epsilon | f9cf48c044d90c94f4814a0577cc36a7ba1ac5dbc9652b2e0e498162a042494d

Analysis

max time kernel
150s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19-03-2024 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Launcher.exe
Size

72.0MB
MD5

043e915471323e762e76803853cda28e
SHA1

8ec1f578b126764217dc696c82a2e0dab6f3b906
SHA256

3b6c17f5720f2db7a5b695486da9f5d298c35ab9a274a5760f5191d24f3188bd
SHA512

f61d0c6408f0be97519ef8127f5130b28965272c15124a3953a9579bc8e92c79dadbfcc92f5b520a745736a218995be98245654440fd794d4085410eea18bb00
SSDEEP

1572864:FejOS3vf8SEuUfuVpWO9cC4LG8UzK+uxoG+YYfeGn+yn0N:F+HEWp0C4LGnsX+YYR+dN

Score

10^/10

epsilon spyware stealer

Malware Config

Signatures

Epsilon Stealer
Information stealer.
stealer epsilon

Executes dropped EXE 64 IoCs

pid	Process
4988	Launcher.exe
2204	Launcher.exe
3028	Launcher.exe
920	Launcher.exe
4684	screenCapture_1.3.2.exe
3988	screenCapture_1.3.2.exe
1508	screenCapture_1.3.2.exe
2664	screenCapture_1.3.2.exe
224	screenCapture_1.3.2.exe
4892	screenCapture_1.3.2.exe
3132	screenCapture_1.3.2.exe
2480	screenCapture_1.3.2.exe
1624	screenCapture_1.3.2.exe
3436	screenCapture_1.3.2.exe
4124	screenCapture_1.3.2.exe
3224	screenCapture_1.3.2.exe
4020	screenCapture_1.3.2.exe
1540	screenCapture_1.3.2.exe
3360	screenCapture_1.3.2.exe
2664	screenCapture_1.3.2.exe
3992	screenCapture_1.3.2.exe
2800	screenCapture_1.3.2.exe
3648	screenCapture_1.3.2.exe
4240	screenCapture_1.3.2.exe
3488	screenCapture_1.3.2.exe
5036	screenCapture_1.3.2.exe
4696	screenCapture_1.3.2.exe
3716	screenCapture_1.3.2.exe
3036	screenCapture_1.3.2.exe
1872	screenCapture_1.3.2.exe
620	screenCapture_1.3.2.exe
1900	screenCapture_1.3.2.exe
3932	screenCapture_1.3.2.exe
1996	screenCapture_1.3.2.exe
348	screenCapture_1.3.2.exe
2380	screenCapture_1.3.2.exe
3988	screenCapture_1.3.2.exe
3772	screenCapture_1.3.2.exe
3312	screenCapture_1.3.2.exe
4452	screenCapture_1.3.2.exe
2704	screenCapture_1.3.2.exe
4408	screenCapture_1.3.2.exe
4872	screenCapture_1.3.2.exe
3384	screenCapture_1.3.2.exe
1452	screenCapture_1.3.2.exe
4612	screenCapture_1.3.2.exe
236	screenCapture_1.3.2.exe
2660	screenCapture_1.3.2.exe
4288	screenCapture_1.3.2.exe
2652	screenCapture_1.3.2.exe
3184	screenCapture_1.3.2.exe
1116	screenCapture_1.3.2.exe
2256	screenCapture_1.3.2.exe
3924	screenCapture_1.3.2.exe
3204	screenCapture_1.3.2.exe
1220	screenCapture_1.3.2.exe
2496	screenCapture_1.3.2.exe
2748	screenCapture_1.3.2.exe
4620	screenCapture_1.3.2.exe
1140	screenCapture_1.3.2.exe
1788	screenCapture_1.3.2.exe
3132	screenCapture_1.3.2.exe
3964	screenCapture_1.3.2.exe
3408	screenCapture_1.3.2.exe

Loads dropped DLL 15 IoCs

pid	Process
2076	Launcher.exe
2076	Launcher.exe
2076	Launcher.exe
4988	Launcher.exe
4988	Launcher.exe
2204	Launcher.exe
3028	Launcher.exe
920	Launcher.exe
2204	Launcher.exe
2204	Launcher.exe
2204	Launcher.exe
2204	Launcher.exe
4988	Launcher.exe
1896	Launcher.exe
1896	Launcher.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ipinfo.io
4	ipinfo.io

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	Launcher.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	Launcher.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
1740	WMIC.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1896	Launcher.exe
1896	Launcher.exe
1896	Launcher.exe
1896	Launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2076	Launcher.exe
Token: SeIncreaseQuotaPrivilege	1620	WMIC.exe
Token: SeSecurityPrivilege	1620	WMIC.exe
Token: SeTakeOwnershipPrivilege	1620	WMIC.exe
Token: SeLoadDriverPrivilege	1620	WMIC.exe
Token: SeSystemProfilePrivilege	1620	WMIC.exe
Token: SeSystemtimePrivilege	1620	WMIC.exe
Token: SeProfSingleProcessPrivilege	1620	WMIC.exe
Token: SeIncBasePriorityPrivilege	1620	WMIC.exe
Token: SeCreatePagefilePrivilege	1620	WMIC.exe
Token: SeBackupPrivilege	1620	WMIC.exe
Token: SeRestorePrivilege	1620	WMIC.exe
Token: SeShutdownPrivilege	1620	WMIC.exe
Token: SeDebugPrivilege	1620	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1620	WMIC.exe
Token: SeRemoteShutdownPrivilege	1620	WMIC.exe
Token: SeUndockPrivilege	1620	WMIC.exe
Token: SeManageVolumePrivilege	1620	WMIC.exe
Token: 33	1620	WMIC.exe
Token: 34	1620	WMIC.exe
Token: 35	1620	WMIC.exe
Token: 36	1620	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1620	WMIC.exe
Token: SeSecurityPrivilege	1620	WMIC.exe
Token: SeTakeOwnershipPrivilege	1620	WMIC.exe
Token: SeLoadDriverPrivilege	1620	WMIC.exe
Token: SeSystemProfilePrivilege	1620	WMIC.exe
Token: SeSystemtimePrivilege	1620	WMIC.exe
Token: SeProfSingleProcessPrivilege	1620	WMIC.exe
Token: SeIncBasePriorityPrivilege	1620	WMIC.exe
Token: SeCreatePagefilePrivilege	1620	WMIC.exe
Token: SeBackupPrivilege	1620	WMIC.exe
Token: SeRestorePrivilege	1620	WMIC.exe
Token: SeShutdownPrivilege	1620	WMIC.exe
Token: SeDebugPrivilege	1620	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1620	WMIC.exe
Token: SeRemoteShutdownPrivilege	1620	WMIC.exe
Token: SeUndockPrivilege	1620	WMIC.exe
Token: SeManageVolumePrivilege	1620	WMIC.exe
Token: 33	1620	WMIC.exe
Token: 34	1620	WMIC.exe
Token: 35	1620	WMIC.exe
Token: 36	1620	WMIC.exe
Token: SeShutdownPrivilege	4988	Launcher.exe
Token: SeCreatePagefilePrivilege	4988	Launcher.exe
Token: SeShutdownPrivilege	4988	Launcher.exe
Token: SeCreatePagefilePrivilege	4988	Launcher.exe
Token: SeShutdownPrivilege	4988	Launcher.exe
Token: SeCreatePagefilePrivilege	4988	Launcher.exe
Token: SeIncreaseQuotaPrivilege	5004	WMIC.exe
Token: SeSecurityPrivilege	5004	WMIC.exe
Token: SeTakeOwnershipPrivilege	5004	WMIC.exe
Token: SeLoadDriverPrivilege	5004	WMIC.exe
Token: SeSystemProfilePrivilege	5004	WMIC.exe
Token: SeSystemtimePrivilege	5004	WMIC.exe
Token: SeProfSingleProcessPrivilege	5004	WMIC.exe
Token: SeIncBasePriorityPrivilege	5004	WMIC.exe
Token: SeCreatePagefilePrivilege	5004	WMIC.exe
Token: SeBackupPrivilege	5004	WMIC.exe
Token: SeRestorePrivilege	5004	WMIC.exe
Token: SeShutdownPrivilege	5004	WMIC.exe
Token: SeDebugPrivilege	5004	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5004	WMIC.exe
Token: SeRemoteShutdownPrivilege	5004	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4988	Launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 4988	2076	Launcher.exe	76
PID 2076 wrote to memory of 4988	2076	Launcher.exe	76
PID 4988 wrote to memory of 4868	4988	Launcher.exe	391
PID 4988 wrote to memory of 4868	4988	Launcher.exe	391
PID 4868 wrote to memory of 1620	4868	cmd.exe	80
PID 4868 wrote to memory of 1620	4868	cmd.exe	80
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 2204	4988	Launcher.exe	82
PID 4988 wrote to memory of 3028	4988	Launcher.exe	83
PID 4988 wrote to memory of 3028	4988	Launcher.exe	83
PID 4988 wrote to memory of 920	4988	Launcher.exe	84
PID 4988 wrote to memory of 920	4988	Launcher.exe	84
PID 4988 wrote to memory of 1132	4988	Launcher.exe	85
PID 4988 wrote to memory of 1132	4988	Launcher.exe	85
PID 1132 wrote to memory of 3512	1132	cmd.exe	87
PID 1132 wrote to memory of 3512	1132	cmd.exe	87
PID 1132 wrote to memory of 3512	1132	cmd.exe	87
PID 3512 wrote to memory of 2800	3512	csc.exe	157
PID 3512 wrote to memory of 2800	3512	csc.exe	157
PID 3512 wrote to memory of 2800	3512	csc.exe	157
PID 1132 wrote to memory of 4684	1132	cmd.exe	553
PID 1132 wrote to memory of 4684	1132	cmd.exe	553
PID 4988 wrote to memory of 3024	4988	Launcher.exe	495
PID 4988 wrote to memory of 3024	4988	Launcher.exe	495
PID 3024 wrote to memory of 3988	3024	cmd.exe	202
PID 3024 wrote to memory of 3988	3024	cmd.exe	202
PID 4988 wrote to memory of 3232	4988	Launcher.exe	246
PID 4988 wrote to memory of 3232	4988	Launcher.exe	246
PID 3232 wrote to memory of 1508	3232	cmd.exe	559
PID 3232 wrote to memory of 1508	3232	cmd.exe	559
PID 4988 wrote to memory of 4940	4988	Launcher.exe	96
PID 4988 wrote to memory of 4940	4988	Launcher.exe	96
PID 4988 wrote to memory of 3836	4988	Launcher.exe	98
PID 4988 wrote to memory of 3836	4988	Launcher.exe	98
PID 4988 wrote to memory of 728	4988	Launcher.exe	529
PID 4988 wrote to memory of 728	4988	Launcher.exe	529

C:\Users\Admin\AppData\Local\Temp\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
  C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4868
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic CsProduct Get UUID
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1620
- - C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1860 --field-trial-handle=1868,i,1793211234608291039,6647889486615319375,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2204
- - C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --mojo-platform-channel-handle=2240 --field-trial-handle=1868,i,1793211234608291039,6647889486615319375,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3028
- - C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2448 --field-trial-handle=1868,i,1793211234608291039,6647889486615319375,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-bv22fy.v7vy.jpg" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1132
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3512
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7FCF.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC359FECD83CAD4B4D879225C1B79F587A.TMP"
        5⤵
        
        PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-bv22fy.v7vy.jpg"
      4⤵
      Executes dropped EXE
      PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-4fl947.grqlp.jpg" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-4fl947.grqlp.jpg"
      4⤵
      Executes dropped EXE
      PID:3988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-fkk090.sdct.jpg" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-fkk090.sdct.jpg"
      4⤵
      Executes dropped EXE
      PID:1508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
    3⤵
    PID:4940
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
      4⤵
      PID:2312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
    3⤵
    PID:3836
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
      4⤵
      PID:3260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
    3⤵
    PID:728
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
    3⤵
    PID:3100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:1740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
    3⤵
    PID:4408
  - - C:\Windows\system32\cmd.exe
      cmd /c chcp 65001
      4⤵
      PID:3016
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:2620
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      PID:4412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-13uclf5.z0qw.jpg" "
    3⤵
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-13uclf5.z0qw.jpg"
      4⤵
      Executes dropped EXE
      PID:2664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-136nos5.i5ya.jpg" "
    3⤵
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-136nos5.i5ya.jpg"
      4⤵
      Executes dropped EXE
      PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-16d5flp.ngwe.jpg" "
    3⤵
    PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-16d5flp.ngwe.jpg"
      4⤵
      Executes dropped EXE
      PID:4892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10ss8bn.fd85h.jpg" "
    3⤵
    PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10ss8bn.fd85h.jpg"
      4⤵
      Executes dropped EXE
      PID:3132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11wiuju.5ms2.jpg" "
    3⤵
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11wiuju.5ms2.jpg"
      4⤵
      Executes dropped EXE
      PID:2480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-7v2rdt.uo6it.jpg" "
    3⤵
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-7v2rdt.uo6it.jpg"
      4⤵
      Executes dropped EXE
      PID:1624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10uzme9.5uma.jpg" "
    3⤵
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10uzme9.5uma.jpg"
      4⤵
      Executes dropped EXE
      PID:3436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-qpurjm.jblo.jpg" "
    3⤵
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-qpurjm.jblo.jpg"
      4⤵
      Executes dropped EXE
      PID:4124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-agampv.hkf0f.jpg" "
    3⤵
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-agampv.hkf0f.jpg"
      4⤵
      Executes dropped EXE
      PID:3224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-wzz5nr.2s99r.jpg" "
    3⤵
    PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-wzz5nr.2s99r.jpg"
      4⤵
      Executes dropped EXE
      PID:4020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1syvww7.ye5m.jpg" "
    3⤵
    PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1syvww7.ye5m.jpg"
      4⤵
      Executes dropped EXE
      PID:1540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1hraii1.cchc.jpg" "
    3⤵
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1hraii1.cchc.jpg"
      4⤵
      Executes dropped EXE
      PID:3360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-4jfss8.jb3ln.jpg" "
    3⤵
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-4jfss8.jb3ln.jpg"
      4⤵
      Executes dropped EXE
      PID:2664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-fi3w7h.h00um.jpg" "
    3⤵
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-fi3w7h.h00um.jpg"
      4⤵
      Executes dropped EXE
      PID:3992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1656esh.ra36.jpg" "
    3⤵
    PID:808
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1656esh.ra36.jpg"
      4⤵
      Executes dropped EXE
      PID:2800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-tmp9cm.x7tg.jpg" "
    3⤵
    PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-tmp9cm.x7tg.jpg"
      4⤵
      Executes dropped EXE
      PID:3648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1wzpslo.4ck5.jpg" "
    3⤵
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1wzpslo.4ck5.jpg"
      4⤵
      Executes dropped EXE
      PID:4240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1eku3pl.ax8wf.jpg" "
    3⤵
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1eku3pl.ax8wf.jpg"
      4⤵
      Executes dropped EXE
      PID:3488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-a51az9.t5ie.jpg" "
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-a51az9.t5ie.jpg"
      4⤵
      Executes dropped EXE
      PID:5036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1tf499v.1q4u.jpg" "
    3⤵
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1tf499v.1q4u.jpg"
      4⤵
      Executes dropped EXE
      PID:4696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1845290.e553.jpg" "
    3⤵
    PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1845290.e553.jpg"
      4⤵
      Executes dropped EXE
      PID:3716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1awk6ux.e8bah.jpg" "
    3⤵
    PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1awk6ux.e8bah.jpg"
      4⤵
      Executes dropped EXE
      PID:3036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-z1xa50.914d.jpg" "
    3⤵
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-z1xa50.914d.jpg"
      4⤵
      Executes dropped EXE
      PID:1872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-12yivoi.khq6.jpg" "
    3⤵
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-12yivoi.khq6.jpg"
      4⤵
      Executes dropped EXE
      PID:620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-15madyv.ro7h.jpg" "
    3⤵
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-15madyv.ro7h.jpg"
      4⤵
      Executes dropped EXE
      PID:1900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-2xqaef.10fh9.jpg" "
    3⤵
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-2xqaef.10fh9.jpg"
      4⤵
      Executes dropped EXE
      PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1b6wmln.zz8n.jpg" "
    3⤵
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1b6wmln.zz8n.jpg"
      4⤵
      Executes dropped EXE
      PID:1996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1o19k4o.12xj.jpg" "
    3⤵
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1o19k4o.12xj.jpg"
      4⤵
      Executes dropped EXE
      PID:348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1but88s.tx8f.jpg" "
    3⤵
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1but88s.tx8f.jpg"
      4⤵
      Executes dropped EXE
      PID:2380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1v2ndak.7vdlf.jpg" "
    3⤵
    PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1v2ndak.7vdlf.jpg"
      4⤵
      Executes dropped EXE
      PID:3988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-dgfy70.ggped.jpg" "
    3⤵
    PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-dgfy70.ggped.jpg"
      4⤵
      Executes dropped EXE
      PID:3772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10uidfv.3yahl.jpg" "
    3⤵
    PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10uidfv.3yahl.jpg"
      4⤵
      Executes dropped EXE
      PID:3312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-134bzht.lmxd.jpg" "
    3⤵
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-134bzht.lmxd.jpg"
      4⤵
      Executes dropped EXE
      PID:4452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1a8h3l8.t3d7.jpg" "
    3⤵
    PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1a8h3l8.t3d7.jpg"
      4⤵
      Executes dropped EXE
      PID:2704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11tq99f.l1f1.jpg" "
    3⤵
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11tq99f.l1f1.jpg"
      4⤵
      Executes dropped EXE
      PID:4408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-mai41q.asj7.jpg" "
    3⤵
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-mai41q.asj7.jpg"
      4⤵
      Executes dropped EXE
      PID:4872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-nke2ai.uc24b.jpg" "
    3⤵
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-nke2ai.uc24b.jpg"
      4⤵
      Executes dropped EXE
      PID:3384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-kix9y3.ihx9e.jpg" "
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-kix9y3.ihx9e.jpg"
      4⤵
      Executes dropped EXE
      PID:1452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ahjoty.8c1ql.jpg" "
    3⤵
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ahjoty.8c1ql.jpg"
      4⤵
      Executes dropped EXE
      PID:4612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-2ll13j.cnihu.jpg" "
    3⤵
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-2ll13j.cnihu.jpg"
      4⤵
      Executes dropped EXE
      PID:236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1i0zx7d.up38.jpg" "
    3⤵
    PID:788
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1i0zx7d.up38.jpg"
      4⤵
      Executes dropped EXE
      PID:2660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1f1uxo9.6v4b.jpg" "
    3⤵
    PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1f1uxo9.6v4b.jpg"
      4⤵
      Executes dropped EXE
      PID:4288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-oirdcr.at24.jpg" "
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-oirdcr.at24.jpg"
      4⤵
      Executes dropped EXE
      PID:2652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1erzwz6.8w7.jpg" "
    3⤵
    PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1erzwz6.8w7.jpg"
      4⤵
      Executes dropped EXE
      PID:3184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-kse91o.3r9t.jpg" "
    3⤵
    PID:4400
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-kse91o.3r9t.jpg"
      4⤵
      Executes dropped EXE
      PID:1116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ov97ih.loi9p.jpg" "
    3⤵
    PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ov97ih.loi9p.jpg"
      4⤵
      Executes dropped EXE
      PID:2256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-owekd2.vttwi.jpg" "
    3⤵
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-owekd2.vttwi.jpg"
      4⤵
      Executes dropped EXE
      PID:3924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1bgo1yq.da44h.jpg" "
    3⤵
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1bgo1yq.da44h.jpg"
      4⤵
      Executes dropped EXE
      PID:3204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1pt7i80.oj2u.jpg" "
    3⤵
    PID:2656
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1pt7i80.oj2u.jpg"
      4⤵
      Executes dropped EXE
      PID:1220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-7tcslw.r0ik.jpg" "
    3⤵
    PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-7tcslw.r0ik.jpg"
      4⤵
      Executes dropped EXE
      PID:2496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1s9rebv.lfoe.jpg" "
    3⤵
    PID:3860
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1s9rebv.lfoe.jpg"
      4⤵
      Executes dropped EXE
      PID:2748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-v2dk4p.zsnkh.jpg" "
    3⤵
    PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-v2dk4p.zsnkh.jpg"
      4⤵
      Executes dropped EXE
      PID:4620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1f0jjpc.2ljl.jpg" "
    3⤵
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1f0jjpc.2ljl.jpg"
      4⤵
      Executes dropped EXE
      PID:1140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-omcf0i.68qrq.jpg" "
    3⤵
    PID:3352
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-omcf0i.68qrq.jpg"
      4⤵
      Executes dropped EXE
      PID:1788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ymzbqc.wyvm.jpg" "
    3⤵
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ymzbqc.wyvm.jpg"
      4⤵
      Executes dropped EXE
      PID:3132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-182qdf6.wjfm.jpg" "
    3⤵
    PID:4704
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-182qdf6.wjfm.jpg"
      4⤵
      Executes dropped EXE
      PID:3964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ipgfuz.sd34.jpg" "
    3⤵
    PID:808
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ipgfuz.sd34.jpg"
      4⤵
      Executes dropped EXE
      PID:3408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-t3udt9.1cym.jpg" "
    3⤵
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-t3udt9.1cym.jpg"
      4⤵
      PID:2400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-elv6hc.31v9e.jpg" "
    3⤵
    PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-elv6hc.31v9e.jpg"
      4⤵
      PID:4636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1bwaw9u.qbhg.jpg" "
    3⤵
    PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1bwaw9u.qbhg.jpg"
      4⤵
      PID:4088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-15hc1zw.gf7ql.jpg" "
    3⤵
    PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-15hc1zw.gf7ql.jpg"
      4⤵
      PID:3688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ibt6h.v9z6o.jpg" "
    3⤵
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ibt6h.v9z6o.jpg"
      4⤵
      PID:3100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-16byb69.rits.jpg" "
    3⤵
    PID:704
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-16byb69.rits.jpg"
      4⤵
      PID:4788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-zq4663.99fl.jpg" "
    3⤵
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-zq4663.99fl.jpg"
      4⤵
      PID:4412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1vvsk4a.xjyii.jpg" "
    3⤵
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1vvsk4a.xjyii.jpg"
      4⤵
      PID:3516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-w344r4.iooah.jpg" "
    3⤵
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-w344r4.iooah.jpg"
      4⤵
      PID:1340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10nwpvr.94u4.jpg" "
    3⤵
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10nwpvr.94u4.jpg"
      4⤵
      PID:240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-rbzpij.7jmjg.jpg" "
    3⤵
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-rbzpij.7jmjg.jpg"
      4⤵
      PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-duf88y.quqt4.jpg" "
    3⤵
    PID:788
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-duf88y.quqt4.jpg"
      4⤵
      PID:3636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-r9r9lv.cwcq.jpg" "
    3⤵
    PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-r9r9lv.cwcq.jpg"
      4⤵
      PID:4480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1vekd37.icy6.jpg" "
    3⤵
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1vekd37.icy6.jpg"
      4⤵
      PID:3648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1d4a538.90leh.jpg" "
    3⤵
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1d4a538.90leh.jpg"
      4⤵
      PID:3424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-g1b8xh.9svm8.jpg" "
    3⤵
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-g1b8xh.9svm8.jpg"
      4⤵
      PID:4400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1gtpcha.cyyp.jpg" "
    3⤵
    PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1gtpcha.cyyp.jpg"
      4⤵
      PID:3312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1g9c9yw.vxs7.jpg" "
    3⤵
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1g9c9yw.vxs7.jpg"
      4⤵
      PID:1772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-epj8fj.g46ho.jpg" "
    3⤵
    PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-epj8fj.g46ho.jpg"
      4⤵
      PID:1732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1x8js2q.n9uv.jpg" "
    3⤵
    PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1x8js2q.n9uv.jpg"
      4⤵
      PID:3732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-nrkpap.dalfl.jpg" "
    3⤵
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-nrkpap.dalfl.jpg"
      4⤵
      PID:768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-au9dpq.fnwga.jpg" "
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-au9dpq.fnwga.jpg"
      4⤵
      PID:968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-xm1ijc.598z.jpg" "
    3⤵
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-xm1ijc.598z.jpg"
      4⤵
      PID:1580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-152ovx1.h4yj.jpg" "
    3⤵
    PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-152ovx1.h4yj.jpg"
      4⤵
      PID:3140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-p4wvw0.gids.jpg" "
    3⤵
    PID:1176
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-p4wvw0.gids.jpg"
      4⤵
      PID:2876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1thpq9y.6hf9.jpg" "
    3⤵
    PID:1788
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:348
