7m8.jpg" "
    3⤵
    PID:224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-nc8cmr.i7m8.jpg"
      4⤵
      PID:228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1shlxna.1bhu.jpg" "
    3⤵
    PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1shlxna.1bhu.jpg"
      4⤵
      PID:3224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-kue773.uwi7.jpg" "
    3⤵
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-kue773.uwi7.jpg"
      4⤵
      PID:1624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-yobtts.2zh4b.jpg" "
    3⤵
    PID:644
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-yobtts.2zh4b.jpg"
      4⤵
      PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-6jv135.yg5id.jpg" "
    3⤵
    PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-6jv135.yg5id.jpg"
      4⤵
      PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-gg1lsx.997ma.jpg" "
    3⤵
    PID:3492
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-gg1lsx.997ma.jpg"
      4⤵
      PID:4172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14quso1.wvxy.jpg" "
    3⤵
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14quso1.wvxy.jpg"
      4⤵
      PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-w9xq9r.rt7ji.jpg" "
    3⤵
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-w9xq9r.rt7ji.jpg"
      4⤵
      PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-d98z9v.lw6hp.jpg" "
    3⤵
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-d98z9v.lw6hp.jpg"
      4⤵
      PID:4348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1b5iuw5.smr5.jpg" "
    3⤵
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1b5iuw5.smr5.jpg"
      4⤵
      PID:1420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wx79x9.mrk6.jpg" "
    3⤵
    PID:3040
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wx79x9.mrk6.jpg"
      4⤵
      PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1q6eov8.00c5.jpg" "
    3⤵
    PID:400
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1q6eov8.00c5.jpg"
      4⤵
      PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ehmx4d.dzio.jpg" "
    3⤵
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ehmx4d.dzio.jpg"
      4⤵
      PID:3756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1mhl5rw.31wdg.jpg" "
    3⤵
    PID:2680
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1mhl5rw.31wdg.jpg"
      4⤵
      PID:1372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-5jc1yj.27knj.jpg" "
    3⤵
    PID:5036
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-5jc1yj.27knj.jpg"
      4⤵
      PID:2228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-15rvgz4.dy04.jpg" "
    3⤵
    PID:2548
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-15rvgz4.dy04.jpg"
      4⤵
      PID:2512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-pnz16k.plbi.jpg" "
    3⤵
    PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-pnz16k.plbi.jpg"
      4⤵
      PID:4932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-byzsu9.w0nva.jpg" "
    3⤵
    PID:3420
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-byzsu9.w0nva.jpg"
      4⤵
      PID:2680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-qfmqfm.ra05.jpg" "
    3⤵
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-qfmqfm.ra05.jpg"
      4⤵
      PID:5036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-635ltw.4ju4a.jpg" "
    3⤵
    PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-635ltw.4ju4a.jpg"
      4⤵
      PID:4488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1l3603z.2xy3.jpg" "
    3⤵
    PID:3872
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1l3603z.2xy3.jpg"
      4⤵
      PID:4176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-10kujlk.7cc1.jpg" "
    3⤵
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-10kujlk.7cc1.jpg"
      4⤵
      PID:948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-vjagsg.ir07h.jpg" "
    3⤵
    PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-vjagsg.ir07h.jpg"
      4⤵
      PID:3512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1d13mo6.kgq8.jpg" "
    3⤵
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1d13mo6.kgq8.jpg"
      4⤵
      PID:2212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-11pdqj2.y6p.jpg" "
    3⤵
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-11pdqj2.y6p.jpg"
      4⤵
      PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ko0agr.cubsm.jpg" "
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ko0agr.cubsm.jpg"
      4⤵
      PID:3752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-aarbmi.nagct.jpg" "
    3⤵
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-aarbmi.nagct.jpg"
      4⤵
      PID:4776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-bca999.vs6a.jpg" "
    3⤵
    PID:392
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-bca999.vs6a.jpg"
      4⤵
      PID:1372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1a8hjyv.rwnc.jpg" "
    3⤵
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1a8hjyv.rwnc.jpg"
      4⤵
      PID:3212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-lwmcn6.3z1ep.jpg" "
    3⤵
    PID:4684
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:788
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-lwmcn6.3z1ep.jpg"
      4⤵
      PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-atvq8v.p990a.jpg" "
    3⤵
    PID:2956
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-atvq8v.p990a.jpg"
      4⤵
      PID:3268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-b7j81w.88szg.jpg" "
    3⤵
    PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-b7j81w.88szg.jpg"
      4⤵
      PID:4672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ssx49a.r1ycg.jpg" "
    3⤵
    PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ssx49a.r1ycg.jpg"
      4⤵
      PID:1580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-thpheg.9kfuo.jpg" "
    3⤵
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-thpheg.9kfuo.jpg"
      4⤵
      PID:4668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-fm7o1k.3md1.jpg" "
    3⤵
    PID:3056
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-fm7o1k.3md1.jpg"
      4⤵
      PID:4176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-dbjs91.09na4.jpg" "
    3⤵
    PID:1624
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-dbjs91.09na4.jpg"
      4⤵
      PID:948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-nd7uet.y54kn.jpg" "
    3⤵
    PID:2228
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-nd7uet.y54kn.jpg"
      4⤵
      PID:1372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-68ge0p.0zslx.jpg" "
    3⤵
    PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-68ge0p.0zslx.jpg"
      4⤵
      PID:2212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1592hta.ryft.jpg" "
    3⤵
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1592hta.ryft.jpg"
      4⤵
      PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-2tcavm.vum8u.jpg" "
    3⤵
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-2tcavm.vum8u.jpg"
      4⤵
      PID:2224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1f7rxal.7ynh.jpg" "
    3⤵
    PID:4172
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1f7rxal.7ynh.jpg"
      4⤵
      PID:228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1kp6fwe.tqwq.jpg" "
    3⤵
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1kp6fwe.tqwq.jpg"
      4⤵
      PID:2044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1jrim49.fcqu.jpg" "
    3⤵
    PID:1084
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1jrim49.fcqu.jpg"
      4⤵
      PID:3952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1qdv1s9.x348.jpg" "
    3⤵
    PID:4936
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1qdv1s9.x348.jpg"
      4⤵
      PID:4776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17p4bcb.n06v.jpg" "
    3⤵
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17p4bcb.n06v.jpg"
      4⤵
      PID:2212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1narntd.7ypc.jpg" "
    3⤵
    PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1narntd.7ypc.jpg"
      4⤵
      PID:1084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1xqc45w.gjzhk.jpg" "
    3⤵
    PID:4672
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1xqc45w.gjzhk.jpg"
      4⤵
      PID:3420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1tn98wy.7iph.jpg" "
    3⤵
    PID:964
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1tn98wy.7iph.jpg"
      4⤵
      PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1g1466x.izbe.jpg" "
    3⤵
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1g1466x.izbe.jpg"
      4⤵
      PID:208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-vxf5u1.0126d.jpg" "
    3⤵
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-vxf5u1.0126d.jpg"
      4⤵
      PID:1112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-38ra13.b69ee.jpg" "
    3⤵
    PID:4380
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-38ra13.b69ee.jpg"
      4⤵
      PID:1372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1uvrqqc.d3b3.jpg" "
    3⤵
    PID:3972
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1uvrqqc.d3b3.jpg"
      4⤵
      PID:3212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1f1sd5n.i8oe.jpg" "
    3⤵
    PID:1656
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1f1sd5n.i8oe.jpg"
      4⤵
      PID:4520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1fcvlds.tde8.jpg" "
    3⤵
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1fcvlds.tde8.jpg"
      4⤵
      PID:4316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-j0ec2d.r6tu.jpg" "
    3⤵
    PID:1968
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-j0ec2d.r6tu.jpg"
      4⤵
      PID:1740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-s4idki.ibhme.jpg" "
    3⤵
    PID:644
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-s4idki.ibhme.jpg"
      4⤵
      PID:3568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-glwp7f.0sz4r.jpg" "
    3⤵
    PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-glwp7f.0sz4r.jpg"
      4⤵
      PID:1020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1fcubdv.kg9y.jpg" "
    3⤵
    PID:2908
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1fcubdv.kg9y.jpg"
      4⤵
      PID:4180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17h2af1.rtozf.jpg" "
    3⤵
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17h2af1.rtozf.jpg"
      4⤵
      PID:3572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-5hb04t.y8jig.jpg" "
    3⤵
    PID:4464
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-5hb04t.y8jig.jpg"
      4⤵
      PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1epen.kvkylx.jpg" "
    3⤵
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1epen.kvkylx.jpg"
      4⤵
      PID:4944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-zc9xay.grsne.jpg" "
    3⤵
    PID:4792
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-zc9xay.grsne.jpg"
      4⤵
      PID:2844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-am5cxf.g2f7w.jpg" "
    3⤵
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-am5cxf.g2f7w.jpg"
      4⤵
      PID:4184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-y4hbp.xo5z2.jpg" "
    3⤵
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-y4hbp.xo5z2.jpg"
      4⤵
      PID:1028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-i04clo.kv2zh.jpg" "
    3⤵
    PID:4672
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-i04clo.kv2zh.jpg"
      4⤵
      PID:3716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1vj5rvm.ucky.jpg" "
    3⤵
    PID:948
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1vj5rvm.ucky.jpg"
      4⤵
      PID:3704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1bx2394.41tp.jpg" "
    3⤵
    PID:3692
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1bx2394.41tp.jpg"
      4⤵
      PID:4532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-iytjmi.f9bok.jpg" "
    3⤵
    PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-iytjmi.f9bok.jpg"
      4⤵
      PID:1724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ceyt1l.omzhc.jpg" "
    3⤵
    PID:2720
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ceyt1l.omzhc.jpg"
      4⤵
      PID:1144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-q5xisu.bamdl.jpg" "
    3⤵
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-q5xisu.bamdl.jpg"
      4⤵
      PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-z8x4t7.w61k.jpg" "
    3⤵
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-z8x4t7.w61k.jpg"
      4⤵
      PID:2492
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-r96e45.3und.jpg" "
    3⤵
    PID:3704
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-r96e45.3und.jpg"
      4⤵
      PID:1580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-fks6kr.6oovu.jpg" "
    3⤵
    PID:4532
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-fks6kr.6oovu.jpg"
      4⤵
      PID:4360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wnect7.x506.jpg" "
    3⤵
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wnect7.x506.jpg"
      4⤵
      PID:1372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-3uo8li.codli.jpg" "
    3⤵
    PID:4264
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-3uo8li.codli.jpg"
      4⤵
      PID:1744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wd9r16.v6wm.jpg" "
    3⤵
    PID:4316
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wd9r16.v6wm.jpg"
      4⤵
      PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-7wdsz6.1bjsp.jpg" "
    3⤵
    PID:4456
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:228
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-7wdsz6.1bjsp.jpg"
      4⤵
      PID:2220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-4g3txa.s6j7.jpg" "
    3⤵
    PID:1920
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-4g3txa.s6j7.jpg"
      4⤵
      PID:3908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-by6yxb.v17wa.jpg" "
    3⤵
    PID:216
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-by6yxb.v17wa.jpg"
      4⤵
      PID:1380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1elodgb.kqa3.jpg" "
    3⤵
    PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1elodgb.kqa3.jpg"
      4⤵
      PID:2680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-yahm1a.osi7.jpg" "
    3⤵
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-yahm1a.osi7.jpg"
      4⤵
      PID:3988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1e25qt0.9kog.jpg" "
    3⤵
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1e25qt0.9kog.jpg"
      4⤵
      PID:2268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-wehp4n.gg4z.jpg" "
    3⤵
    PID:208
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-wehp4n.gg4z.jpg"
      4⤵
      PID:2552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-gofta2.dmzo.jpg" "
    3⤵
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-gofta2.dmzo.jpg"
      4⤵
      PID:2340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1helpn6.9eh3.jpg" "
    3⤵
    PID:636
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1helpn6.9eh3.jpg"
      4⤵
      PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-x7ov88.nbqoa.jpg" "
    3⤵
    PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-x7ov88.nbqoa.jpg"
      4⤵
      PID:436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1hs4gly.h67d.jpg" "
    3⤵
    PID:3568
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1hs4gly.h67d.jpg"
      4⤵
      PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1a8sn94.9zzp.jpg" "
    3⤵
    PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1a8sn94.9zzp.jpg"
      4⤵
      PID:3708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1w8c4rq.6k2x.jpg" "
    3⤵
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1w8c4rq.6k2x.jpg"
      4⤵
      PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1dw4m9u.5eqm.jpg" "
    3⤵
    PID:2232
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1dw4m9u.5eqm.jpg"
      4⤵
      PID:3168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17rqens.y6fu.jpg" "
    3⤵
    PID:1872
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:948
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17rqens.y6fu.jpg"
      4⤵
      PID:2340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-n81lvg.9o4.jpg" "
    3⤵
    PID:2464
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-n81lvg.9o4.jpg"
      4⤵
      PID:1640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ev8qgj.asnc.jpg" "
    3⤵
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ev8qgj.asnc.jpg"
      4⤵
      PID:4532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-i2ykb0.lq76k.jpg" "
    3⤵
    PID:400
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-i2ykb0.lq76k.jpg"
      4⤵
      PID:4960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1scmtd0.5glek.jpg" "
    3⤵
    PID:4660
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1scmtd0.5glek.jpg"
      4⤵
      PID:1448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17v7bsi.qn9w.jpg" "
    3⤵
    PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17v7bsi.qn9w.jpg"
      4⤵
      PID:1144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16ya0nb.fztx.jpg" "
    3⤵
    PID:3512
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:208
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16ya0nb.fztx.jpg"
      4⤵
      PID:2220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1i8kqne.a9zif.jpg" "
    3⤵
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1i8kqne.a9zif.jpg"
      4⤵
      PID:1580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ojlsh9.7wllm.jpg" "
    3⤵
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ojlsh9.7wllm.jpg"
      4⤵
      PID:4360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1lwhhg8.99fl.jpg" "
    3⤵
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1lwhhg8.99fl.jpg"
      4⤵
      PID:4936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-p0c8ti.xthp9.jpg" "
    3⤵
    PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-p0c8ti.xthp9.jpg"
      4⤵
      PID:2156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16qp7vm.1xjg.jpg" "
    3⤵
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16qp7vm.1xjg.jpg"
      4⤵
      PID:4304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-2va6qd.zp0cq.jpg" "
    3⤵
    PID:2212
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-2va6qd.zp0cq.jpg"
      4⤵
      PID:4316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ha6hct.63p0c.jpg" "
    3⤵
    PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ha6hct.63p0c.jpg"
      4⤵
      PID:2016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14zorps.9q30j.jpg" "
    3⤵
    PID:1652
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:636
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14zorps.9q30j.jpg"
      4⤵
      PID:1580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14ti45a.ta2.jpg" "
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14ti45a.ta2.jpg"
      4⤵
      PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1l4q5qz.jq1ri.jpg" "
    3⤵
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1l4q5qz.jq1ri.jpg"
      4⤵
      PID:4396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1kh6ea0.vkng.jpg" "
    3⤵
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1kh6ea0.vkng.jpg"
      4⤵
      PID:3820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-takqkw.179o.jpg" "
    3⤵
    PID:4028
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-takqkw.179o.jpg"
      4⤵
      PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1gxjm7u.pkd0j.jpg" "
    3⤵
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1gxjm7u.pkd0j.jpg"
      4⤵
      PID:4912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-drsssu.wn1w.jpg" "
    3⤵
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-drsssu.wn1w.jpg"
      4⤵
      PID:2220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rmgrf9.bph6.jpg" "
    3⤵
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rmgrf9.bph6.jpg"
      4⤵
      PID:2672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-6k2j5z.m57u4.jpg" "
    3⤵
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-6k2j5z.m57u4.jpg"
      4⤵
      PID:4596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-z9ap7g.zo3qm.jpg" "
    3⤵
    PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-z9ap7g.zo3qm.jpg"
      4⤵
      PID:4624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17z6ige.mdjdh.jpg" "
    3⤵
    PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17z6ige.mdjdh.jpg"
      4⤵
      PID:1144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-bs9cwn.5szf.jpg" "
    3⤵
    PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-bs9cwn.5szf.jpg"
      4⤵
      PID:1804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ddua6k.ycap.jpg" "
    3⤵
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ddua6k.ycap.jpg"
      4⤵
      PID:4996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ubg9fk.al3r.jpg" "
    3⤵
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ubg9fk.al3r.jpg"
      4⤵
      PID:4948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-h0r44n.0gccp.jpg" "
    3⤵
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-h0r44n.0gccp.jpg"
      4⤵
      PID:4360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1otvxg3.t8lzg.jpg" "
    3⤵
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1otvxg3.t8lzg.jpg"
      4⤵
      PID:4960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1e79ehy.2tnc.jpg" "
    3⤵
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1e79ehy.2tnc.jpg"
      4⤵
      PID:2312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1fhzt7x.kpn7j.jpg" "
    3⤵
    PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1fhzt7x.kpn7j.jpg"
      4⤵
      PID:2844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1h9jxwm.3pn2k.jpg" "
    3⤵
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1h9jxwm.3pn2k.jpg"
      4⤵
      PID:2392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wsu7l0.63zlk.jpg" "
    3⤵
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wsu7l0.63zlk.jpg"
      4⤵
      PID:2552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ee4gzc.mp1ub.jpg" "
    3⤵
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ee4gzc.mp1ub.jpg"
      4⤵
      PID:4912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1gwkd12.12u5l.jpg" "
    3⤵
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1gwkd12.12u5l.jpg"
      4⤵
      PID:2224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1asqhg.pdrev.jpg" "
    3⤵
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1asqhg.pdrev.jpg"
      4⤵
      PID:1572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-pdqery.ap8b.jpg" "
    3⤵
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-pdqery.ap8b.jpg"
      4⤵
      PID:4624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9v1pf4.irthh.jpg" "
    3⤵
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9v1pf4.irthh.jpg"
      4⤵
      PID:1924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-tq12kb.v5v7.jpg" "
    3⤵
    PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-tq12kb.v5v7.jpg"
      4⤵
      PID:2044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-11xmxs1.9vu6j.jpg" "
    3⤵
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-11xmxs1.9vu6j.jpg"
      4⤵
      PID:4396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-nnej5a.5rna.jpg" "
    3⤵
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-nnej5a.5rna.jpg"
      4⤵
      PID:1816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-mkgqai.qcy3.jpg" "
    3⤵
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-mkgqai.qcy3.jpg"
      4⤵
      PID:2156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-j40m82.35s3.jpg" "
    3⤵
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-j40m82.35s3.jpg"
      4⤵
      PID:4928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1l3s4h.02433.jpg" "
    3⤵
    PID:400
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1l3s4h.02433.jpg"
      4⤵
      PID:3512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-muqnmv.387fh.jpg" "
    3⤵
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-muqnmv.387fh.jpg"
      4⤵
      PID:3772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1y55f87.au5m.jpg" "
    3⤵
    PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1y55f87.au5m.jpg"
      4⤵
      PID:4520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9ztlex.l7skh.jpg" "
    3⤵
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9ztlex.l7skh.jpg"
      4⤵
      PID:1724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ivs53u.2rkg.jpg" "
    3⤵
    PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ivs53u.2rkg.jpg"
      4⤵
      PID:216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1qjodfn.t7tti.jpg" "
    3⤵
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1qjodfn.t7tti.jpg"
      4⤵
      PID:4848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1eaxq9.u7ajq.jpg" "
    3⤵
    PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1eaxq9.u7ajq.jpg"
      4⤵
      PID:2364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1tzwe1g.hpni.jpg" "
    3⤵
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1tzwe1g.hpni.jpg"
      4⤵
      PID:3544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-110a0v0.e454.jpg" "
    3⤵
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-110a0v0.e454.jpg"
      4⤵
      PID:4356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-8d0kxa.7a2rw.jpg" "
    3⤵
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-8d0kxa.7a2rw.jpg"
      4⤵
      PID:220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rm3cal.1wbj.jpg" "
    3⤵
    PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rm3cal.1wbj.jpg"
      4⤵
      PID:2692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1tg7pcy.1it1.jpg" "
    3⤵
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1tg7pcy.1it1.jpg"
      4⤵
      PID:680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-fmhy0e.xn48q.jpg" "
    3⤵
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-fmhy0e.xn48q.jpg"
      4⤵
      PID:2072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9yzkc6.3vigq.jpg" "
    3⤵
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9yzkc6.3vigq.jpg"
      4⤵
      PID:1804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-hvwkli.c78l9.jpg" "
    3⤵
    PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-hvwkli.c78l9.jpg"
      4⤵
      PID:4492
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1hkp45i.4pg8.jpg" "
    3⤵
    PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1hkp45i.4pg8.jpg"
      4⤵
      PID:4848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1dhntk7.hmqu.jpg" "
    3⤵
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1dhntk7.hmqu.jpg"
      4⤵
      PID:2332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1g5y3z3.ks9o.jpg" "
    3⤵
    PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1g5y3z3.ks9o.jpg"
      4⤵
      PID:4368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-j341au.6ahf.jpg" "
    3⤵
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-j341au.6ahf.jpg"
      4⤵
      PID:5004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1m6s4lv.zof1h.jpg" "
    3⤵
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1m6s4lv.zof1h.jpg"
      4⤵
      PID:4052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1my85mr.2jh.jpg" "
    3⤵
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1my85mr.2jh.jpg"
      4⤵
      PID:4296
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1k86ra7.sfmy.jpg" "
    3⤵
    PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1k86ra7.sfmy.jpg"
      4⤵
      PID:4848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-8fnx1e.f1av9.jpg" "
    3⤵
    PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-8fnx1e.f1av9.jpg"
      4⤵
      PID:1112
- - C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2600 --field-trial-handle=1944,i,6864516122251220555,3360431642638594644,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:2364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-15f635w.2vx2.jpg" "
    3⤵
    PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-15f635w.2vx2.jpg"
      4⤵
      PID:2392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-86ewq5.oa8fi.jpg" "
    3⤵
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-86ewq5.oa8fi.jpg"
      4⤵
      PID:4804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1icvd4v.ta6mj.jpg" "
    3⤵
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1icvd4v.ta6mj.jpg"
      4⤵
      PID:1572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-12ar7kh.7amxi.jpg" "
    3⤵
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-12ar7kh.7amxi.jpg"
      4⤵
      PID:4292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-15f5ry2.bes8g.jpg" "
    3⤵
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-15f5ry2.bes8g.jpg"
      4⤵
      PID:2692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16e22vk.28de.jpg" "
    3⤵
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-16e22vk.28de.jpg"
      4⤵
      PID:3224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wsnv91.zdwz.jpg" "
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1wsnv91.zdwz.jpg"
      4⤵
      PID:4584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-3tfqh2.xlg33.jpg" "
    3⤵
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-3tfqh2.xlg33.jpg"
      4⤵
      PID:208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-vqv6z5.pf69q.jpg" "
    3⤵
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-vqv6z5.pf69q.jpg"
      4⤵
      PID:1380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-bdrj5a.cw9vg.jpg" "
    3⤵
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-bdrj5a.cw9vg.jpg"
      4⤵
      PID:1716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1f3polj.imxh.jpg" "
    3⤵
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1f3polj.imxh.jpg"
      4⤵
      PID:1652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-zqswmc.ymbl.jpg" "
    3⤵
    PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-zqswmc.ymbl.jpg"
      4⤵
      PID:1132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1kyhwz.00r1w.jpg" "
    3⤵
    PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1kyhwz.00r1w.jpg"
      4⤵
      PID:4584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-199uc1i.xs7yl.jpg" "
    3⤵
    PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-199uc1i.xs7yl.jpg"
      4⤵
      PID:1436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ytjet0.aipy.jpg" "
    3⤵
    PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ytjet0.aipy.jpg"
      4⤵
      PID:3772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-f2bmj9.qfh7m.jpg" "
    3⤵
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-f2bmj9.qfh7m.jpg"
      4⤵
      PID:1816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14ib6pe.2c3l.jpg" "
    3⤵
    PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14ib6pe.2c3l.jpg"
      4⤵
      PID:680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9613pq.hxyrf.jpg" "
    3⤵
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-9613pq.hxyrf.jpg"
      4⤵
      PID:1028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ntvowf.o1hn.jpg" "
    3⤵
    PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1ntvowf.o1hn.jpg"
      4⤵
      PID:1300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17dfaom.yd0a.jpg" "
    3⤵
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-17dfaom.yd0a.jpg"
      4⤵
      PID:460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ni42m7.jcynl.jpg" "
    3⤵
    PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-ni42m7.jcynl.jpg"
      4⤵
      PID:4356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14gqh0z.ehlr.jpg" "
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-14gqh0z.ehlr.jpg"
      4⤵
      PID:3420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-19q3l1r.a3ne.jpg" "
    3⤵
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-19q3l1r.a3ne.jpg"
      4⤵
      PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1cmf29g.kb71.jpg" "
    3⤵
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1cmf29g.kb71.jpg"
      4⤵
      PID:4240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-uvoya.rgfwu.jpg" "
    3⤵
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-uvoya.rgfwu.jpg"
      4⤵
      PID:5096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-h16n1f.klz3s.jpg" "
    3⤵
    PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-h16n1f.klz3s.jpg"
      4⤵
      PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1pobp35.gxgu.jpg" "
    3⤵
    PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1pobp35.gxgu.jpg"
      4⤵
      PID:4532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-krz6ms.l2cki.jpg" "
    3⤵
    PID:336
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-krz6ms.l2cki.jpg"
      4⤵
      PID:4804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1n6ar9g.um2.jpg" "
    3⤵
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1n6ar9g.um2.jpg"
      4⤵
      PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1s5ty42.7jnx.jpg" "
    3⤵
    PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-1s5ty42.7jnx.jpg"
      4⤵
      PID:5096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-t1g36p.thjn.jpg" "
    3⤵
    PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-t1g36p.thjn.jpg"
      4⤵
      PID:2720
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-73jhvo.rmwfw.jpg" "
    3⤵
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-73jhvo.rmwfw.jpg"
      4⤵
      PID:3772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-jx2ctx.19a3s.jpg" "
    3⤵
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-jx2ctx.19a3s.jpg"
      4⤵
      PID:1780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-bkaz2t.gzlge.jpg" "
    3⤵
    PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-bkaz2t.gzlge.jpg"
      4⤵
      PID:1656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-wiln3r.o5rze.jpg" "
    3⤵
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-wiln3r.o5rze.jpg"
      4⤵
      PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-12ugqea.8ais.jpg" "
    3⤵
    PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-12ugqea.8ais.jpg"
      4⤵
      PID:3692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-q1vsy2.ntmtn.jpg" "
    3⤵
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-q1vsy2.ntmtn.jpg"
      4⤵
      PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-yx24bd.h18we.jpg" "
    3⤵
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-yx24bd.h18we.jpg"
      4⤵
      PID:228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-1772-3wjjod.cdief.jpg" "
    3⤵
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-1772-3wjjod.cdief.jpg"
      4⤵
      PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