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1thpq9y.6hf9.jpg"
      4⤵
      PID:3132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1syxare.f7t9k.jpg" "
    3⤵
    PID:3532
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1syxare.f7t9k.jpg"
      4⤵
      PID:1612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1infts6.ofme.jpg" "
    3⤵
    PID:4240
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1infts6.ofme.jpg"
      4⤵
      PID:3408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-fcagj8.64jpl.jpg" "
    3⤵
    PID:2652
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-fcagj8.64jpl.jpg"
      4⤵
      PID:2724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-dtzi6y.txdp9.jpg" "
    3⤵
    PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-dtzi6y.txdp9.jpg"
      4⤵
      PID:2240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1xg2frf.xby3l.jpg" "
    3⤵
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1xg2frf.xby3l.jpg"
      4⤵
      PID:1032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1sl162h.tb8g.jpg" "
    3⤵
    PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1sl162h.tb8g.jpg"
      4⤵
      PID:2256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1y9hluo.e2lwj.jpg" "
    3⤵
    PID:1956
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1y9hluo.e2lwj.jpg"
      4⤵
      PID:3204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1bwesfn.pj8.jpg" "
    3⤵
    PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1bwesfn.pj8.jpg"
      4⤵
      PID:3400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-dfbg04.yvwzt.jpg" "
    3⤵
    PID:4788
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-dfbg04.yvwzt.jpg"
      4⤵
      PID:2156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1p87n29.uclr.jpg" "
    3⤵
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1p87n29.uclr.jpg"
      4⤵
      PID:4868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1nmmnw5.d688.jpg" "
    3⤵
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1nmmnw5.d688.jpg"
      4⤵
      PID:4948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1hfxswm.mkgwf.jpg" "
    3⤵
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1hfxswm.mkgwf.jpg"
      4⤵
      PID:1224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1mew70q.z9bg.jpg" "
    3⤵
    PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1mew70q.z9bg.jpg"
      4⤵
      PID:3256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-19tmzcf.h58o.jpg" "
    3⤵
    PID:884
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-19tmzcf.h58o.jpg"
      4⤵
      PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-tr9ire.8ys1f.jpg" "
    3⤵
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-tr9ire.8ys1f.jpg"
      4⤵
      PID:4668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-8tvpus.la92g.jpg" "
    3⤵
    PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-8tvpus.la92g.jpg"
      4⤵
      PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-l6s4vl.k212.jpg" "
    3⤵
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-l6s4vl.k212.jpg"
      4⤵
      PID:2308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-8s3641.dwblq.jpg" "
    3⤵
    PID:2120
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-8s3641.dwblq.jpg"
      4⤵
      PID:2724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1yhf598.zniyk.jpg" "
    3⤵
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1yhf598.zniyk.jpg"
      4⤵
      PID:3392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-351sye.w7jiy.jpg" "
    3⤵
    PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-351sye.w7jiy.jpg"
      4⤵
      PID:3552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-h0tea9.4eck9.jpg" "
    3⤵
    PID:4472
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-h0tea9.4eck9.jpg"
      4⤵
      PID:4488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-sn0n8j.ht1a.jpg" "
    3⤵
    PID:5024
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-sn0n8j.ht1a.jpg"
      4⤵
      PID:4160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-a1a1vh.jfaj.jpg" "
    3⤵
    PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-a1a1vh.jfaj.jpg"
      4⤵
      PID:728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-5xeh0t.ifsqb.jpg" "
    3⤵
    PID:3600
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-5xeh0t.ifsqb.jpg"
      4⤵
      PID:3732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ttpr5h.2c0p8.jpg" "
    3⤵
    PID:4872
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ttpr5h.2c0p8.jpg"
      4⤵
      PID:4928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-x1dg5v.ds8rs.jpg" "
    3⤵
    PID:2336
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-x1dg5v.ds8rs.jpg"
      4⤵
      PID:1096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1jeyhmg.nvn8.jpg" "
    3⤵
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1jeyhmg.nvn8.jpg"
      4⤵
      PID:2020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-7m8rx4.qg0ce.jpg" "
    3⤵
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-7m8rx4.qg0ce.jpg"
      4⤵
      PID:2196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-u8d4kw.axljc.jpg" "
    3⤵
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-u8d4kw.axljc.jpg"
      4⤵
      PID:3024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1bgxhjk.j968g.jpg" "
    3⤵
    PID:3948
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1bgxhjk.j968g.jpg"
      4⤵
      PID:4836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-7yvsfr.pqprf.jpg" "
    3⤵
    PID:4668
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:436
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-7yvsfr.pqprf.jpg"
      4⤵
      PID:1568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-kuhofu.3hh6m.jpg" "
    3⤵
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-kuhofu.3hh6m.jpg"
      4⤵
      PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-rh52ei.816zj.jpg" "
    3⤵
    PID:3408
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-rh52ei.816zj.jpg"
      4⤵
      PID:4960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11mwcio.03qx.jpg" "
    3⤵
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11mwcio.03qx.jpg"
      4⤵
      PID:4636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-4ywm3v.l6n6s.jpg" "
    3⤵
    PID:3184
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-4ywm3v.l6n6s.jpg"
      4⤵
      PID:360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-5v4zd3.v5u9f.jpg" "
    3⤵
    PID:1352
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-5v4zd3.v5u9f.jpg"
      4⤵
      PID:5116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ckgwus.1sccg.jpg" "
    3⤵
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ckgwus.1sccg.jpg"
      4⤵
      PID:124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-sws881.q8dv.jpg" "
    3⤵
    PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-sws881.q8dv.jpg"
      4⤵
      PID:704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-17ghb4i.iocq.jpg" "
    3⤵
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-17ghb4i.iocq.jpg"
      4⤵
      PID:3236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1wrb35b.htgg.jpg" "
    3⤵
    PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1wrb35b.htgg.jpg"
      4⤵
      PID:4664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-at1zfg.a1qlk.jpg" "
    3⤵
    PID:3516
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-at1zfg.a1qlk.jpg"
      4⤵
      PID:4108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1sdsq5v.fdgs.jpg" "
    3⤵
    PID:1096
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1sdsq5v.fdgs.jpg"
      4⤵
      PID:1452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-6gsfjo.fq7nn.jpg" "
    3⤵
    PID:2324
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-6gsfjo.fq7nn.jpg"
      4⤵
      PID:1876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-19nd4fs.idmy.jpg" "
    3⤵
    PID:2052
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-19nd4fs.idmy.jpg"
      4⤵
      PID:3260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-17ujof0.j1fr.jpg" "
    3⤵
    PID:4892
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-17ujof0.j1fr.jpg"
      4⤵
      PID:1360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1e88468.33k.jpg" "
    3⤵
    PID:2412
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1e88468.33k.jpg"
      4⤵
      PID:4192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ydp7zi.bmkq.jpg" "
    3⤵
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ydp7zi.bmkq.jpg"
      4⤵
      PID:4716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1qjues4.mvqu.jpg" "
    3⤵
    PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1qjues4.mvqu.jpg"
      4⤵
      PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-cpyv1y.zyjoa.jpg" "
    3⤵
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-cpyv1y.zyjoa.jpg"
      4⤵
      PID:4852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1nv29cp.dif8.jpg" "
    3⤵
    PID:388
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1nv29cp.dif8.jpg"
      4⤵
      PID:4636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1gxawzu.ovqoj.jpg" "
    3⤵
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1gxawzu.ovqoj.jpg"
      4⤵
      PID:1992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-2s22fb.1i43w.jpg" "
    3⤵
    PID:3596
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-2s22fb.1i43w.jpg"
      4⤵
      PID:3288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-162uxqf.5b4e.jpg" "
    3⤵
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-162uxqf.5b4e.jpg"
      4⤵
      PID:1624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1u0jmjl.i3wc.jpg" "
    3⤵
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1u0jmjl.i3wc.jpg"
      4⤵
      PID:4408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-f1lb4p.ywyv.jpg" "
    3⤵
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-f1lb4p.ywyv.jpg"
      4⤵
      PID:1572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1gginri.jdvw.jpg" "
    3⤵
    PID:620
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1gginri.jdvw.jpg"
      4⤵
      PID:728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-19fx9c.a61fv.jpg" "
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-19fx9c.a61fv.jpg"
      4⤵
      PID:908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ujtcj4.22ds.jpg" "
    3⤵
    PID:3360
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ujtcj4.22ds.jpg"
      4⤵
      PID:4948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-hrgod2.5dy0b.jpg" "
    3⤵
    PID:2220
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-hrgod2.5dy0b.jpg"
      4⤵
      PID:1340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10x7xp3.3vx2.jpg" "
    3⤵
    PID:432
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10x7xp3.3vx2.jpg"
      4⤵
      PID:2772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ibvzm7.1ujro.jpg" "
    3⤵
    PID:3944
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ibvzm7.1ujro.jpg"
      4⤵
      PID:4836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-2pwgbi.ma0ty.jpg" "
    3⤵
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-2pwgbi.ma0ty.jpg"
      4⤵
      PID:3992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-115e9nz.c6d6.jpg" "
    3⤵
    PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-115e9nz.c6d6.jpg"
      4⤵
      PID:660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1p8jo3g.5rzh.jpg" "
    3⤵
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1p8jo3g.5rzh.jpg"
      4⤵
      PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-vqb5n9.cikc7.jpg" "
    3⤵
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-vqb5n9.cikc7.jpg"
      4⤵
      PID:1588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-dfmtry.0yskh.jpg" "
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-dfmtry.0yskh.jpg"
      4⤵
      PID:1508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1i0r0ua.1wzu.jpg" "
    3⤵
    PID:440
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1i0r0ua.1wzu.jpg"
      4⤵
      PID:2776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1lcdj7d.vt9x.jpg" "
    3⤵
    PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1lcdj7d.vt9x.jpg"
      4⤵
      PID:4840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ndaab8.rly5.jpg" "
    3⤵
    PID:2492
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ndaab8.rly5.jpg"
      4⤵
      PID:1552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-121xkit.x8gui.jpg" "
    3⤵
    PID:4408
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-121xkit.x8gui.jpg"
      4⤵
      PID:2440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-x2lie0.udzuc.jpg" "
    3⤵
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-x2lie0.udzuc.jpg"
      4⤵
      PID:4976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1jqrfqm.wcoy.jpg" "
    3⤵
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1jqrfqm.wcoy.jpg"
      4⤵
      PID:2628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-111vpmd.qr4g.jpg" "
    3⤵
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-111vpmd.qr4g.jpg"
      4⤵
      PID:1808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-gkzrji.tdbf4.jpg" "
    3⤵
    PID:236
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-gkzrji.tdbf4.jpg"
      4⤵
      PID:3776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-9xkvhe.cv12f.jpg" "
    3⤵
    PID:4372
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-9xkvhe.cv12f.jpg"
      4⤵
      PID:2220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1assl0i.9xb1h.jpg" "
    3⤵
    PID:1788
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1assl0i.9xb1h.jpg"
      4⤵
      PID:4704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-d9oj0q.eyy8m.jpg" "
    3⤵
    PID:3132
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-d9oj0q.eyy8m.jpg"
      4⤵
      PID:3944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1t1g5i3.4y6p.jpg" "
    3⤵
    PID:2800
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1t1g5i3.4y6p.jpg"
      4⤵
      PID:1568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-uzg40l.4w5wp.jpg" "
    3⤵
    PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-uzg40l.4w5wp.jpg"
      4⤵
      PID:4980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-f3l9bc.beutd.jpg" "
    3⤵
    PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-f3l9bc.beutd.jpg"
      4⤵
      PID:1036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1sc48e5.8wwf.jpg" "
    3⤵
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1sc48e5.8wwf.jpg"
      4⤵
      PID:3648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-15hhv2h.dr9t.jpg" "
    3⤵
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-15hhv2h.dr9t.jpg"
      4⤵
      PID:1476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1g41vv8.2v7cg.jpg" "
    3⤵
    PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1g41vv8.2v7cg.jpg"
      4⤵
      PID:3264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-oz78zk.5oa1.jpg" "
    3⤵
    PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-oz78zk.5oa1.jpg"
      4⤵
      PID:4464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-x20t5z.t4hq8.jpg" "
    3⤵
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-x20t5z.t4hq8.jpg"
      4⤵
      PID:2128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1dyzxo3.h7uf.jpg" "
    3⤵
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1dyzxo3.h7uf.jpg"
      4⤵
      PID:5024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-la46cg.2xuh.jpg" "
    3⤵
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-la46cg.2xuh.jpg"
      4⤵
      PID:3796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1vasl5h.aen6.jpg" "
    3⤵
    PID:2492
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1vasl5h.aen6.jpg"
      4⤵
      PID:4016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-zu8nsv.5mzj.jpg" "
    3⤵
    PID:844
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-zu8nsv.5mzj.jpg"
      4⤵
      PID:1572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ifrhps.5p85l.jpg" "
    3⤵
    PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ifrhps.5p85l.jpg"
      4⤵
      PID:2332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1jqj6sc.y0ip.jpg" "
    3⤵
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1jqj6sc.y0ip.jpg"
      4⤵
      PID:3884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-cbkvnm.gtxmi.jpg" "
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-cbkvnm.gtxmi.jpg"
      4⤵
      PID:3008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ans1vq.rt7l.jpg" "
    3⤵
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ans1vq.rt7l.jpg"
      4⤵
      PID:2336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1uxozew.2nrl.jpg" "
    3⤵
    PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1uxozew.2nrl.jpg"
      4⤵
      PID:4372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-qct31z.8h32.jpg" "
    3⤵
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-qct31z.8h32.jpg"
      4⤵
      PID:2052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-d6s5j5.klz0k.jpg" "
    3⤵
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-d6s5j5.klz0k.jpg"
      4⤵
      PID:3132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1aippym.qezgh.jpg" "
    3⤵
    PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1aippym.qezgh.jpg"
      4⤵
      PID:3964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-zuhn9v.4ofd.jpg" "
    3⤵
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-zuhn9v.4ofd.jpg"
      4⤵
      PID:4980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-13wz237.jc5i.jpg" "
    3⤵
    PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-13wz237.jc5i.jpg"
      4⤵
      PID:1036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-afd36f.ya5hl.jpg" "
    3⤵
    PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-afd36f.ya5hl.jpg"
      4⤵
      PID:1980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1yxo4oc.vem9g.jpg" "
    3⤵
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1yxo4oc.vem9g.jpg"
      4⤵
      PID:1436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-pviyof.vx7wn.jpg" "
    3⤵
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-pviyof.vx7wn.jpg"
      4⤵
      PID:1064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1kvxz34.rveni.jpg" "
    3⤵
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1kvxz34.rveni.jpg"
      4⤵
      PID:3656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-b52vqz.6k7wi.jpg" "
    3⤵
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-b52vqz.6k7wi.jpg"
      4⤵
      PID:1784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10tz6wa.d7bx.jpg" "
    3⤵
    PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10tz6wa.d7bx.jpg"
      4⤵
      PID:3368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1o4ayg9.ew2nl.jpg" "
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1o4ayg9.ew2nl.jpg"
      4⤵
      PID:2092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1835sp2.xc4lh.jpg" "
    3⤵
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1835sp2.xc4lh.jpg"
      4⤵
      PID:4280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-s3wc3r.14tm.jpg" "
    3⤵
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-s3wc3r.14tm.jpg"
      4⤵
      PID:2480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-lvx9ij.klbce.jpg" "
    3⤵
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-lvx9ij.klbce.jpg"
      4⤵
      PID:240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1kz7p3i.x8oy.jpg" "
    3⤵
    PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1kz7p3i.x8oy.jpg"
      4⤵
      PID:2000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1rk4hqm.bpfm.jpg" "
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1rk4hqm.bpfm.jpg"
      4⤵
      PID:1564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-rn3vrs.oq9pc.jpg" "
    3⤵
    PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-rn3vrs.oq9pc.jpg"
      4⤵
      PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1wsnhlv.yvnj.jpg" "
    3⤵
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1wsnhlv.yvnj.jpg"
      4⤵
      PID:2412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-a2xopt.gqye6.jpg" "
    3⤵
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-a2xopt.gqye6.jpg"
      4⤵
      PID:3948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1rc1wts.t35jg.jpg" "
    3⤵
    PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1rc1wts.t35jg.jpg"
      4⤵
      PID:3808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1yq24pj.ljse.jpg" "
    3⤵
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1yq24pj.ljse.jpg"
      4⤵
      PID:2404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1rf97q0.7gsu.jpg" "
    3⤵
    PID:676
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1rf97q0.7gsu.jpg"
      4⤵
      PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-17e4k5p.56zwj.jpg" "
    3⤵
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-17e4k5p.56zwj.jpg"
      4⤵
      PID:4576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1cei5da.19tq.jpg" "
    3⤵
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1cei5da.19tq.jpg"
      4⤵
      PID:3344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-vzaxs3.nfku.jpg" "
    3⤵
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-vzaxs3.nfku.jpg"
      4⤵
      PID:2832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1epkx3f.k7qm.jpg" "
    3⤵
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1epkx3f.k7qm.jpg"
      4⤵
      PID:1872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ezz7z3.0js2.jpg" "
    3⤵
    PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ezz7z3.0js2.jpg"
      4⤵
      PID:440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-15qmur3.rxuw.jpg" "
    3⤵
    PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-15qmur3.rxuw.jpg"
      4⤵
      PID:656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-mqqb4x.ooih.jpg" "
    3⤵
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-mqqb4x.ooih.jpg"
      4⤵
      PID:2452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-hzxm33.j9af.jpg" "
    3⤵
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-hzxm33.j9af.jpg"
      4⤵
      PID:2656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11lqotq.cegj.jpg" "
    3⤵
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11lqotq.cegj.jpg"
      4⤵
      PID:2156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ps3ak4.w5pq.jpg" "
    3⤵
    PID:620
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ps3ak4.w5pq.jpg"
      4⤵
      PID:1600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-pad0tk.jspal.jpg" "
    3⤵
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-pad0tk.jspal.jpg"
      4⤵
      PID:4872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-185hskl.mgdl.jpg" "
    3⤵
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-185hskl.mgdl.jpg"
      4⤵
      PID:3384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-jwrqx4.ia9o.jpg" "
    3⤵
    PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-jwrqx4.ia9o.jpg"
      4⤵
      PID:1728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-14k4ihi.mhj.jpg" "
    3⤵
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-14k4ihi.mhj.jpg"
      4⤵
      PID:4900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-a2mack.9pqdm.jpg" "
    3⤵
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-a2mack.9pqdm.jpg"
      4⤵
      PID:1896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-jz4wdg.8gx8.jpg" "
    3⤵
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-jz4wdg.8gx8.jpg"
      4⤵
      PID:1176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1h9eu9l.jqnz.jpg" "
    3⤵
    PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1h9eu9l.jqnz.jpg"
      4⤵
      PID:1568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1i6qs1j.i5uq.jpg" "
    3⤵
    PID:660
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1i6qs1j.i5uq.jpg"
      4⤵
      PID:4980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-lbf335.tx46g.jpg" "
    3⤵
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-lbf335.tx46g.jpg"
      4⤵
      PID:4960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-4mjdj3.eckj3.jpg" "
    3⤵
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-4mjdj3.eckj3.jpg"
      4⤵
      PID:1716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-u068b8.28wg.jpg" "
    3⤵
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-u068b8.28wg.jpg"
      4⤵
      PID:4608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1gqxeq7.dn29.jpg" "
    3⤵
    PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1gqxeq7.dn29.jpg"
      4⤵
      PID:2732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1q0xc7w.ekaw.jpg" "
    3⤵
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1q0xc7w.ekaw.jpg"
      4⤵
      PID:1040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-mg215v.x3fsr.jpg" "
    3⤵
    PID:440
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-mg215v.x3fsr.jpg"
      4⤵
      PID:1352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11g8sus.5swck.jpg" "
    3⤵
    PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11g8sus.5swck.jpg"
      4⤵
      PID:2320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1jhypfh.7ev4.jpg" "
    3⤵
    PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1jhypfh.7ev4.jpg"
      4⤵
      PID:4664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1mb9vlm.o2kk.jpg" "
    3⤵
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1mb9vlm.o2kk.jpg"
      4⤵
      PID:408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1yub83v.zg29.jpg" "
    3⤵
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1yub83v.zg29.jpg"
      4⤵
      PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1oaw0rt.d03v.jpg" "
    3⤵
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1oaw0rt.d03v.jpg"
      4⤵
      PID:5044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-5zromg.8dlb9.jpg" "
    3⤵
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-5zromg.8dlb9.jpg"
      4⤵
      PID:4768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-295bpm.njibn.jpg" "
    3⤵
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-295bpm.njibn.jpg"
      4⤵
      PID:1340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-lnh3u0.4agt.jpg" "
    3⤵
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-lnh3u0.4agt.jpg"
      4⤵
      PID:4704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ckb49.zcuskh.jpg" "
    3⤵
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ckb49.zcuskh.jpg"
      4⤵
      PID:2236
- - C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Launcher" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4020 --field-trial-handle=1868,i,1793211234608291039,6647889486615319375,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
    3⤵
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:1896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1apde9x.b0u6.jpg" "
    3⤵
    PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1apde9x.b0u6.jpg"
      4⤵
      PID:2464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-lhhsxw.r60yf.jpg" "
    3⤵
    PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-lhhsxw.r60yf.jpg"
      4⤵
      PID:3828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-19vphmp.t2q0f.jpg" "
    3⤵
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-19vphmp.t2q0f.jpg"
      4⤵
      PID:3064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-kqcjeu.3lhvp.jpg" "
    3⤵
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-kqcjeu.3lhvp.jpg"
      4⤵
      PID:3996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1sx80zx.8tof.jpg" "
    3⤵
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1sx80zx.8tof.jpg"
      4⤵
      PID:4404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-u0rp27.xf0zb.jpg" "
    3⤵
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-u0rp27.xf0zb.jpg"
      4⤵
      PID:4344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1co2v6e.blb4.jpg" "
    3⤵
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1co2v6e.blb4.jpg"
      4⤵
      PID:2904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-19b5h35.7921.jpg" "
    3⤵
    PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-19b5h35.7921.jpg"
      4⤵
      PID:1624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1lf5p52.otks.jpg" "
    3⤵
    PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1lf5p52.otks.jpg"
      4⤵
      PID:4020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-l84bpg.i05k8.jpg" "
    3⤵
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-l84bpg.i05k8.jpg"
      4⤵
      PID:2156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ltgtyp.1qib.jpg" "
    3⤵
    PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ltgtyp.1qib.jpg"
      4⤵
      PID:884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-l44iwh.r7oxn.jpg" "
    3⤵
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-l44iwh.r7oxn.jpg"
      4⤵
      PID:564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-2kmoff.hngna.jpg" "
    3⤵
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-2kmoff.hngna.jpg"
      4⤵
      PID:2676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1qbqo24.zvfi.jpg" "
    3⤵
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1qbqo24.zvfi.jpg"
      4⤵
      PID:2020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1coak5q.3akt.jpg" "
    3⤵
    PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1coak5q.3akt.jpg"
      4⤵
      PID:788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1nrzqcy.h3ur.jpg" "
    3⤵
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1nrzqcy.h3ur.jpg"
      4⤵
      PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ebe26z.l9sal.jpg" "
    3⤵
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ebe26z.l9sal.jpg"
      4⤵
      PID:3064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1oqvc6q.ksex.jpg" "
    3⤵
    PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1oqvc6q.ksex.jpg"
      4⤵
      PID:2724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-hepmlf.1gcm4.jpg" "
    3⤵
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-hepmlf.1gcm4.jpg"
      4⤵
      PID:3620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-6rxr09.g3qim.jpg" "
    3⤵
    PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-6rxr09.g3qim.jpg"
      4⤵
      PID:3688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1v7r84h.f4l2.jpg" "
    3⤵
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1v7r84h.f4l2.jpg"
      4⤵
      PID:680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1dgo5v9.7ixj.jpg" "
    3⤵
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1dgo5v9.7ixj.jpg"
      4⤵
      PID:2452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-138qniz.64t.jpg" "
    3⤵
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-138qniz.64t.jpg"
      4⤵
      PID:1108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-o1utas.1bo4.jpg" "
    3⤵
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-o1utas.1bo4.jpg"
      4⤵
      PID:4760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1n8vq59.jzan.jpg" "
    3⤵
    PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1n8vq59.jzan.jpg"
      4⤵
      PID:408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-18pu2px.0zss.jpg" "
    3⤵
    PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-18pu2px.0zss.jpg"
      4⤵
      PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ls68vp.cikp.jpg" "
    3⤵
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-ls68vp.cikp.jpg"
      4⤵
      PID:3044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-klqurw.todh.jpg" "
    3⤵
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-klqurw.todh.jpg"
      4⤵
      PID:4944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-xg5ybd.m64en.jpg" "
    3⤵
    PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-xg5ybd.m64en.jpg"
      4⤵
      PID:3860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-9rkmje.wwgw6.jpg" "
    3⤵
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-9rkmje.wwgw6.jpg"
      4⤵
      PID:3384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-hfb0dw.z9c1.jpg" "
    3⤵
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-hfb0dw.z9c1.jpg"
      4⤵
      PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10oeofo.mg73.jpg" "
    3⤵
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-10oeofo.mg73.jpg"
      4⤵
      PID:4148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-lrw6xo.a5xb.jpg" "
    3⤵
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-lrw6xo.a5xb.jpg"
      4⤵
      PID:3576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1dp0zg6.3y5n.jpg" "
    3⤵
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1dp0zg6.3y5n.jpg"
      4⤵
      PID:2604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ymn954.uvkm.jpg" "
    3⤵
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1ymn954.uvkm.jpg"
      4⤵
      PID:928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-iiuu5b.nwt1h.jpg" "
    3⤵
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-iiuu5b.nwt1h.jpg"
      4⤵
      PID:3284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1gxk746.321b.jpg" "
    3⤵
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-1gxk746.321b.jpg"
      4⤵
      PID:3688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-rotz5s.liabt.jpg" "
    3⤵
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-rotz5s.liabt.jpg"
      4⤵
      PID:680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11tt1nv.pnmp.jpg" "
    3⤵
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-11tt1nv.pnmp.jpg"
      4⤵
      PID:4728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-gu8lnz.dc7ur.jpg" "
    3⤵
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-gu8lnz.dc7ur.jpg"
      4⤵
      PID:1108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-122v81o.p2wl.jpg" "
    3⤵
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-122v81o.p2wl.jpg"
      4⤵
      PID:4760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-hnpij9.bb52c.jpg" "
    3⤵
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-hnpij9.bb52c.jpg"
      4⤵
      PID:2108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024219-4988-naic00.qfj7p.jpg" "
    3⤵
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024219-4988-naic00.qfj7p.jpg"
      4⤵
      PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\5b29503c96bbfa97\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
1207e8b95139f64b97355e2d8812a6de