Filesize
862B

MD5
f3ac7a0e31b9af1b495241eff29915ad

SHA1
286fe23eba741cd3fca3f3e9a919021946655392

SHA256
f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a

SHA512
b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-1772-132sggk.xcsa.jpg

Filesize
84KB

MD5
ea30657c2c5ed40e89f63c98d3e9c19d

SHA1
d60dfd3778423bef71978b0b3207cf6789de425a

SHA256
d7af4517e83693628e66c5b3363c5e3fc1979cb89e02f2bf3a688d9a86f139c8

SHA512
649a0db680d3f799cb68c0b399bab5ab01a8552b4a7c44669b3bcc6911a478945bec3bbd23512df19c202040f49d8ec2de61550d8317c23c78b5d8b26b968ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-1772-1rzg54d.8366f.jpg

Filesize
3KB

MD5
54531825b1126e542bad92da49eb1f4a

SHA1
0bb526ba50817dc79dad8550e084667fac5c0336

SHA256
200699cc48d611612972f5ba183e2d0029dc60bf5927bd5dea9b43cc1adb370c

SHA512
a17bff50e3fa58546f191eafee957dee252d1c40d62203374144658fdbbac184d54f5491ed12e49b85eae06d2e755f5d4de04d93fda17d5e1c2352680aa7c9e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-1772-rurdxt.d8c5.jpg

Filesize
47KB

MD5
844fc45eb06b2ae542334aad902a44c1

SHA1
1e5ff98b8fee859bb5d70db1a5733cd0fce634f3

SHA256
877a04cb035c887283d1cb7d973fef7b8526a4675ae202441faf414dfe830165

SHA512
cab72e74facd340f75aea71cb1a9d5d00bff6553c7274f37de46c7e588040c4638cdac8043608139dfbc0a6664106b08a8a5cd32775789149c6c264f3dd82dbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\24a17a5b-9116-48b2-a502-6447c4ae9bc3.tmp.node

Filesize
112KB

MD5
78e3972d436d78e815dbf1903be3028c

SHA1
c41bed80d89053f7ea06420bcfa3c52956d87b98

SHA256
4d9477d1d5af59c22021f2d3a5f0463aa52273c68980329537ca40e3898cc055

SHA512
d5d122a307efd60beaa85125cb7391484599c3bb2b204ff1fea57eb00907458c976da7633f0438e7182a16afaa9e595e3b8745efa2e19519338807aa4b1d375c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\D3DCompiler_47.dll

Filesize
609KB

MD5
7b01148e76a9e89b140315ca28334c85

SHA1
1728713848d2840e261fdf37a57278c1b77c4724

SHA256
652fb4d2396fd89a5dafb239fbcc1885c0a04dfd6c922a84fe47372c595d2184

SHA512
c95244133f652d96bd396bea47e7384873845a4a8049207f4b5f11eea5a45e9c4a49880c2a46ee1044fb1b27bce34e3bcef9622d810f73b0eb3461b9581e7e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe

Filesize
49KB

MD5
fe5b80eec7796ef0dd02d2c87d12f2d7

SHA1
195d2f54ce620e3f2fa42812acd501c471e32cd8

SHA256
66ece88a431e3443d3c0ce295a9e1dd86634ba3cd334b116f280d73546439ea7

SHA512
a609aa699e24dfc647376cbd23899d215441fecda895344bb9814e9ca1f5057c89cdc07081de0e7558cccdc1e2f11d5cdf069d659fe8da0fcbe924e5ee734301

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe

Filesize
304KB

MD5
df593eb6fd055ca64bb7b025c87b05db

SHA1
71257d989e43af94129969643f523beff4bc5f13

SHA256
ab9c4e6348aac9a9e2d01b4b7f31187525dd3f8b41bcad19ba70173efe67ac1d

SHA512
95ed0adc0e58babd13f8dbcca70f452cd4114d1007297eddf3dee61d2948f87d6ee94e7a9146a5bfdb89b4aa1c8656b38f3ff106bfcaaf587cb0dbc69360cfd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe

Filesize
121KB

MD5
9ffa82eb17c15595d07f6cdc8c4f933d

SHA1
84c0927ba89686550f455e30fc8e95f8618359fe

SHA256
1efbbcb702ef3820a561bd2885e9aac404490591241e53eaeaffab7bb3f9b695

SHA512
23f58ffeb3a375c85b7f5c5ba4d3f4b92e65f120cc88285c73045f88c512ab401cbd9882efb44e0583a5e578667d7be07a92cc76bded46e7873f67d91ed87a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe

Filesize
137KB

MD5
a729b1fd38bab9b83dbb8f6b8dc63951

SHA1
8ee8ecbada24e5a4942930c8675668b48d805117

SHA256
302b9d88e1ac72097e322bd4b4f8c1c2c6469d2a8147e2b05f8ae314b7fc7eae

SHA512
b102640daa9eb8479fa726691d5c9fdb0312c9e54f7d9378a00a0cf273d80d9416c9776f06b7932dd94b3eab38ce878311da0166418680cc1ab7480a3831c04a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe

Filesize
635KB

MD5
35c988825c34f891e18014f97232a7f9

SHA1
8b24600fce8a5597c910ca9ef907b21f08a1f5fb

SHA256
24e115fc520ee7ab22f022a30917a06207a24d65f6fd579930af2b591a9a260f

SHA512
e3761d4ab774403703a429bedee8cbdcd3e4757d5e9f2ef7cba6a3727727d99d510afdaffb7ec670e1159a59b0d4a5d46ed8a4c434de76589e13255c175adbc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\d3dcompiler_47.dll

Filesize
567KB

MD5
c98935c78dfee5d8c895a2bd89ad6ddf

SHA1
78ba9401e691f9dc1ad8dd4a3f7847a0f75a3614

SHA256
d3ce5c91c69e1fafee89fabaf184bf05f5237dcb333e244a7b8fd745408e7d2d

SHA512
e3b6764d9a0538435dc0af8587b79acbe6ff024ba5f39e00b4cee3219be3cdfb505a82abb7a97b7ac1bf1df3588793d3c8080f9274c950ce45a76523335ab755

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\ffmpeg.dll

Filesize
33KB

MD5
9cf20e22e345412d93003d3b030de9a3

SHA1
f48328f2420c32dc21b58fa006494648d9357cee

SHA256
e6a800662612201cc06c12b8a60dac4ce536299228ce52ef77d981f773aff4ef

SHA512
f59b51c4acd3f8a37d167a4a3339fd40b0bd92c31a4d30db021dbb3f99ff8ff13f97799ae927395937edd29ea01d98ebe2b2e6cc026db3f2f33663047e326f81

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\ffmpeg.dll

Filesize
5KB

MD5
d431391b4243b2097a2aec79e12e4394

SHA1
5c405e38b50ca705623deef3465d9f06d864b85c

SHA256
c52ee4932264b69028433821eedb8631e95bcf40f80564a7a328baddfff30cf7

SHA512
535bc54889225ce6d4bd2533105a6534a25638a7d308e6ca6cdd5d71b8280cad78e682e76b0f75b22868da18afe6494dbf7f822d9da18faf2eed80f01c0e5014

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\ffmpeg.dll

Filesize
187KB

MD5
af46e11eb187cb8b3f50b336795575ce

SHA1
0c6deb85fbcf5d1c919f3f4972e284541fe98840

SHA256
4547c7da61ffea2d30b14c80fcc979c3aa8b2d78cc4d2ca3d8907d97600de5aa

SHA512
8070776312ee214e154e8e2d26915aec9ee556b5c1d8d6a22032942f690ec7e6d44be3a89503dfac7674961134c13cc24f044505edb941bf63a4ded370c21e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\ffmpeg.dll

Filesize
206KB

MD5
f252e78e6b6608cbd1eeaca9c93621c2

SHA1
68a305237d9db04e4e4c7a5560ceee52d70fa785

SHA256
ee98d3c4e89a5ee2c61245ee484f244a8f3b9481122df99b12537e764d3cc9d6

SHA512
8a7f20dec38eef31afdd73ebd66175741fa0a52dbb9b5271d992f926f7ef9d7526c57a367d52d81ec60e64bb1570c5580c5cc9b9c77000f08b88de0eb2c63042

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\ffmpeg.dll

Filesize
104KB

MD5
9ed24d93496457fc14e8201ba7ce2473

SHA1
7c79713559f6246ff8c681b09da179307f478c69

SHA256
f465cfe0f7830108b0c86019a2344fd6c3cc534f3f0ce8d4e0cf50ed748f1ac6

SHA512
ff472b1531a8590de6b8d6d446f6ea32bd5e4c6feb00105f854383959f9e9e5da6476ab869c640f850361b6afed32e12107b48bf82c3eda5b199d53285e85a28

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\icudtl.dat

Filesize
3.0MB

MD5
3368fa86827a00534ff4b55981d39ebb

SHA1
e2e62e5373d8ec30564fa5b46aca82ecadbe3cd0

SHA256
01bf5c13ee400ca56c26203b8434dc027b542a5c642e3fef9242eb44d65c3278

SHA512
514918555240156b2b59c9fa04ca3706a9fe9461edff63407f2a388452f1a8236304a306dc236a1955d3a45739c7e223a09cd9c072dcb3e3b785e635acb8d2b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\icudtl.dat

Filesize
52KB

MD5
bbd4388c317629fc28a6cb9d31d019d4

SHA1
4cb1457b08661dba6e7958a9a9a908e4ed623076

SHA256
ad66532af64b1998d62488c80e5f247c7bea9f9a3dce869102a56eae7b691667

SHA512
66585daffbb304f3d0ce4f902ece774e921d9398ed0c721ee6b4af6053914871e2c42bbcbe56d406f52ee5866452ca1641eac71d6c0855b1303f4c48b536f845

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\libGLESv2.dll

Filesize
746KB

MD5
7907cfc735dc2eb02f951aac018a8a05

SHA1
12351e2db1894450563768265cbb0175c6debf4d

SHA256
d8e67e11ac957dc36222e0f15aff899ec7bdbd97785478c79ef6e50f4c8fef59

SHA512
9ad33db41f194cd09d8fbda32e8156171524c3ae1720a3b7c951478bc271730dc16da334a3a6257476670c343de91a3da9e980796b65ed3312bc50ed5ade6b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\libglesv2.dll

Filesize
803KB

MD5
3ae4d5155fcffd4a9d2085b66de42a7d

SHA1
a70facbb82dc8403fa2d8506912f6191d462e6a5

SHA256
aad13bfa09051eab9f374d14b53ba6593d3fd2766c2b80cd497ff43c98099b85

SHA512
2f7693ed8087116900114e8734b356ff503f4051fc7b357af7ed59cd9cf4a011d88506205f5b84070b369abef9e2cdf20952a846258e4fa2b8066f8bdf0758b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\locales\da.pak

Filesize
250KB

MD5
0971835fe7eb7ee1851e6d7ab9478550

SHA1
6dc9c5c10a0a512cbc0de60404f4e86409c030a6

SHA256
81840ad322533f8fbf70b7e70ca4f5d8bbfa59746b6f67c3a77c86db0d6429f4

SHA512
408b4da6e457d3d84d386615b68fa23af633cf80ccab9869efa04a64930ca3ff2889090c62eef3ced76fc0a2045306d6a510ead79fa7e4cef6c73eb97c664856

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\resources.pak

Filesize
279KB

MD5
fefc037ef7875a7561465a323071df70

SHA1
e9ffe7621188d7cf75665193f5da5ca40a4a146b

SHA256
4331990155a6db029edb3bd2581d4b6d84c3cf8c22eee231a429da88b9a39c8c

SHA512
5abc5b7ef7751bc257c02bcf3f3e40f16ca41818decf3e95bcf5f7e15d6c5d63b85ca972c33741e869fb2036b18cd55233b49f2e685541426334d004f710d84f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\resources\app.asar

Filesize
9KB

MD5
a69a59274527f112dc92314e9de4422e

SHA1
48fcc0081c8d4434ab5cefb65cdd3a813178be11

SHA256
d6fbe1e39e4323d8a92d4901132d0b814b812ab3c5d32ced119e15c3141136e4

SHA512
df85e50482d9ea8f0107e881d4b99f519a9edc11a8c6ef895aba1e59e32aed08708677ff30db6dec5c4f6eb276c7965d4a1e6500f2a8e118067be036cd601285

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\v8_context_snapshot.bin

Filesize
19KB

MD5
ea45f3a6d6692c48af0cb1b07ee162f4

SHA1
7c305b59278fdee4c0daabceec5b4733d73c9d02

SHA256
dc6a4738eba5c5f8b6fe734179d92397a4061f792db1d3ad9dda459cf527c3a2

SHA512
27bfefbfc3170a16a0c99af9d1b3f72fbbdaba908cfcf19f3a29deb9e297aeeba78ce9ade5bc35107c04bf4b9bafa46d18b72089dfcbafd109b7fbbb20571c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\vk_swiftshader.dll

Filesize
703KB

MD5
cf765b9a9f44f785c84aeb8b01bbc350

SHA1
aa786835d2e2c6704e0dcc6242129efb37900a5a

SHA256
8a2a17a994809010894f7c8355ec59d7d9b9446ac8c9ad97c785253fee603245

SHA512
7b863fad0dbd2c8fff8e05ccc39161ef0cf59948fbb9e8708fee9398ee05bc5c840864d65379eeb9d6fbdfb3785756a5bc9f320654e01d90b828ecad36984efa

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\vk_swiftshader.dll

Filesize
233KB

MD5
017118c401d91b58d5bf6bf30eecbecd

SHA1
bad376eafe3a3a961546169e8d9eae4026f0d432

SHA256
45a7899951437ef40a794dfff2c48e6cc5fdce97b215089f9b1126b8dec6453e

SHA512
ee67b62a3ea860498f933dce6900aecd0ac283415079b387138b33699448f0aa3b16bf9eff34c52686723d78d5137ef4c2f4591f053cf72a1911ea476853ca51

Download Submit
C:\Users\Admin\AppData\Local\Temp\9375d720-0b89-4941-8b28-2c78c44e2ec3.tmp.node

Filesize
122KB

MD5
7208be374320a2c691ee7e15655afbc3

SHA1
f1a09eb40caecb3e97c0b67712681b1955625d6b

SHA256
733dd401ed791379a13e77f6b8dd3602615c47e83c4e3c0c84f25e2db8a0b7f1

SHA512
df659bfa39a39dabdca7fcc88f12bcaacd35f03d431fb655f63f45ee78ec7c4af3fe181a15db1c0829c13788186313004ad5f63a1d17dc809d9bc065681f6629

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES7FCF.tmp

Filesize
1KB

MD5
e38174d1e01a5e1f68073e82c72a2b07

SHA1
452bca53d0bcf8c173356b2335fcf8b92bc7ae12

SHA256
3e5c72e44ac5d485cfd20a81ad83118d0eaa74cd4acd53882614be38f4759f47

SHA512
d50fb94aac31225426d94a6be1a760dfa51897b238815f0e801a96e6c0c9b9738ed7bf8a483871be5bbdf117c02e0877ecf5e812cce74ad347384b7510e46f59

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES7FEE.tmp

Filesize
1KB

MD5
4900987083524b26b454aa298469c19e

SHA1
a20936e6588bc3acbeb58e79e56f8f8d1b993b6a

SHA256
cbb7fb0711d56d9a145a2106769f08445f4a6ca2f7059e5ced9bd0c5e2cd84cb

SHA512
1f387404e0b83dd7f403914caaed87f12ea1d1f3278a1bca68bc91ba9ffe22bd711bb3d59884d166b028f80906d79c1aff5696e845456eec122bc030728a1b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES7FEF.tmp