SHA1
c0bd299280e485e9f6f1513bf532ca534f358ce2

SHA256
ba76944857c417eb06fb5ee927ae26305ea214a8f4138892db88e5edb90ab689

SHA512
293e65befb4816f363068ad4c57ffd5d7ab166586d9e079bbdf2328b3a12b667f6b89766d3b0cf4670630367867a2b1227c84343f88af23c3890237b3bb19a41

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\5b29503c96bbfa97\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\5b29503c96bbfa97\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1KB

MD5
434c019750a8a91d359aeac657f281c6

SHA1
fc83614d456595a500e622be580e2ab4294d80a9

SHA256
92c8182dc22bcfde77d3263cc9d15ca892a8a0bfb92789de0f8bf4133c72b521

SHA512
73395b1edbfed9adb2ee39a9d956ecb5a5ca96cc73e39df7d62e19fe14d5fb98ba3af3d55c24eefb5dc0115d6dc949e126e12de49f054dbae37f7d81aec7d519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

Filesize
862B

MD5
043dc9da298a5c5f76d125375d641187

SHA1
fdcc3232d804c7e96b2ffc740f485137755c7ab9

SHA256
df33e5037f3bf12fed29a2b74fecc77c797c223e965e0a2faf123556b43c3da0

SHA512
4c780a025501b17411a81318157ef438f3037e52793705e9fbd888d882176bc798161c18ea206d4501f72914b49a2109e89c151a12400aaac7227509a0676fae

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-4988-10uzme9.5uma.jpg

Filesize
1KB

MD5
95ba65d35e6290cbc6e6f934611cc287

SHA1
42106925c864e536eb8b82c98b61bb4a5eb30c55

SHA256
bed1394d3193e1b6f200165e8a99fe96d982e8dcb30162daa9c20191590c4407

SHA512
3ca6acca7ed6ad77938fe8a4df3a236f3b9d9d38f0dcb608aca49e505e698036e36986cffcbf5d85c5ad8940b71deff85b4ea28c771d4bd3fa6facf03def9e78

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-4988-136nos5.i5ya.jpg

Filesize
70KB

MD5
d3fe9eebbd71e942f09d9da0f4e58f10

SHA1
aa5d5c868cd69646b8baa63e732294c2d29a4b71

SHA256
6a3a510357715f857a0d0e1d9d9476e8c7ad7008936582b241a786ff9fba64ee

SHA512
e21c37e1dbe15ff1864fa96c431885b4f22cf60441918edfd4884d3efde42a8fe8f9d25cb31a9a78e5fdeeada8615de9a777ac0089d634fbddbfbf20e22e1432

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-4988-13uclf5.z0qw.jpg

Filesize
73KB

MD5
056713782b92ed6c0b2088a93973938e

SHA1
a26dac56700e21486b74f5b5d656e99818aef0b3

SHA256
0a149333cf5bafbbcdea9aa0e4109ac880a4c15e025ce06304c782e8f8ccfa62

SHA512
4605bb7e467ce891422e2418222f5f7410a7d125d0babce081150e24014861cac0af9f69c4cbcb5141a7e48b8fec0bd0ab3f2ce7ec45b28667e9bd43923ef044

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-4988-16d5flp.ngwe.jpg

Filesize
62KB

MD5
355e327e41bd4c62a7a0c534a4d62c81

SHA1
de87cc380229257ed462b1b820bda3223cc3baca

SHA256
e34b00c66af0498a48ae0d1290afed20c37b9ecb53e9fd82340e74e8dd7b677b

SHA512
aaa1ff970e3e8cbd92a24e8767241d563595808884bef285d20592c04e8e876a949fb07e0a43d93f21541b9e6c00be35a49875ae2228951e86a6998d02b13a15

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-4988-4fl947.grqlp.jpg

Filesize
48KB

MD5
5d8993973683cc68f82ee94f4ac2c91a

SHA1
673c0cf0b24ced24a2da2f45097fccbca6590611

SHA256
a16b9ff6487202c6a8dc4582aa65b450603658c662a7a52f5a1b66b3b5045a1e

SHA512
95ca4cb92c1a8ba4f65f95a155eb1491c191acc5047c013e1b76c240a561277463454f4d98bd2301d0943cee8dce4658e733e8fedb11cfcfd79b2b65b8ffd4da

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-4988-7v2rdt.uo6it.jpg

Filesize
56KB

MD5
df31f3c53883c3e914bb959a1eaf250d

SHA1
aa5178c0f51228da4a4a5d7ce327a1fb2c2e5444

SHA256
55f2c822e8d0b5c0ec56b91f5d86c8a4451de1ff9b0da9448a5a5704ebf1f0b4

SHA512
a02874b31f465c1ab3809e286f388fd007f64616969514a2a9b698e5c8a69cd5acdd4ffd069b9b01cd0a3902e01ac43499e63b5fa5e7fc8840d6bbd6f863eb8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-4988-agampv.hkf0f.jpg

Filesize
65KB

MD5
e0dfc97ee196eae154d5e054f38508df

SHA1
f4755015d918d494fa1394c6bc559ddae0f3787a

SHA256
c607a604980c6adab8f624b56026d76a6d8f2f6741dd8710f89e88ec94cc85ad

SHA512
d0c513b9e58cdeba0c78b6b8401296f736b34662b446a7482c72869aef0ec22dcd9cbd1eb3c82effa8ffa447b8c6e52bace6fcde0a1c9759c77a405f6537b38e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-4988-bv22fy.v7vy.jpg

Filesize
28KB

MD5
4682aa8414635b90a8dc54c407bba49b

SHA1
20c45e8ffc044381ca88f4989241d4c3fc2b0b8b

SHA256
4a18363cb03a1c529a310bb003b6890e5c10ced0ea5ceab393a0d8a2ae547d5d

SHA512
4eff149dc6544b60943a809ee389b79b4ebdf904a5bbbc427a779d7a21a083f545d263eb123c7d6aa9c7241ea1426173cb6f7d4f5eb1457cbe5e98d39664bb75

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024219-4988-fkk090.sdct.jpg

Filesize
16KB

MD5
aeb532427cd96db6214be9d1ce9c795f

SHA1
fea9dcf37962ede39e05c8d48b340de2a7c6237b

SHA256
8002a7a64a5b57bf311ec8e4573c559faf73b2c2fa954aafb4c108035eec574a

SHA512
a483f1a61a8f4a6c361f413b4def6bf119cfdd43000d980c16e377c3bc517f29d0de57d822e96732e4b4ec84cf0a60942c8dacd0d7304c488bf6d6079f7d8119

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\D3DCompiler_47.dll

Filesize
45KB

MD5
1a645ed8a2ef8a9542b8ae7d582c74d5

SHA1
dffe5a8cf7ef1f8e6d7157351da5acae8ae3d60f

SHA256
26269572d614a6c2c5238ab80ae434bc9dc39939949464a7d04bcf9cdc5dd5d4

SHA512
59e298a1030780dfdf09eff12eab1f43460318989dcb11db42c76afc15fe8f629133d2aea0eab7f074e5413a0f4bb1c2a2e6d5d58f8aa2ecc5d2095926da4125

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe

Filesize
145KB

MD5
a69ec9c1e0ed01ef79d0b1cfde6eaea9

SHA1
b98dd4cb22ba11a5bdc86838e0cf669958dd3dd0

SHA256
1a5c741ebe18280a3f1dc25152ab209f54b6bfda0e3d3e3ba7b87d394a9029b3

SHA512
c4648557c2675318f4fa15ff7b12ca210eee77d0c4d9a1010822a78ba078cb44bad5aea7af083ee44a228fd3003e4490f1c8a9b3830d1ace651ca1833c803979

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe

Filesize
14KB

MD5
3c13199f20f493c002cb6381f99adb38

SHA1
00f97b50f6bce71c4e08aaabc1020b75498e7286

SHA256
bc111578d52399abe3a103fc9ef25f5baca895e34a25583a2c9c9429c2aab05c

SHA512
170f403901ed7bdbad0347c25bd44c96a7bcc162b4996f06336d16c3c8e71fc3ffbcb85ef43d01b2814835804735786fe0776978f9655a5e55efe53f0b97b97f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe

Filesize
9KB

MD5
ab3afdb8b13779523b04bdf091541ace

SHA1
26652a4ad68b667ea96e0fb29845594a9d143d80

SHA256
53bf75a3fc08f976d7971c410dc320fa587208abb26abf4b0e52d2b8998c3971

SHA512
4a93a262ba4f5ee4b9dded5e0aacaeca99cdccefe4b311295c4ac6b2fef7ea93ebdeecf0f6d42f027ef9791dca4bf2f461dd3c04a0c2c0553b0c33de89d66200

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\Launcher.exe

Filesize
1KB

MD5
918157721b85ac1432c945b10ece84bb

SHA1
ac0eab45d0641b00b0ec918873701ac067fc8f8e

SHA256
5336b6cf5eb3b78fbac514e1f70323fc3d7fb2600aeffc1e4ef9660c7deed259

SHA512
bd5522a3e9f424074214a18987cebdde7975fb70d0f8c2baf5f7c9d4ed1366fdaefb5df2158be6052677c1652e4b744464ad180fa8f2d1b0fcf985e5d26be0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\chrome_100_percent.pak

Filesize
16KB

MD5
b2119c8225a66254c06c9d5077138c64

SHA1
a982de3eedd8589f5f70e03d48b6663876474169

SHA256
8b7427da47018a1688c0740f691ac8afc17301fd44aa085ace44e4ca11c0e4f5

SHA512
fff67f6063702f199f2128d05476b65ba26672706418e37485ea42f5af8f5d2cbf623d2d157feed5e99436e3e83fa8c46d743ea63c44a8f6babc60e73e8c206d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\chrome_200_percent.pak

Filesize
39KB

MD5
ece2ebe491779878755279bd4464b727

SHA1
bccc8fe3b63e15a2e431a54d3c7d32d135a41af1

SHA256
7d1523f43cb630ef62bad2c4a1fab0c4caea8d6b0d718920320787b3262345ae

SHA512
16fbbef00aa1ff52994804eafeb60d59b686f5f0fa1006562cf8299b1c267961096655237c0cb0d01dd37e9e881586c3a38a16830454bb316b825399d4555528