Filesize
1KB

MD5
8e831b5e6c86e3b61e195a8f1bfd362a

SHA1
eb6b81086ab638d4d12b95b1c07749971bd94096

SHA256
bae4fee35ce19658eb8734315d7c9d1799b11c4cfd00098c7314213000a67e66

SHA512
ffb4a6918ae312fd74165aa69f8c7cdaa2b22d49190838cf035cf683bc5bd487ed2940573c38a5237e7d963f2f1746c728df94fdb8fa8605ab9ab402ea040c6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES7FFD.tmp

Filesize
1KB

MD5
d1862ae0d08fdb934dad977ed4162188

SHA1
a0f01fc65cd13fb434a2b7a3bb2244262c535156

SHA256
d20fca0d327e4c7fcfe97d2ae3a37623e7ea477fcb3e871f14801cfac897c64e

SHA512
d50a799772e3f3e9aeee8727acc60e2499d73bf7292d87293fa991e4ae76776dc4f575b24cd15fa43239d76f91449a26ecd38bc72991b60e1328d8efcdbb1df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Antivirus.txt

Filesize
231B

MD5
dec2be4f1ec3592cea668aa279e7cc9b

SHA1
327cf8ab0c895e10674e00ea7f437784bb11d718

SHA256
753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc

SHA512
81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

Filesize
249B

MD5
cf7e4a12f932a3fddddacc8b10e1f1b0

SHA1
db6f9bc2be5e0905086b7b7b07109ef8d67b24ee

SHA256
1b6d3f6ad849e115bf20175985bed9bcfc6ec206e288b97ac14c3a23b5d28a4b

SHA512
fab79f26c1841310cc61e2f8336ca05281a9252a34a3c240e500c8775840374edb0a42094c64aa38a29ca79e1cafa114d6f1bbe3009060d32f8c1df9f088c12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\LICENSES.chromium.html

Filesize
429KB

MD5
4075324cb6f373d38ceabe37088b3159

SHA1
47e12977241053777ccd66792a75abcd49262bd9

SHA256
95fc1e795b56d086b3818ad44ebd1c9391bfb22e78a5c66904607e05854d3e0c

SHA512
70ecda8a0a6c9e15c96424d0157d3ea6f8c5f56843cf6cbd3c1e1d6453bcdc69ec8fb359be2ea8ba072840afaef32997597c75abc8a467644b7a26a65b2bfbb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\Launcher.exe

Filesize
702KB

MD5
fc54ab941673fd7e768cdbe9be0d38ed

SHA1
f1f0d1e76636188ee782a2d0b213db195628d8af

SHA256
ed0b0e918d2a96825f4d7ac9e6ea1e9ef00d3130bb3a4415c1548e612945a93e

SHA512
ec3d52e3d8356edfc31e4868bd723a884445838374ae4804714015a31b7a12bb93618eda6b33c290a90f0468c9440fd1f616c8334cd67f8300c1511c3f5bc655

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.0MB

MD5
1210903bab2a83880ea1eb54fd7570bd

SHA1
5674ea2f61d40dc75f52fef61e4bd9be69ef6917

SHA256
800445f69426bdb75f8b563c496172841946670bab484e9dd813135585aecef7

SHA512
c3c0096f25836ec609c22464ab2cd9d508c604c6317f187385bfa7084520b529ff8d61606b2b2ba0d9e5ca974d0cfe6a01a4a117e1779fa9e94e6ecf8fce31be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
ba0f13758adb6aec4c6d87749af59467

SHA1
0b3c725fd344f38f3a62e17372219e3fd62a1020

SHA256
d25b0f4eabcd8b3dc0e0af492fb1c4870cbbd30f59cd5259e53fe010a2710af2

SHA512
ef0fd5da19e764cba8e7525f58f543b2a25e49ff84a40f9f09779e20c45fd9aa596cec18916cd4967873ef9c877d30a983c91b06a6cf2b77b16736365498ee50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\libEGL.dll

Filesize
467KB

MD5
7906d51818c053d8c99a8491936bc7c4

SHA1
2e7790d61a8aa639c6a02be0724715302171d14c

SHA256
66e424b122d13d4be5728215200d3b219fc4cecaa0e6128518d7f8e5600dd58b

SHA512
23de1a5718949b9c624e8a208aeb92596380ebdc2675c3286163e464f8f334baaf3bc5bec529a7022241884ed6b9c9061036106c972acd621f05385703b628a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\libGLESv2.dll

Filesize
665KB

MD5
4b332096ff7e72f8dc7fa104e27d10e6

SHA1
977a4c34399cae1188526d9defbdaa010ba57257

SHA256
b4479f517d6907fc11fa20e99616dd8b68a46bc4f87f98b93109d90fb061dab0

SHA512
7251bf625ce7bec63dc8f51c8821d4199a6aec78a6d3cadde902be62dd113a67e923b162bd01890de2eea6c72d663e733dcb0f94e576821a85f24e491ec61312

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\af.pak

Filesize
464KB

MD5
862a2262d0e36414abbae1d9df0c7335

SHA1
605438a96645b9771a6550a649cddbb216a3a5b1

SHA256
57670eae6d1871e648ad6148125ee82d08575bec5b323459fc14c3831570774a

SHA512
a789a4cad72106a5c64d27709b129c4ae6284076f147b7c3fcb808b557a3468b4efe3ede28033f981335d5eab986532c0497ddd6ed24b76189fe49366692ee73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\am.pak

Filesize
250KB

MD5
1288988ed52388554d5a5938a23037d1

SHA1
73cc027093ad07a63012b0f2c8c08df761bdb363

SHA256
2470c2b1402504a7a87e686096b5766e0a0be6f4ce365111eddb1a9d925eb70b

SHA512
3b71d6e48ff68a11ae541ff712916878182eec5423c81d2e0c8d898433778a161c7befcfc55a50487a9f4dcde0bc51fec3081ebdc0802fffda64f3031d148695

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\ar.pak

Filesize
263KB

MD5
c721127e0189ea143f920d82e8f59bc0

SHA1
ae6440f76bdc7b3e23b62a23f4f542bdac0d652f

SHA256
5b3d7ec275c85d18f5320562071f2dbc5317e08d185810ac499633aaf067e950

SHA512
3d9d1365e162a9c47291ab78a3d2adc79eab9edc5eb3927a29fa2bb2b772c1bd985c5888311011acc199cc41abf0e647b88244fafc26ca8ea69b27cdd32edfcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\bg.pak

Filesize
175KB

MD5
e834a21ae65854ccba0a5b9e5471b285

SHA1
100d048878d247fb75a27305589f55bd010d80fe

SHA256
50d86d0e09900ee7cfa7ae52637558f1d1d8619c7332f0a4ffd153e1f156f960

SHA512
b0534ee36d8f0043ccf14edf4e608f1ae39f33e356c92465ce59d8dcd731bc5da37d6b5651c27ceb82ac8e08bdcc40a1e3851e552fa01dea42ea96523982ac22

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\bn.pak

Filesize
240KB

MD5
97b1d4a28882f1d454d84c13684c1073

SHA1
e93e7e88a6295b125db73d0804746c912414568b

SHA256
3a0f9054596e9cef0c6718655d8a4971c9155f3030f2d7a4a3876149350fa416

SHA512
548afcd1cff6d921eb3abc81941a98dc476ab3abb4b822aeaa1bc01674f5879fa9ab73ae935b933529b1ab4d1b509b326e3b725527de1e5945e6e5fa528d110e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\ca.pak

Filesize
213KB

MD5
0593afc91fdf77c82146450fbbbf256d

SHA1
8a89fa266047eefe874a823f59f2e94aa479fa48

SHA256
be69e57fd6a2677b475d4b5da7d92b1db6e92652bd54fb757b3df6b67b1808c4

SHA512
1a3f6360a18e4e7d9505b7ceba783f3719209457cf61d37c33ee0fcafab91869b42449bad36c53f367bff4ca7e89ead8965ef419e4ba3fc44539dc6ef4cc66fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\cs.pak

Filesize
256KB

MD5
8ae1c933c4e7137c2b4a8c21dbe76d32

SHA1
3a4884ca5a45c4740639bf1eafd263abc44cbe04

SHA256
6235a07db42e7a4dc874963f81d51187f63957130fc15004d18309303c743600

SHA512
5c57fd66e9415f013787865f775054ed2f183d1fbd72a8172221b2c71f28bcd6b1cab6128de9aea700fdc9f357e47f8c45163fee71a6d4f987611cd6ef72a6d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\de.pak

Filesize
207KB

MD5
ca4a62c7a626caebede7ef31ad64bab0

SHA1
1ced7c35008815c66f0b7910251ffd95764baea0

SHA256
d86fee21b8a1b96b15f8cb8cf037964ae25c719fb75956071cb02cf710982084

SHA512
d27920f28da82607387f77caa2cb8d657c76ba1cf83c0ffc08a5dbf400d13191a66a2c4f91ee93409b1b9d9cda077631f11cc3ed696d67eedb948f418fb443d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\el.pak

Filesize
154KB

MD5
207b7bb1a8b6caf1325778ec78deb160

SHA1
8f4f38d8f2e9fc9b157dc0513f592154eb86a012

SHA256
46fd93b0a05791a235e7637b1c1045193d069141cbb135e38dded866380de0d5

SHA512
6d9b04a44ad1e9b8bc2c041e120cddebde5c29f674562f73bf72ff45bca0c92c70c1af91043496b569bf1739014473a800620b7e1d3a3896181e17a3256b8b28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\en-GB.pak

Filesize
156KB

MD5
44f4302c8734cc3f07a74ed4dc22587e

SHA1
a2430eae7c8d6d3dfd6962d83bc09d2ffecb26ca

SHA256
6e63722c7cfe05dc9fad50eea38fc961ac0e8f1290e277ca01f9b6082fc385ff

SHA512
7ddfadd2b09d2225e6bf028bd4a35788464c3bd69ce4dd1c07f10bacce30b7470e7faa7c18bdbff15d837aa51fce7daf3ddaa8acd5fc67e874153a8530819dfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\en-US.pak

Filesize
255KB

MD5
6a3ddf48db2ebb32edbacebfe910305a

SHA1
d89dde16d2f162a4f64166028bdcdcf04dd18278

SHA256
e223d6b57fe9bb8c98d932a3275ce6f7e8f35e4bd69166817a1c5921cf08e890

SHA512
111d33cb83bdccc125133d0000732dce00bcabc23060af9a33df09eee1173900856837cd57264e05cc426f6ff848c539af01c4744820c5b8054c031de7e29fcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\es-419.pak