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\ffmpeg.dll

Filesize
142KB

MD5
7abaf00cc4375a4a1aefcb43d448ca1a

SHA1
087ab9eb0eea66aea43a423c4466ebd27aff3e61

SHA256
0683e81bbdbebe2389a45c8a97ccdd3a44224d520d4108975f43ce24dc9be350

SHA512
8dbfdb231c0522cb0c5dc2bc593565a282a1b06911735a914338c586904428fda615feb21e4854645261a6790ee3c3e07f283b948721e9b09e6cac87706001c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\ffmpeg.dll

Filesize
108KB

MD5
08c934488190e6afb1f880b177116a58

SHA1
f551b0f6ed4e14d942933b9bc32ede9ba43bf5fb

SHA256
dff2d6691b32a4596b53758118ea7df54df7a78b52b5dfb52f553d56665a374a

SHA512
3b11f0808acc862b9d11f488fb081fa00c5708457cee71cba0a483061597e3b9fa838e6f356dfc26635792c68013cad3ef23f2ae3be9ba124fc4931fec527e70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\ffmpeg.dll

Filesize
16KB

MD5
51cb2c32cee317ea88716da12cd14743

SHA1
f8d127036e969142546a3585855fd4644cf34ed9

SHA256
1c488b20a1fd1bd88d8a3b5388e04b16823818f00aec297e18abd23bcc96d1f7

SHA512
343abaad5a134579b99058382aa4c9cf4284beb58c0b469524eca26be8af01da11f887a7a269e7d4cf707bd7be55a131b69e29b9810a47fa36759caaa7bbc48f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\ffmpeg.dll

Filesize
55KB

MD5
b85e81c13b0ae5ce1586f694fb1553af

SHA1
c5bdb8cf1c398658ede09c2e4cbf4576a9cbcfed

SHA256
9151bcfb213310b0e7e84292e97fd98d7ccd697f264cc0749b7bd67a3c8b6723

SHA512
cb19496bb71672922b9ac6225f5ea476f780cb125de2f83c2068399fbbc426405cfdaa4e272160d571eb606a61e83fc3e2dadc521fc80533ad0d7406093caab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\ffmpeg.dll

Filesize
17KB

MD5
6b365d3ff2c4dabb53ff39ce44b6144c

SHA1
f8faf15e2a980b894e9b236093cc25e1babe79b9

SHA256
deb4dc58f152ce96688d66b6ce59e07f321f2913df51bf01e14414057ec3974b

SHA512
ca3616f9204128dc39fa914014c7ab7ea75a96e1d64ddf7a3263030d3b80039d08ef4ade90255f01a7d6f533f0012608282c555977456335eb4af05d0b8ac0c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\icudtl.dat

Filesize
74KB

MD5
5429a8cff433f71c1c47e1a39c3edf11

SHA1
18ea9a632fd463033a1fa0483f58ab2a67c13395

SHA256
c509359901359401fb16092f6bccf203c5dd074a5a765b952082c4c1c1157523

SHA512
3c37f3c6d4e25ad5b62e5febab33fe9b39ca34b6c29aec978c2aecfe9694fa9407f148032990340a84e9a24fc2a26d1b2fdf727e4b95aaac2dd7c70d1dca2777

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\libEGL.dll

Filesize
43KB

MD5
2e3c33d0c8003adea36c0f9dcab75a90

SHA1
a54f21595708f756c611e0dd104cb02b4777d020

SHA256
730870afea7cdaba4bcc302b733a088dd38e46cfeec974b6e5a49b659b3ce676

SHA512
145bce861f034130f6897bd68bab0916fe18d8d25c7a1e2173edd00ded84f961520519342c67e81e21b266de0ba8dc5d6e14ffb770dc0860eaed8c0b875f0d2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\libGLESv2.dll

Filesize
1KB

MD5
173a31019f82ac869424804f0bc7004b

SHA1
b5246959f73aeb91d10859dfb6d66693f9389c6d

SHA256
60101b31d0172c825778c65cf20915ce1f0d511852a477381d9e2ca163ab7358

SHA512
7d391c201e0f13e1a576fd5b833651321b88a8a57e17798a0e3441f0a75bc05aa0bd114def9d7069aab49ec5c378f8ccee2ebd570028a740df35137c21433fd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\locales\en-US.pak

Filesize
1KB

MD5
5efb7220088d62fca422a330688b8039

SHA1
e623881d39a8fd295b405c34889c78231f06172e

SHA256
5d2761dd22397459e348f7a829ac3587ad99df1f9bfdcbff34ffbe063697aa8b

SHA512
223d06746c079ddde5fd03c26c48fec7442f32677b438e42870d627061b9c868a899b041aa01a50b5eb4c0fa54107cf61144065436e28cd61407cd8a20c197df

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\resources.pak

Filesize
32KB

MD5
14ad6e64603b9532ed441520a9ad2a1b

SHA1
e77b216e866478cc7e935b69e044b93d631c179e

SHA256
b1de33f346c2e89eac917f3e1bc6a0064606b90ebb89c6ac8e2be810ad2bcd35

SHA512
237d8ce03a5e8650c8865a3a92ad2a1b6c18a9daa7e079326f133a2db7472447783d9d6df37c72c87a467f3caa4345ea142fe820d1eb2dc969ecaf7c04f09c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\resources\app.asar

Filesize
111KB

MD5
30097662b30b2b0183d4dae75923e9cf

SHA1
c5c4e327ceacf7cc398446bb99aa80c73b0b219a

SHA256
70c9b725822445113a0bd4d7d6a851093d050b55c5194d2c032bdeda04682bce

SHA512
d0b1a4c7e5f531a8d17094de8dd224b0313f38e1e6f0caf9e07d51685d86de09ac2d248c510d588f49be9ec954a09d342eb54a95481f1eb1e8afd362caea364f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\v8_context_snapshot.bin

Filesize
82KB

MD5
94dc143c1d2f21754476f44d2a79ed0f

SHA1
c6b69b80bd3c1458880cf063a9aa2d4e4338795e

SHA256
0152b1dd72fd21bbd3259a704fca6d10e4ba64aaa495d08843011ab1ea23333d

SHA512
239469b9d25cd8206c093e28dae02199ea0a3251e7cfbc5818093f864dfeca54201032ec646bcd4c95e44e1fa9a40ebf65d5fcc9a2f3cdbddcc78ab882ffa649

Download Submit
C:\Users\Admin\AppData\Local\Temp\2dBrV7OCpQwIQ1ScjzEYLATQm8A\vk_swiftshader.dll

Filesize
33KB

MD5
09466cdb9d9020a9ca35c3f938732914

SHA1
02fa394f4f9d547d533e47ff9df68412a932ef92

SHA256
baae5ba385c4004518db7cad2128318523ea3b2ae96bca036b1e0494e6214db4

SHA512
780876212cfc186185c92c014c70581e4f39ed50b92344b3636c0d308353ed7bb0d028039d7f496f51670a40bacc16a663ac38b8458b43c450ac6836d891daf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\6152c6c1-8d70-4c6d-896f-de697f2ba9f6.tmp.node

Filesize
32KB

MD5
21d12eeda094802efe397383683d1f2a

SHA1
566598553a686eb8ecf9408970156198dfc87f07

SHA256
fc4561ed9976946114fd247879324f28776a66e7a78a7ece78c859d0b4dbdfb5

SHA512
33c194a91be0d1151502ed54ce8b7d5cb1efd05600e28dfdb8d525f3cfc597cf86007f253e598153a79336b595161cf164e31765f7339a6805d11cd4cd930204

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES7FCF.tmp

Filesize
1KB

MD5
cfeaa244624c4673181be15d11ad3cd8

SHA1
e7bb224beba7e2e4977eb261a9a8849ebc30af14

SHA256
12fd26382fc9403db7a84977e558f1c421ad6a4e94bee0e3e8f7fa19a2808a1a

SHA512
2aed93bee063be5d8ba27a48bd426b423cb71e83d5beaf2d82cd9660296a2df72ca9447ee76d22c49c4cda4f759f923bc7428383f16e5f0d42c1cb32fabd1c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\b0e20899-82d4-4ec0-bf50-735243acf1bf.tmp.node

Filesize
1KB

MD5
f476294452dba200179c01c578c035d3

SHA1
746a0c979c8008b242b8dbc370c524f34d29d06f

SHA256
740fd056867d34e43e7b1aa044b3f417109906d167b8add031a5325d64960a18

SHA512
531330b3a9a6d608d33f8d3beb38b37d22fe8893596e4e5ba8941441c78c3d066eed21553733c69decf085e09bd62af0025d2e95a84672cc1f9aa4936cbe1462

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Antivirus.txt

Filesize
231B

MD5
dec2be4f1ec3592cea668aa279e7cc9b

SHA1
327cf8ab0c895e10674e00ea7f437784bb11d718

SHA256
753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc

SHA512
81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

Filesize
249B

MD5
cf7e4a12f932a3fddddacc8b10e1f1b0

SHA1
db6f9bc2be5e0905086b7b7b07109ef8d67b24ee

SHA256
1b6d3f6ad849e115bf20175985bed9bcfc6ec206e288b97ac14c3a23b5d28a4b

SHA512
fab79f26c1841310cc61e2f8336ca05281a9252a34a3c240e500c8775840374edb0a42094c64aa38a29ca79e1cafa114d6f1bbe3009060d32f8c1df9f088c12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\LICENSES.chromium.html

Filesize
334KB

MD5
69a431a502c668fc0194180fb0aa581a

SHA1
74f90bee072e7ce0b67d3ef559717f6b65cbe1bc

SHA256
fd63907fd94bc3a551c43929ffba6e052c28aa43148d596fb725770509d23f9e

SHA512
6354b23400632682865702cc56e83988fbc4be2ae3e9dc516d94777ca906d2b165a2db72b713169027ae1ee4f4c48c2b1a058f74d712a877922a15ca738f06fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\Launcher.exe

Filesize
118KB

MD5
e3feb7fc32c19ced8b4ca399dc469cc1

SHA1
d8e49319c2783f2d160547bf65f22f63dd545390

SHA256
46aa4a49dcd12db8eaa291936fd3ec5745bb2d60e13ef51834134a196e05d378

SHA512
a4346c2c74ecf4823c806fa7312a1e87fa38bf86e0f8dff62d98900e58e29abc78a3041d22b0887e67c6269133c41e1855a272f24d38598586db0c7498bbd779

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\d3dcompiler_47.dll

Filesize
911KB

MD5
5981130abe64b16ed4a5a3268fd537d7

SHA1
527dbc06b4a0d86bb1ce4805bbd9f50e4b879d19

SHA256
7b5bbe7d73293058cb67cda8298f1131fa959be24d55a36c3f44c8f4b0ba4150

SHA512
b538b65af50fa8d5dc3e8493cad096368b8dc3997224b087d4922f56246e1572436bdd3d5e6d58dd5f1e69dc953bffbf2165065b0cf1c87ba576ec4a650eac8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\ffmpeg.dll

Filesize
102KB

MD5
900dd9569edbff0905b4d3a02f3882f4

SHA1
63aa3be04a83fe400fe4c29f349e14a012883ec3

SHA256
280624601c6230c0d5a4ee0993db6cd6e25fbf6388a88db3d2c7cb150521c956

SHA512
ba20ca645352661063987639e998b30a06eb344e945d9d7927ab429963ea26d30af4e48934c2e66c4e4a5cd821743787be5d6b89d5ef47e6fb9341fcc39b2b96

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\icudtl.dat

Filesize
222KB

MD5
379f28a7dcac829ef5c2f52541af49f6

SHA1
6d50f56dee6f1faf48755f625da99566e55fde25

SHA256
2ca1caf428bbaf26a9cb319653ec1e8c6d1b99f28c6d2bf8dde1d22c907eab6d

SHA512
4521036fe69b4375b7441159c5ca208d32048c2bf9e27b8f4e3a5d2705cba1f47bdc3995804e624a00a380b414ab7cbcb61971fc68a8a879afcfd5f34fd6b37c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\libEGL.dll

Filesize
128KB

MD5
9f98d23fb9c0f5bbd00693db1d7caa86

SHA1
c3e3032b5a699e0726770150d42ac53e45b6d18c

SHA256
a51166e708631c022d13a3d9039448a76d82269ccd4ce9e586036d0cd3b37fcf

SHA512
abc2f24fa3078b09f217e7f14a97452fa12b81cacc6e4cf3952da8bfb369898da1aefda6ac93998e028d70d63341974bd097fd49ceb21a7921e4572eeceae9b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\libGLESv2.dll

Filesize
14KB

MD5
81b12d05926b28c07cec1a46dab6a936

SHA1
7612a6d9231ff4906c3afccc30ea436d560ee2b0

SHA256
870d9a11c9f87dccf0f0cb7bcc84c8a315554ec84b83a47dbb7d5bc18e6ff005

SHA512
3d42b224dcdbf2f831c1a43c98eaf953ff1609938b7dd1235f193eeda3564368867701fee52bf2c2e39d409bee459369493ea6d1f48300d396638c73dbca9548

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\af.pak

Filesize
215KB

MD5
b394b6f6663060d20ece122b5d35dfc6

SHA1
7a9ae1c4362087d04c0cbd34d1de4c716ec070d5

SHA256
95e56c52896898bbf164e27445b57ee7b7e878363eb25baa55d3209c03a327ca

SHA512
b62293239cc56e16286afb34ca3bb9d69c3466ba82324ceec8dcf6e4dec69a0f458020161c0c7c986a7c4e4f140073513f813eb3be1162020071a48361e9c037

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\am.pak

Filesize
335KB

MD5
a49c839dbfa877639fa731a5d2d5a7a3

SHA1
30eed5eaa3529df4e3f282a41e779dbb1cef2038

SHA256
c6b3da1b3f7d6eaa6fd1d8fd6b98db05c2dc390da2b32cf3fd4bb5c25ba6376b

SHA512
96e04a324d3fa79fc460b03afca62d18cd4bc50b5c0ecce82b58ed8e630f22a54cac1dea937746bf87fbfe839eb5337759f837d8f1599124471dbaa70ebfa3d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\ar.pak

Filesize
210KB

MD5
ee21c11c4052a324eb1b05fade3d666f

SHA1
f48f990fbd3c44c12f20dc60c824bc3b83558b0f

SHA256
47712e7ce370366750d09634f03b78be06670478163572b7e5887ce68e82ee30

SHA512
38e2891821bfcf33a662749227f67a23531b84d90c5448268f2f90d2daf6fd53da9142564bd4616d432cf4da4b8244476c66c35bb99cef0e006ae0a3ba6bfaac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\bg.pak

Filesize
306KB

MD5
5b50199f8361e9dc5232f8f607f9f2ef

SHA1
fa694f3cb587b0692b4099802171def4a50b6633

SHA256
106cc7d5e8aa35fa40c0e0e3e5219e5984c6232472573f271a200c14adcb0dac

SHA512
1dae518a6eff33d2d20695bfd738d9726be06a647770853c6b560caadf8d608058a3f2021dfee77bf5e0fdbfc607a371c0ead224ba4fefb9d9a488f228fe278b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\bn.pak

Filesize
332KB

MD5
5fb567ac1d9eeb2c02db25b1413887d1

SHA1
3dee9ea24710626f700766a84dcf0e3f57636376

SHA256
5d77365c63ee2f112bda93dae5d38ea22336ed4937cef8f83cda2e5a2899b8a7

SHA512
a3f654e13ad6b265786138eb7dfbfbdeecd89de1adf668715bb4ef6609556538e54365165551975a86a932e3f0aa4621c4e028c1acd1a3030cdee9f02ae0444a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\ca.pak

Filesize
170KB

MD5
9ed81eb7e2755f5b6a457985700d7e5f

SHA1
97d48e35119f761853860e81c470418d02c1cf50

SHA256
9ce47746f62bf3d3d24ba07894d3f73f2f06aae4acb94cf18b48edc69b1b428b

SHA512
4f3f9285c90aa8bf582577e1d2aab13f400f0ccaae25313cec108006a2e601749439035a00994c47015d2ad07c7de96186fba70ada981bf3f645ea89a3c368a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\cs.pak

Filesize
221KB

MD5
e9e208d702956cef8ce2ccde8f2e7a8f

SHA1
a27dd650e4f49325ad7dcd3b2ca806079b4aea3d

SHA256
be8a23a12614c3f4a07d5d91d4f03b80b992f56667972b39a5342cfc80671e55

SHA512
56c38928d4a155056c547a24309b5564d9e296b1081b04ea4339bfe068847c6b18d1fa557b0aadd00634ebda9529868210d9612fd77c774b40c4276709383594

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\da.pak

Filesize
132KB

MD5
c63a9d7cd17d02b3cf03178a28861654

SHA1
2e31b77b41ad40c44d13b868f801a9b82f9e6233

SHA256
674ccb09de0d5ec4f7c4ba60977c6086650ae80000162f89fdc219ab03c09574

SHA512
00e6ad0345777e1af7a3d3047b0028e1898b66054c43b225884c53856812b9cab1c990652626c8ee70d4b30f9a96a53855ca52551d5ee14eafa7014d72dcd19f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\de.pak

Filesize
95KB

MD5
9af84ab9ff22d02cf97827352feada37

SHA1
1e2a96ee98dc8f3404d072c9ca8544b7f4feabd1

SHA256
27c1e0928364ca553455f4493c5c4c8a13bdc4f035a3b3a157ab0553899007d2

SHA512
31288b93f05ff43ee4c0e02aac8ca66e9577b5c478bd8f884ba15b123b9f2c64cc90eeaf27fc33369f9edfbce7fc8de01d757ee4a9fc2232538eec16a5ffb0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\el.pak

Filesize
162KB

MD5
7fb32933caba0dd1c1a43720f6222505

SHA1
294e5af1cb2ad973b0d3aec5271ad8bc4d2e6b12

SHA256
be061387f3742be375eb3147ddd2e30c87740a68c2280e468ef95599a13c5f57

SHA512
d48ff4730cd59ec6f01adf290fcff3b39c3043440a4690c08ca1e8bbfe5c6d48c5417ec6b00d71ab63ddc2893dd41b38f4c58e5f3cab7a6de467de1976fb2554

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\en-GB.pak

Filesize
176KB

MD5
848a293088a1870aac051c5aa5d79280

SHA1
cc4293b245d26d436064984acd98291c5c70f6c9

SHA256
ff38766865cb9bd362f7d68ec9bd3d6594dc644e1b4e3e3178ad14905515c0f8

SHA512
ac40956c208862443d694c5a64b92cbd81d7e06a0065d474440770f12dfe8285e421bc54768b6e68c8c4dc3f97f27fe180d77ebaf28e0cea3cb613b2e5f5239f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\en-US.pak

Filesize
113KB

MD5
b76b028d778ee23f140034906d46b59e

SHA1
269b1a6c320fb7de3a389732a17afb5918414178

SHA256
2f5c3a48e296c026545607b47a9c35e54ead9f6f821b087224e881c06cfbb322

SHA512
ff0ecdde19586748067a9442fe225a0065b11a5cdd81fc702f015ba6984e375dc3618e7a817673bc23cc38d56cf00e3402f11f3b9f291945d20f8afffa64cb0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\es-419.pak

Filesize
171KB

MD5
09610b596815b1c504db68bafc4efcce

SHA1
c8c459ecdf2b7a53236cb615d0dd7f6df017fbd9

SHA256
60fa7d616803b77fea7f7c32cd54ef8bd8f339c5c7578e7670cea9bd69a144d1

SHA512
ba7e014ba9b9b591b62404218104e568f3e1bf9a162e2a2adb48dbed8978fce192b359f8602c368de863b6d46661bd425e6afdbd5acc5ed26d614a1ec3903869

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\es.pak

Filesize
211KB

MD5
e37f82aac2fbcc9a6d272acb73ce295e

SHA1
6de932b178c6cec70e48ea20190e06c1d00529f5

SHA256
c45ec3bdfeee799408b0cc7f60cda162b4bedbdbdda57cd3281a372d13d6c441

SHA512
f429b97edca40721237a0f8835df209d02797910cac7d0bf821b33f4e7bbad7233f1f8c8009a8bb7ccbd0ca497802a2ea7f66651652840bdd37b777a0c3b64bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\et.pak

Filesize
63KB

MD5
75b3cdd9fb4ce4ce0d6ca29617a34a32

SHA1
6405cc64966627d096e82d1d3064b59e54874a11

SHA256
16a753a6ed50ac482e7871c9fec87a4cd18bbbcd075f5a2568a2ddec11704c38

SHA512
f5172af30e3a046f70402d01dbaefffeed6c39e1b3d01a9cde6203984a1d443a724c5ad298112ef0c655be58a4587743e49a6cab8d550d278c2dfef6095638c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\fa.pak

Filesize
241KB

MD5
f165f2ccb8e36db1cddae2390e2ab557

SHA1
a7fb2e9b9f33e0020f4cc661d97f18d93811436c

SHA256
56a4ade64e19f07b7495f89ede176d395cae6f55cacbc7fe4ae3c8f3c769eb60

SHA512
75f5057b6fe7d51b70f14e2e00c93fb42acd54041192184f2c7bf2df6f430793cc12cf808bb41d9fa2002328e63e3a7807b4f82fc65e108497d1293eb81f924f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\fi.pak

Filesize
202KB

MD5
dff88dcc02dd7e044ffb6c9dbed64e31

SHA1
b371bf59d543fd78f28af6c5ff858faef91753d8

SHA256
317a08ee640ec86a19e3f77d3d6d3bb7e9f05b9e4607ca827ce8a538a2883098

SHA512
8f28fd81fbd968971dae6f880b18e0e9637c00f065fa330d71858415df367fb21e67926b45584070984019e6e4bcff62496049118b720228ece023fc99b4ace8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\fil.pak

Filesize
148KB

MD5
bda1fc74b52e7a851877df3dd0c4e27c

SHA1
7ce46385ea04d6941c2c738b8fd2aa9efd700c10

SHA256
8dc4fd034113d0021982ed35138170201c874dbbffc8a0ceaf3c50d73aa94179

SHA512
fbb94fad8f89ebec73cd462b1db9cea9c980b474deff3791a5e5b478056f7b68252170984aa36bb2b7d28390fe216c1c8b7b7d6ef5075b4845268c83bb9e0a9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\fr.pak

Filesize
215KB

MD5
0d72e4f720e81e6a25ea477949d230a9

SHA1
c28c0019e603bd7540bde8cdedb449b3d5052dec

SHA256
1e9852ff8d72a5575e3cd4a8815d343b53380ad59fc44f1a8e827304a3af6b62

SHA512
d71080b5a9a65ef4583309ac30eb9f1e3bdf7c0541ee0a8ace3e4c94f87cb1cd57553e697704da3b1b790a127f4e9245b652e25756a5318c1234e9b8134f0c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\gu.pak

Filesize
179KB

MD5
039f8d8867096b462d0b66d211e70197

SHA1
b1360e25e72853af4aef222e486351894d2688f7

SHA256
5ec4bd8bdbc4bbf3c50f91a94408b98541c0848625ff61d3920b926a60fafdbb

SHA512
1cc8106beee694f3f0b66fc5ccaecd43bd8daebd9f308eea0d49c932722a45d896a24b824b8c687233d0acfd747dcad5694d498da913119a2f91b5ac77c7997a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\he.pak

Filesize
141KB

MD5
3d4cfb2a323399cff9b7af541e61d956

SHA1
8ff90739e9e2b558134ee3d62bf3d9fc303e6b85

SHA256
caec4ffdcb89e6bda5be89d8c8ad0c974d89a8714abbf9d2a569da172ef3adcc

SHA512
f080b8c43336bf10de0da3424296f31fe00ba00b6bc7915478ca8d5385d433eb3edcb961acd1728d92072d65f2980634f34b754a87687cba63a2840e3cd09d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\hi.pak

Filesize
181KB

MD5
82cceb3677f00d8647bd6bfa51865c2a

SHA1
0595dbfd8171cd56efe5168f50b2d463336d4023

SHA256
409edd2b3c05dfb83268ff0d8f5556c542044e6c77dae964dcd27b9fd7a5516a

SHA512
c8afc631b1873a25812a14e9c0fb2db50258c2d1401ed46dab2789260603fff9443407df42c532be5e1276a2299c0940e14c76720df31bf61a78a8b75ca39bc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\hr.pak

Filesize
147KB

MD5
8310b3efc1729f1154fd7079031ea93e

SHA1
f0e9de9fc5292ff86c5ddb495d5652d8f0690673

SHA256
6b5ec45b4a9505ad0d61b13667deacf89da7d67f8cd9cedf139d1e35b514fa4a

SHA512
b10600123709317aea785d50c8fdbb0d4ede0483ede11d3dee50dd5ef2578dac1221f5aac462bc81e92d9eaa8f8927d1b45037f6c20b9b78ff44616cf9a67387