Filesize
252KB

MD5
cc09c9e90293c1296d4a89dbb2e04d0a

SHA1
e163e0483ebf71af0ada5806e6773771c5c2ee70

SHA256
058a887eabeab0b6594836d88c0c1869ab8bfbc62b4fba14c1e14e958e613bf6

SHA512
b18dba09cad79d918854e2444726173da43e47f3447d4d6d368cf5e1661858f3d4c6fc5cfc65a0ddda827c1867a21c5969c4666d557344e7b722afe6237c6aea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\es.pak

Filesize
353KB

MD5
962ba6e50e96684d6878737366dd8f79

SHA1
bbdab9314ded7c164fa08486127defb705d1ab29

SHA256
d669ae620d07455866dcda865694f344a3db72244be7662c1ed57597e5501116

SHA512
970b02c3d1181e3293eb417663bc8c172b9f3ae2ad270f6a5cb03bd3ec1387a105582b336aa15be6f73d234925c27cd5cf8ca769a660d20aa6dbd05ab74c210a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\et.pak

Filesize
132KB

MD5
55779fff2b4d16ef0bab4c640a05a3c3

SHA1
aba1f7b0225ff5efb5bf3e50942c7065a501c5c2

SHA256
5b718b692b1ea8ac7688e8125c529475e8150e7e6294b1c56e47e658d3b30ed0

SHA512
991345aec6016cf364117669c16f57543b9fddd6ce11b7d8c854191a02334a00e6c9be17975c1bdcfe57ffd4725cfa686fe6685658f0aa5ae23d1877acd81876

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\fa.pak

Filesize
171KB

MD5
326b9bf016aa91eb7c9a613cfbdde4c9

SHA1
1e05433bb162c3e803d9aec71b8da6973d76bbef

SHA256
8b48a8f73774eb8e917076d43f3e6bbf404f3805dd9bc889746df7411c19ad03

SHA512
e08a3c4d3e513989442483c6688227b37342ba18c1c21a20d8eeadb8430c4691ad30cdf20fcc47d1c48cc20ae5430381b18a86533f5c13c37f283270166e54b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\fi.pak

Filesize
245KB

MD5
7b230deafc4992a96aa97a88a44711b3

SHA1
07ba22dadba0f1854d312c24334e6658d56c3f95

SHA256
d53f3f34c607ea127c573f7cd32ec5a910225e8093ad6b9cc69cff3b02fc8d23

SHA512
29e2c852d07a465f06e0dfdf7e8b4ee444c92bc6fcd251ef8c0f154020a0d94f630b8a5b22c19225b3d724e7602504872a098b31a9bd76a9492e9d3ba08f624b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\fil.pak

Filesize
253KB

MD5
9b3600611b4b829b1d7f7d37cff312e1

SHA1
f049aba1b3076b9332d5c458c2a20a3f2b04f73f

SHA256
ff006d048890cb84b39adabfabf9479f17774ff6ddb1504608dee1e2aa335f32

SHA512
eef9abe51f6c95eba6d8099b862c7055b27be116f40ca6d9fc3b6dcf75cd7695d6469e03093832f9c8dee5d86a0d031a6f06c266f38e8ebc109a0003b1232860

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\fr.pak

Filesize
183KB

MD5
cffe99ebe93634881fd2750e467be77b

SHA1
ab81c2c6f51fb79cda49c7b33ff42df771ef475d

SHA256
d5b1e5d97fe656566a3a9c844c4d1e1f95a6de64665e29867dcb7367c873216d

SHA512
976fcbf01e882f2efbc9620f9c35a70ac178805fcf6c6ae3f67c18d816488c64d8c582d847767e5a31e8a8931bdc36de239d357db547345683fbd86e1ff73774

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\gu.pak

Filesize
171KB

MD5
b93fde411737df6751fe097bdd7505c2

SHA1
5a2972ff93497dd48b232ae2dc219d3fac6c6ed2

SHA256
913f36f23218d30cfad8faa3c5f91058130f44c30d5765e5da048e682aa56bdf

SHA512
e857407d4c76f6d287df40c77df8aa24d795d9125150eb6f5ecf695bb027e8f658c57803a710a2f928bf2f8b42b5df7fa0083661f17ba71b2a2253791d974723

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\he.pak

Filesize
349KB

MD5
f222a7323151fdbbe8ddcb210be4ba68

SHA1
eaebd1086734718da653517378ef2f46727cfaba

SHA256
ee3d521a7dba2f252207b400c53eef6ac794103f0c0f13925040acac7af61eb2

SHA512
9786f50aa4437a49f01e327872b57dd37d8ffc7a25fca53e89b0dddbe6b550db5f37afbfb29360c5e51923140fe321f27a70f77567259bd9912278f3aec5c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\hi.pak

Filesize
139KB

MD5
d1204c4cdfb21e68883e4d4de813f332

SHA1
1d2baf4b025fe094dc74c8d31b7b311545ac6f25

SHA256
ddef52c9bb768a0286f0a6c1fa2553b16d5c560b93b88c3138e902d4ac00d2c5

SHA512
07441a372332cdc78c7bce3d9fda7f5c5d67464d1b91f5329cfc83a79da8915360be246befe8d3dc3ac6c48b3eb738903075340b53004d09e7e5b6084c403deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\hr.pak

Filesize
192KB

MD5
8e69fd5275eaab81f190fc6e9cd50575

SHA1
0f41318638ce703b609e9b9363f948a06ce77099

SHA256
366189996ac2c0ccfbca62e239971e471f0f05363d4cd418f4a7f21ecf3e6b1b

SHA512
47dacd09c8ae058240f8b2dc4b00c2ae5fa423b5c409606f794f4fd1a6c6772d21184e0be9ee88373dc46a6f47135f55f215e68cd4011ccb6919af34ab84c772

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\hu.pak

Filesize
192KB

MD5
1906f104de04477536ed1e2400fb1696

SHA1
a9cd22c5d4f3ef136cfa75216ba01c74712f24a1

SHA256
c3ee97b75c7bb733ac2367ed45f24b549f31ce616169d9c508fc152af6daf39d

SHA512
57403e2fd66339c58bdcd435eae599d6f695392f2a3d301d4472c0eb99e361002a918baaff21b2f44c43afa7a5773158a0f392642af654bb48c55622da3ad412

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\id.pak

Filesize
211KB

MD5
eac2cbfb73f994aebd5dee785aac88df

SHA1
252555ee1824490c454b6f31545d322934d7494c

SHA256
9cc4f13786912562359a5672d40347fe24418b4f784b81ce3b059d702668cf77

SHA512
04353052e328a468b826b38476c8199e89e5ace25be47e7e663c0387709b60b633a04891ccd809e4bd3493ab469c46215d60404fbd0b22a138e74e26301739ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\it.pak

Filesize
171KB

MD5
047426433bd1227736ad39aea4a9168a

SHA1
08f28f75c065d3b7640ce33014405834201c01a6

SHA256
f5690ddb2616e694d2ebff9e2db728ee5f4418f1c601dcccb4ce9e489b4124c5

SHA512
40b1c6d2dbfdfd9974b1e3f15006619f3e8be397c0d763e80b4b92953024f44fe8c39f5a067331bd1f7db0601186716a19705c1ab5f3f3cba8015ea415b71cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\ja.pak

Filesize
206KB

MD5
23278610f67863e7ad5b513955953517

SHA1
4feb93a55ee32e4daf1cc218a21d8db475a4a29e

SHA256
6a3f254f95fa44d0fdecf41f6cf37fa9e9f67086e8df7b967352ab50b158824d

SHA512
76fdb85579f8135913e64fc3818797f1e913cb553528fb50d320345e9dd9378a6259d1a08cf51dce4ba50a67e1475bc9720c1f881db5b5d066030c6bb3866001

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\kn.pak

Filesize
200KB

MD5
f0e34acfccf7b273677936a1cf4b07a8

SHA1
068bda2053018e00dbec94a98c56075d0a7fd764

SHA256
bb4341999194a76fdb3f6dc63c88e124820be715ad0b644e1112a79118483374

SHA512
b9c5131c181dca82c24aeda188294d79648fe09b1735e32784d77b93b799ff3284757fcf6f2244f5678eadaf814564b1d874bec5f258c257b1b0fa05f1a4cae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\ko.pak

Filesize
326KB

MD5
2f648dcc267f42541f93688d551172c9

SHA1
0f9013dbdd395f32cbba868420900cf735a708f9

SHA256
9a5927b89de350f5b09754ed70e7b3d98fbc8cb5942dc1ca0cc5ef8f178b4e29

SHA512
8f15adff6a009705dabd9e3f51dfd219acf9e595cdfdcba049f5c9ce21de08bf50c6e7547528501e3a8e17f545eed37f1f6fe57450a10f14aea14cd2b9d81b11

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\lt.pak

Filesize
145KB

MD5
87519433ca3e487b0a8108551571939a

SHA1
f60590d9ee2f5e7cc9ebacb4bd8792a8ebe1aa56

SHA256
20eff710dbb41b08c3281f4462a6603c7ee546c7f015c53127dbac795fe7108d

SHA512
2728376a53ceee0d9faed972a3fe7e085a5a77ab6677dfb93745325b228b4ab0f461de926d74fc2dd16e275c57030ecaa29d898475c75d41ef9a7abf6f56f494

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\lv.pak

Filesize
384KB

MD5
8f5f63dbf1dd4eead87d8988611b1f5f

SHA1
e7a7d3ea28e1a8c1b6607bdb570e5fa9ae39fb92

SHA256
c7dd51e57c162669ac4bbfde512758c71721092f7a5bff2f8d8214a43c7f38c1

SHA512
9c4a3b491931f710261557de1538607ebac5776c46069910bc546e098e6c167de3ed318e549b6f37bd19845c6a95fd13a20533eec90b11348ace88ba5a875a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\ml.pak

Filesize
391KB

MD5
da5b4eeb511e4d244c9a593c2859c8d9

SHA1
b638a41aa05b07501f0f267bc365630b6a3abe58

SHA256
078dbda9b9185bd0d82db9d9a9661f1f4803fb4be1a221ccef6ba7a28115ab2e

SHA512
4842e59d152cb6365b3ad493f50e06ec4c997f475e1aa675321d8fa5ef2a73ee0931f023255ec933971e4005027103a5b24f76a4ff4c9ba6136efe14b88675dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\mr.pak

Filesize
223KB

MD5
854d04417ad862d1582296d585ff6455

SHA1
cd0c42dcb6d4794a18d1ff37082fdbbcce1c867d

SHA256
235cec9d36a22fa280e7b8835907563d363d0e8dbd3bec1d7bccfd3d3d0a35d8

SHA512
963030ce10b0de60cb1d4e4ef7bc4846f7095403290125b57e59b82d81f3c7da65f8c31c2d77534481be7f8cdfff9d9cb7eb122a885812a4950a169ecde62d8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\ms.pak

Filesize
305KB

MD5
b098c80a28430069f3435533a1bdb297

SHA1
786f42bace571c12b5ce621caed7b185fb19cede

SHA256
a1c6ad0e9de425850b5c2a2534d755566da89c34238e36f781163621c16347a0

SHA512
62d6a121c3ce017fbf0b5bdbf359095c7ff0e9fb8cce9a4f25a1ac03938c173acad58c10752828a3dbb0b1bfdd04b60325dd9101626815cd010d3811622d4a90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\nb.pak

Filesize
203KB

MD5
4b74c7f578be9c22b690cd0feb87b51f

SHA1
61a6769770f1f9aa838b7536a75b156455a2f537

SHA256
fc85e569fabbe61ba67ce406587da364ab3f40cf6252a716c941951ec3ce4ff0

SHA512
19a88f606bbb00b8623160a9a2067608371940a9cacdbc26688f9527783f9f904daedcbe1aafebd16b667fc266f5aba9fe4bb1e5dab322e7e2b11d789e8fcd08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\nl.pak

Filesize
423KB

MD5
35dbd143ea68c13b696743d2e312a99d

SHA1
d0b898a41e6bfc7af8b64ee09c97352ea582333a

SHA256
db77c766e73ad5a9f5d2dd772c669293f6e6a457865e7e3ea47db380bda4c976

SHA512
9aedc4503dc21578df6169175368b7026bd8c4af6b9f6f12e9e5152d365917f632c2713b197ce2cec2c9319cc1bd4cfd5b1f1cbeef942983ad9099d42d474aaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\pl.pak

Filesize
413KB

MD5
5745f76ca98c734fef6ccc32a530df7e

SHA1
5b82b6f52a63ced144b3102d3e734493a1dc1d9f

SHA256
587f5d719e39e8acc3b09cc0dda05c2158cd8e28f9724fc5c7e4ed715a22abde

SHA512
e1dce613218a796a9353fc0458963c65e3efef569980f805a7105cf7fd82a6f1f29271d7e5035cded6bd71fb319d981b384a9247de6fad56699fc01ae6a7a87c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\pt-BR.pak

Filesize
132KB

MD5
9f86b7c8424a9d281a3e22bfe97e207f

SHA1
7e322a6fdbd4665d670fb9a8d48752bbabe3c523

SHA256
dea8bf72010c5aa00c1531a3cac3a2c44b8397fae02f38f548a2863ae195ec8a

SHA512
65654571002ac913c8e4358973bd2d9e33d5fec283408122a58c1ed0a8246829423900bed8426290c658cdb8ad08558ebbc2acf011bfbff090f298beb2211ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\pt-PT.pak

Filesize
400KB

MD5
3db887f8dab5117460c4b89e7520e9c0

SHA1
87fa797212ff8611e82d533a8a82c5c1216ebb1e

SHA256
084f701d3f893fa57e1d346d9be90b5b2f34f04b4800a323fe5ee9389d7ca750

SHA512
1daea83b20ed070fd29f726b2032ee32c63e350d9da8ed343a6197d8f17ec2d7c444f1fcad96f4d66547ff35ff80de0fe73994b55933bdaefc8861edab7fa2a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\ro.pak

Filesize
445KB

MD5
195f9b31d9fc364820e67b21e5594256

SHA1
4654af58c6be57606c70ecbaec45acbd5a8e133c

SHA256
0c20bc4e758b71cb24eb3e57a10879b5f9e033798b3ef09be57b52bb147c3742

SHA512
89e47fbcada4b8cd016847a1b8dd60701a0b43cb12dec847e5dc34fc4d0621cf3b20a2cfb71eb2b4f1b8e3dbeab27b01a3c12cfd16e18112601cca3e8f1ba34f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\ru.pak

Filesize
279KB

MD5
696e3431d664970f62af83a003506514

SHA1
07ce280cd29cf6ecd88986462505fa6d81a85d83

SHA256
0a7e099edf626f34c5f465c9468c72a6161793809b096f8438af46e1ef2c09dd

SHA512
c714e92ae59697ecf2be7d6e4ef629cba0a8150d6d6c1465739fa296ddd3a2397f33ebc16209dfc47eeec9f924eaa57c980d843a79b71997baaac80cfc3cf1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\sk.pak

Filesize
376KB

MD5
992048ea6c57130f3e783c9e4db6f89f

SHA1
b6421bf8a9a69b1557e1539cbaa951bf6d924a43

SHA256
d88ad43551e3507333437dac620ed622050fb4f9eb5e4984150845b8c5df4db5

SHA512
a5e19cc0fe284151bd63419ce24b022ea72e12f05bab162af2449b2745ecbf42bc282303b74399481c6e44a67d344b11400cd83e4581c61a13bcfabe44778883

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\sl.pak

Filesize
523KB

MD5
0173a25ffcbc7640510c4d9213b9fe21

SHA1
09769770739a348e49d58f7db62e681394e2ba93

SHA256
6095d767ab35c62ee6266cbf32398bdf251dbedcb7c183037543c48125cd2017

SHA512
a947d6eecfea533aa8310241113cb73b02fe14676b8c2acfba354fed2e96a0065700f2a8771703195d9d15876df4e628e76829941485628584c297c21c9fb0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\sr.pak

Filesize
562KB

MD5
6ac108b691ca3d27f7575770e9d13775

SHA1
fe57f6805396c7520c853fa3f58f76146c11686e

SHA256
c11c2507481ae876ecb59e72cbf65f0e26262006f7ddf0e91e0623f0003e72cc

SHA512
7843c999a763554fb43c0de455cc461ada14ce306faf1e782fedf5312f8bb6eb0237af8ca67d820e09ee90aea8e5ed6e189e82e78958a602cc376488ae443309

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\sv.pak

Filesize
439KB

MD5
06f3ca8df12476fe132c141b432997b5

SHA1
e759e2822aa745b99f194468fd52260f2023e34a

SHA256
04e271e27d9ab13e4f9dae055bc741cd1a286211d9b52c5c5bac42d80a7adf31

SHA512
970b2c16ca0d6942fa227bb08b6d7d15bed843b660f36bd77cc8db5910aba1e47fe08e018cfa40de0e7b20f77706b5b9de1230c862ff8e5301ff593145715729

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\sw.pak

Filesize
335KB

MD5
fdb44f6f219f1c33bab52067fd6ae284

SHA1
30acfda29875ba3e570310eaf6aa3bccea822cbc

SHA256
f25e540096313abbcbca0b0508b06c8a9bcb7031de1b6922bf0b991a00dc0533

SHA512
e3e7edd8d9fdebb7b14d6674a964ca13fe3d727023950ffb4a766492f7e39571299639fadc6614d01bafa346bab9968a025a9f9218ece06f2f463ca014197f11

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\ta.pak

Filesize
336KB

MD5
2d3dca4bbae90564615aa487c6999979

SHA1
4da50e4c1e6cd6f3705f31f336a4e4f895855935

SHA256
8669d22fcb46487c9507423c9fd771fa7b01e5c98d5232ec91e052f2f1ec62d0

SHA512
30648637011c981b459c7cb9f631e1e79283b1c71c0bacaf3a50f7472ea341f77951f786d18739e0928c5ac0775897629aacd180b79cbcd31dd0d3d74931478a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\te.pak

Filesize
290KB

MD5
90b5d6646ce742a7a38ef7c45be068b4

SHA1
9f998ed588eb6b4569632e50c4dd46a703796b9b

SHA256
58b89a194ab93df5f7279abdcd8a619a047269b31f2fea32691e214d9a004c20

SHA512
bedb569376382a2c49e4fa99f3110b7a899d24525c9f343d2bf071dfafe15c3d152f561bd8dc33b95f435d7f3adef38906725dba3189d7dac9af3d41befd66a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\th.pak

Filesize
199KB

MD5
e6cd3e35363edf4bb5aa5f1f2c89c7a5

SHA1
0e3f14f6f7946d30b7105ebfc596138075ce9990

SHA256
d466d66460a0e8a32d6320c11e3e56352ec61afbbe5e9d23a3e7c0f218319c94

SHA512
f2105a66d55930a9ec92dea071a209fc92f5fee872dbfdcee4984b1dfaeefcd0cb0f6f7330400197b90cb56b03f9fc835024272719c81e1429bdb70b3775b016

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\tr.pak

Filesize
281KB

MD5
39164c5a9007715e09bbf5347643b4e7

SHA1
b3df5f7bbcf4478b3c0a34d69d2160a9fa1ef7f4

SHA256
8a7df3621daf6ae1dd2159f6306b1f830016df98a4cb6a203e412d2cd6112da8

SHA512
9af185fb0ba918d186063b7dd1b9a0b914a77f77ddd7271e6a598fb6448b7897be49212e354fb500537c610a173d75952c3a0a2f0fd0011b22146e8cc7a119c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\uk.pak

Filesize
139KB

MD5
53a783fb3b7b84e315039488abeb481b

SHA1
aa4863f1c6e28caf566f877c241210943d20ec75

SHA256
92ed70cf9b46c67d871b7f12646cbb8d4a2d9732fdb2c0060aaa146a429e003e

SHA512
e0d79ffad0da3846fbbf2f7d52bb1133d38e14b3eb8a2d3fb37f67e5c9d4c43eb90b7a40b44811804de55771c01f9a99c7d553fee441dab75c58fc0736bfea20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\ur.pak

Filesize
54KB

MD5
9f7baed8d61064039ecf07babb3fbc28

SHA1
2228a9ea0dbcb0f5a74aed68c97e2d8602adc266

SHA256
9eaabfd5e01d3c0e02283a965b78bdf34d8736cbdb9b3bc82e1e28779b35cea2

SHA512
d7677e172b87c57c557a941189ea4da527b4991db6cc3952c44057c4dc4440d6f1a69106bff8443245efa7eb233959539336fb7c5ea8035b99b9a43172330ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\vi.pak

Filesize
105KB

MD5
52edf15363fe6bd5aa04965d70969107

SHA1
786cc44bf5b7aae5d1e5921a40c0673dc8e269a7

SHA256
3b594bbaa1b8fa8b361daeb1014dc8a3f8940eebf72d923ecbbd066725ec79bd

SHA512
50b44ca3a8997decfc67559ffdb22301d30f7fb4df09af5344e0d0a5ac9f3b14256dfa22f1a3885c23fec37246bb58d01d1468f3fbe77a3c714449570143cd1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\zh-CN.pak

Filesize
105KB

MD5
0cccfb2790cf653a50e936f6c2d310b1

SHA1
81748e1dd44077fd7c38ce1e8d8580fdbe364afc

SHA256
28b0c7e5c22d7c0754bba330d946a52ec1450f5856797a6ea3251fda3b3a5696

SHA512
6c01a98dc9da2356e240d6975b56aae222edb39c183bf0f4989a11e293d5c2686aa98e36dfeb10774b1cb0d873052f075acc5f97553848c3fced22844c8d78f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\locales\zh-TW.pak

Filesize
88KB

MD5
b5624788eb77a7c5764ce681c130b953

SHA1
a9a7926645acec1661fdad3e5e41c3917690cd9d

SHA256
6e2538eb6f471cc420017172eb8fccc9bf7ae1eeb9b27900032b347e9e9eed5b

SHA512
958e5718d0e6faa29e52b073d861e947f1e615dfe84e7c9e854418a7e5cace12241839ec3580b85320fb251fbe493f7c1a8fa5682137492634c7d57f20f34694

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\resources.pak

Filesize
599KB

MD5
c2debb56a51c2525f9f02e7bbc9c7a9f

SHA1
07d22fc1e81f7066583b0633e66ed894774f0df4

SHA256
5c053d1681b9a124c95895e940e6c78da490f472bfed25c144e4565bfc6346da

SHA512
6457a3d2fe75fafd1ef5513600dc9ce270acc6d9d675ae5ddafb5080799d8673ae657176c589b6dea4776c97623bc2df1b1f081edc05b8e7fd1a9843f8297397

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\resources\app.asar

Filesize
41KB

MD5
0820a58438a67be3c9dba4e6a2da9f92

SHA1
2071e619450aca6b9490fac6394d9a1f2142880d

SHA256
0e82edd5ba3f5130a1d6ed8aff1b7bc333e136c0ba5a5b3be72d921a7bffbbc9

SHA512
7a0e0753bb2906ac805bd881d662f73c1a581f5108ff5590605f76a2677e714660014a6a8b8682796212b34dfc5127385adaa23ba36e2736f462694d5dcd26c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

Filesize
350B

MD5
8951565428aa6644f1505edb592ab38f

SHA1
9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2

SHA256
8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83

SHA512
7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Filesize
3KB

MD5
d226502c9bf2ae0a7f029bd7930be88e

SHA1
6be773fb30c7693b338f7c911b253e4f430c2f9b

SHA256
77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f

SHA512
93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

Filesize
13KB

MD5
da0f40d84d72ae3e9324ad9a040a2e58

SHA1
4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

SHA256
818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

SHA512
30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\resources\elevate.exe

Filesize
77KB

MD5
9d0c7f38098a34950dbc250e7782eca8

SHA1
61c8e5890e85b92c6f391d0bc8b837a8f3524d35

SHA256
3ac19abad1b7e3bf883ad628af598497fc0c7fc4ae093c58597170990c9411f6

SHA512
4a44f3d083eb33d5eb6db71b15f9faf0252e9b2d9e35949699ab1b78418359d8268f1a3aea5ec16a9f9568042d557e39855a17c4ed405d7b69274f30bd7282a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\snapshot_blob.bin

Filesize
270KB

MD5
d20922aefcad14dc658a3c6fd5ff6529

SHA1
75ce20814bdbe71cfa6fab03556c1711e78ca706

SHA256
b6bea91727efb8c88e7c059856553d3a47abd883e60dd60efc01b04dc6eec621

SHA512
dbd63a9f01feb3c389c11b55d720b5d689558626041fb1dd27ded2be602e5e2a8d210f785fde025d7b9959f81de3df7fef06981269b58be564df05aec190dd1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\v8_context_snapshot.bin

Filesize
624KB

MD5
4fcbfaa5dcb114fb79c1004c82500f42

SHA1
694412e2415f3f205bef2e5961107582b53cd429

SHA256
057bd984f460d6f8a9344a90e7a78ec2209b9429371ece36ab3bfbc547821985

SHA512
1602327a4aab9931c913ee2da87611aadfceb4cb8f8f6f876edd06102d11c07b0f44e7fc6618eab47fc49801f0343bd63f1ef71ccbfe5a01ed3d810aeb9c6701

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\vk_swiftshader.dll

Filesize
439KB

MD5
a2e220cd47e15923a8f1e034e5ba1c8a

SHA1
11200a3214446a120a1b4425235dbe3f5b1afe40

SHA256
d6828180b40535a7f79b53837a812c2e14f4cd1fad843d095b6863e99e4857b1

SHA512
f0838b4ff55056e1930a66e1a7a238a41b1ef0551b194dd49761e35ce5b95dbd155309c451412a244391e27d6eafcfe65c1586748ee8f9da11cda4f3b56b40db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\7z-out\vulkan-1.dll

Filesize
540KB

MD5
bd5706da70dfb01961fc6d55faf16980

SHA1
c041d52186744e9c7b7e31cb6405bbb3220781fa

SHA256
a7983ec86645a27d89624c16f164b9ac99da609fb89cfdf42ea4299871150fba

SHA512
8a05b95e1be4c1ffccd5fc3b04476925cf15402dadf6852d8119750d9ff3ad972cde504d88b69a30c6e6fdcd26a1556c56c740f6c1096ddf9c85376943d307f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\StdUtils.dll

Filesize
5KB

MD5
9d26564878fec82731cb57f999556903

SHA1
e6067c44a255bde9a21cf68502d4dc0a1e827348

SHA256
339cf554edbf6314d6a9cf6f3ae9fbd5c4daa1e66a8ac55a19b262ab22c6b332

SHA512
5175fd2a4209d4e5d54170681fb381bf7a373bdf5d0b7bbc4c9d468b00a8c8241a20dbffe811086e5c3b9e1f8a2317a14e0be5afeba7591d5fe3aa1037c83e0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\StdUtils.dll

Filesize
38KB

MD5
eeddd6de1713451551d8a309b13b0e78

SHA1
062d2030c2e5e57f00bfe6c36eacdc7b7a6dfd03

SHA256
e2c1283a5770aad41594a8b5c4e08218da65e4a0e2b0cb523c1c28c53f9985ef

SHA512
f5680af98ce5ba26c5841686eb00a51473a7d3ebbefd3fb7f75731da45022c93448ff25aa10db485b46b98e0e915c35bf8abdfaf1a424bd11578c051ec9e708d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv4816.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\screenCapture\CSCBFC6939893431D92E76447F3D4CF.TMP

Filesize
1KB

MD5
a6f2d21624678f54a2abed46e9f3ab17

SHA1
a2a6f07684c79719007d434cbd1cd2164565734a

SHA256
ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344

SHA512
0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

Download Submit
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

Filesize
12KB

MD5
ced25fbc522dd2d7b6eee93ef83fa861

SHA1
1f443914c7b2f4403b0e00b69c534e45e5b597b1

SHA256
014a6cbf0f71bca1d640c377b03234f561899e9e9c2726df94a901befaeb2020

SHA512
96d3e0c67cc80d59b953f4c75652b7656746b12c647cbfe7135cfc34889442031082c4a8d7ca3b1320533f39719339b83c319b89dddd242d3476ee0842e74e09

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State

Filesize
300B

MD5
952a480341842a091cfb47b0841ded31

SHA1
f31310a1c128c390cc2a50633b7944793b612f11

SHA256
57f077ac88d29f64101ff8c2eeea74f6fafdaa6a709588b557d3308c96cd0162

SHA512
8f497a545a17a95d641bed5af5021e1632b9029e1a62b6365f563cc31149912c5d47d75ada3e22a80c8aff9a2f0548ed6be1b9b2c26b3d0419582dc1c0b9624c

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State~RFe5895c3.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

Filesize
12KB

MD5
67180a92048114e7c613bf2ea82c527d

SHA1
3d90fb6990b5ebbaa74fb50825ef4cdacfe4d86f

SHA256
d023bafc7edb7630963e69f0762216157b35bb55d25cd5b9831ba26a114d4463

SHA512
a84211724f426bb7085c56ad28687f053515495a643e99a20ac7c004be4483f01f1ccc173e32ad1bd0d5b5f669f318234571b6b6c04a8e1ca414e96421a01a6a

Download Submit
memory/644-869-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/644-812-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/644-863-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/652-939-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/852-886-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/852-881-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/1344-926-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/1580-851-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/1624-799-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/1624-850-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/1892-943-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/1892-899-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/1904-904-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/1928-821-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/1928-820-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2004-793-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2004-790-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2012-782-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2012-836-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2056-784-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2056-841-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2224-903-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2224-856-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2364-1872-0x000002C6DE450000-0x000002C6DE451000-memory.dmp

Filesize
4KB

Download
memory/2364-1877-0x000002C6DE450000-0x000002C6DE451000-memory.dmp

Filesize
4KB

Download
memory/2364-1881-0x000002C6DE450000-0x000002C6DE451000-memory.dmp

Filesize
4KB

Download
memory/2364-1880-0x000002C6DE450000-0x000002C6DE451000-memory.dmp

Filesize
4KB

Download
memory/2364-1871-0x000002C6DE450000-0x000002C6DE451000-memory.dmp

Filesize
4KB

Download
memory/2364-1878-0x000002C6DE450000-0x000002C6DE451000-memory.dmp

Filesize
4KB

Download
memory/2364-1876-0x000002C6DE450000-0x000002C6DE451000-memory.dmp

Filesize
4KB

Download
memory/2364-1870-0x000002C6DE450000-0x000002C6DE451000-memory.dmp

Filesize
4KB

Download
memory/2364-1879-0x000002C6DE450000-0x000002C6DE451000-memory.dmp

Filesize
4KB

Download
memory/2364-1882-0x000002C6DE450000-0x000002C6DE451000-memory.dmp

Filesize
4KB

Download
memory/2464-864-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2560-922-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2912-747-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/2912-735-0x0000000000E90000-0x0000000000E9A000-memory.dmp

Filesize
40KB

Download
memory/2912-746-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3040-915-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3040-918-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3056-736-0x0000000000DE0000-0x0000000000DEA000-memory.dmp

Filesize
40KB

Download
memory/3056-748-0x0000000073550000-0x0000000073D00000-memory.dmp

Filesize
7.7MB

Download
memory/3056-758-0x0000000073550000-0x0000000073D00000-memory.dmp

Filesize
7.7MB

Download
memory/3056-737-0x00000000055F0000-0x0000000005682000-memory.dmp

Filesize
584KB

Download
memory/3056-745-0x0000000005730000-0x00000000057CC000-memory.dmp

Filesize
624KB

Download
memory/3172-874-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3172-871-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3396-805-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3396-808-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3600-802-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3600-803-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3600-759-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3908-936-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3932-842-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3948-895-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3972-776-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/3972-829-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4028-830-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4032-932-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4032-889-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4144-817-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4144-868-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4264-894-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4264-847-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4380-913-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4468-930-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4584-910-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/4880-944-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/5032-859-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/5032-749-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/5032-906-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/5032-837-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/5092-879-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download
memory/5092-876-0x00007FFA5EB50000-0x00007FFA5F611000-memory.dmp

Filesize
10.8MB

Download