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\hu.pak

Filesize
270KB

MD5
23884b9ceba380f68b7a5cfd62f599a4

SHA1
c5ec55dabba6441adaf12367d6f6b914efa03106

SHA256
8c84a5546ca65e06747835b810379c8dce8fcc0ce6d3c47e8f40daae9729e9ab

SHA512
93bca4c2e4ba411d26956f6df65c4181951a3a645285c72e5640f9c80813080b63a884f7981b641e5570a8e0a1e6b33c8d43d4b1354fd2ee15f88e62da753daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\id.pak

Filesize
279KB

MD5
b7dd87fb787ebd946dd4000a4ae8fa74

SHA1
5c42a683c13f64d3400ad055cde6c7936bc534e0

SHA256
f2b8475c0345bcd92804df6f3a2e92407bc478b3b40b1aa093d95e70ff5a0f7d

SHA512
5028c964f5f5242f69aad64d55f12aa6ba3e203b818e63794cac326f38d4f7b0589ca4624d1b5bca09086bc817cca87aeb7fffd56698bcdad2700ae2999b7b57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\it.pak

Filesize
108KB

MD5
935aa745bd4ff6201a911a8d7474abd7

SHA1
9892b536162c342ed83dbd86c2a8ddf1f5a2fad0

SHA256
08adfa0c7685fe4ba85960d03af42d1d461432762378df00d8be09bd7fddda4a

SHA512
3b783bc5170635c348a91a3518ed021f89e7ede568576e3566c4c06af86d0f32d6cfb50190f7101a0b3c8123a15176f4ed1c6d608305b95df842f2bd0041705d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\ja.pak

Filesize
117KB

MD5
21bf23b1372a8f101a3e7e379caa8226

SHA1
841d26bddf7c9fa7dac1db0bb3dc7d8a07bac0bf

SHA256
ddf6ab5467e7ffe3a7c5fcc158f95164456a80c9bc328cbab022a832d24bc19c

SHA512
0cfb078d3a5cd6bb9a504f47eccf3e74bfa86e1fe6b41dd622d2a26b18e2a3ddb0c9b36c8839b336a447412fff51175659099c5ce70a01212d61218fd0b6dc6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\kn.pak

Filesize
85KB

MD5
94995d74b4a272d0589047727838ad30

SHA1
b9faaa977c362d3538c237fa3f508daa0dc1e68e

SHA256
29c251284b1e3ab1f678f0e20c81f42f345087ca0b7259e2bf02bf1be7ae34ab

SHA512
3fa3a0ff2a478b54abc6c5c1a87c5a6eec5c07e5b2b2ad116a726a6fbf58753394dfcc7c25bb48d3a1d2522a334de06d38f0610703d82ae097eb050f08b12864

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\ko.pak

Filesize
134KB

MD5
9ff52c7f595a46a349e74b915fec124b

SHA1
0d3de0cefb522f0e822a2177db38a7334e7a05b3

SHA256
4a41fe94bfd0809e1dc96da253672f610637ec651e7c78e8a7916ae04ab6a374

SHA512
355ccd0d9bc3c3f3c0f08806fc7870734246ed742eb3f2f7589f0d6d86bb1bda0d714a1d1e2977f6bea3323aa4e34328bcfc7d38784d8a6c7793fd0da87f2844

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\lt.pak

Filesize
177KB

MD5
edf8d62781abf552a4317fbd0ff8ec46

SHA1
248787471ac7bfa36df4ab1e8407d4e7dbe108ec

SHA256
178edf5ed73e8826c8e1af72e3f79555010c0a2e7cea1156c550824a56036e9c

SHA512
1e23af2f5ded75420a27958a4f2b620edf74966a3fad43f8cd881a30887d0069612b86137dbc3c81089d0fd0796a676e168d632bbef73ae868d89be679d355bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\lv.pak

Filesize
107KB

MD5
93b18e8293ff849399e1dace8d49ece3

SHA1
7726414d9815756e796d0a38f4c34725b8cc3365

SHA256
65e84d15c7121bab71a7003ec3f636134876a8f7ffb698281462a91a7991a7bc

SHA512
7f8bc4a3d76e6f87a0ecc8d9c6635ff252c7e444addbcb180f42d32762d492d9431a9ac7010c190052000597d89b10ab4408e37ed2b10376291a49157df15351

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\ml.pak

Filesize
132KB

MD5
cfd1d14c9c5d2022b82445ac7f1a9ac4

SHA1
a3d1ec4c79e7b5dffbe33a8424731387ec0259e1

SHA256
de1a73c10c881defe810f04ced52319108259dd2b72ccb6dd2069cf6fcc067ed

SHA512
788af0d5a990da13c03ae3693c7c31b1d0181f9d5f3da507a3105534d33e136e6fad088fa03131d996a977c4405110524af90fd63ce4e2df4467ab79651b3845

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\mr.pak

Filesize
197KB

MD5
904c0a58f3f0d205e5e24fef6c12b401

SHA1
4ea78580b11af7a5ea91743e03c81c7a07cda6a1

SHA256
e46a4301de23c894118ef08883fd3ba20f4ad2e7d390bcf38a4b7650683a79da

SHA512
d65fadb1143ea61066556f626d9a3b9e38c0626f2574a4c0ca2e5367679de97d3e349976f250d29e0be717a30774cbf52294f513c34a092e16ef05d3394ddc0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\ms.pak

Filesize
179KB

MD5
61c147cd5b60405c318429e6fe21838b

SHA1
e2be7d105e7a12146bff3da69ce5b4039af57485

SHA256
56c7e0c98d862fde375c62c806f000778b0a74bebbc6b9cc500778c4b7ce3db3

SHA512
095765104b7a1867a0da61d1b2a556fd466696999852aacd6fbac17dcbdb620d696db3f8edf95a542427103381dd57b2b9d8418b5ecf450277d1d4ba78ec5c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\nb.pak

Filesize
235KB

MD5
20998708a70c7c18e875470e42727509

SHA1
7db91c0013308732f23d06be5472c1a61bd4d948

SHA256
0625feb87b437204edcba193f51c6456d9f1aa171e7ae28e742b82b920e7ed18

SHA512
4b539d3a2487d483f5c995bd50becbf39c74a76e8fc2c9971be78c129320e8258dbf15d4d10fd0bc9c869c5ed982c2943bc08061c0db160ba5eb054c5ec10942

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\nl.pak

Filesize
241KB

MD5
d9807239540f614f7c70b093e35e2a53

SHA1
f6a3d8b13c17b39c1c855afe773c603670592502

SHA256
5315f5a6defb7e73b51dfad3ccf669ee31dde381d6b66f5a3788dfcb5e2b677b

SHA512
86ab941921e2956982c69ec46281b77d0fac837b115256435db14157f5bcf8aad1696ca7fdd376f23235dfdfe3c6bcffc893aa7e96ba70fc7705133d928195d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\pl.pak

Filesize
252KB

MD5
d721ab9ffd3f91c55abe1d6af7049579

SHA1
718ec0e0eba56b418b2d8f169061cb066b1e7eac

SHA256
e7e4150203e0fdf0e42769e94eaaed43cff8834a3c9dfb51be2ecefb4dba3285

SHA512
ee36f9b7cbf312c4a0cd78149251d6b408c4a212d95ff721f837ca2b6a74521898fd25043f1e7a60f01cdead9f92432c6cb7d78fcd4488d9ec064eafb3fbd70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\pt-BR.pak

Filesize
192KB

MD5
32483136e133bfef5f3a3e2c64e196ae

SHA1
ade5b1d7574515875c882e55013f50f8eca847fd

SHA256
44a0aba447a4edcb2ba1c41c22c3bde889b8d25642858130c6c098898b0e337f

SHA512
561baa1a9c622816b1c3de46213e627a3a52242281ed9d163b4907e4360fc63f18902084dbeb68eb62f890bdf7046649258b5c472d295360f2426c8cc0ce98d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\pt-PT.pak

Filesize
147KB

MD5
e890f3c5183b2d8c3f2d311098e3561f

SHA1
3c57917e53a3f50cb72919032e379e20940673f3

SHA256
9b3a4a80d276e54d5347fa7a434a3d5c0dea4d5290a231322b4f71cba91ac43f

SHA512
50c04a4f79b91b27d247139058b51df0ccc465152ec129e46fc0a133a6d7adb3e036b45a8e81641a8689bacbee5c6c270c5ecd4abf2a16a1a18c7834d797080e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\ro.pak

Filesize
107KB

MD5
3955811a92b19b01924d38fa5f1269c4

SHA1
58d65cd3b299d8f072b7c2a15361fdaa3df1d536

SHA256
d4bee7417ef8012f4f2b2e60494c3d808c48857029af3f8d1d79447f06ef93a3

SHA512
5410acff88bace942ac53cf50c058845c02e4dcaed92872277f6c5f01206143c7b8ec973ac3830b985bec649210ad849a10cb2486af57735f3959ed04f4f6c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\ru.pak

Filesize
149KB

MD5
68fe34e21653200417f01ea9c72011fd

SHA1
c2e8b8a1bd5fbc370ff2c2eeaa2902c91092db63

SHA256
4be2a1564284a79c682df567f87a57094c42e4338523496ffa43952c3e0934d7

SHA512
73360e6e3abf1a177abd71f881baa95cf73eb9e40715aaa33769b568fcc8ff93713dbc10121df683bac61b14e916b9283258074a219a0c548d2dc09ec1c05387

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\sk.pak

Filesize
118KB

MD5
da89ab626dcf50f950f156bdc15f3d12

SHA1
dc82aae269cdc1d27e435a8a9d7939305656a379

SHA256
de695aec681f3094e93a4886199a5c74522fb2e64681b49abf9bfbb358d9a866

SHA512
18d41f36f8bfd7b100457e719e8ee0b0d9c0f3037b8d74f7c5613149c2882383071f5c2bfdff67aa439e843313b26ff54da48a439db16b47a5ebbab8aba15c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\sl.pak

Filesize
181KB

MD5
5b9f452c18ac2cf4a845dd1411aa11dd

SHA1
19af14a5bff02fdeb0b75ad908e38ba4a6251fef

SHA256
4aed5d651badeb2e7304fa1654bb83f70b341b12d864d107063452fe8be06f1f

SHA512
51475224269048d9d9a93cf621d9ecdae80d1c15733b035de553cd33b002fddc732b4a4c292f6d2070043e86bbf0e2a6549ff05714c685fc710d4980b798adfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\sr.pak

Filesize
150KB

MD5
1a8e2b092ddd5a51708432dd2bca4541

SHA1
46887707afd1a4118de3c943a89ef10dacc20582

SHA256
3af0acf0601b7cbdcade4de5ad7e6caa3e3b92cb224151d7a0b6e10f0d732965

SHA512
0c6d9ca75ae43ff5b91940bb3120530875ce5938a9f99d5e0b9c9c76766ffa262d7f75edb0bdbb0507144ef3cf119f39e6bf4f97a2ee8a300ed3f7a7c04747a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\sv.pak

Filesize
165KB

MD5
a7334dc2e0d6a092ba6d242b957cd43d

SHA1
e64c346a4d581a6caa7c3992026a2f188f4fa87e

SHA256
89016b9c12f31cca31c3ac4025321766ce07a286055505582dc9631ec4be9324

SHA512
d488d1dc08cc5e514b34e8a279ec531936bdfd203cbbfe26b8f2e0a2713175397ac5e46b3f2b5477f403a242685c2fee362d15ca30090aa7a58cdc080d8e65ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\sw.pak

Filesize
194KB

MD5
c62e513cc9fecea20fc448a26fff15db

SHA1
d2348f3f46ad657195317bf088a1bb648d437aac

SHA256
d3b4dfedf303af773d517d22002232db6db0bd3b128e425197351b07f1a7ce91

SHA512
29eb915e69e6a46a88403ed549721bfe5a28a99919c789d750c3254a3bb9dae8b972946bf1f70516e9447c7c3ee0969299354f60348112d6c3d015f72917831f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\ta.pak

Filesize
95KB

MD5
b68385404d5995357a68fddc7470dd40

SHA1
c978ed1a76ba310c76381954e47dd5457e7de5e1

SHA256
480aa1ad5aba82d02de49ecb6f5a2d28ca14737eb21307f19411a3b15f54e27d

SHA512
7eba6095820a796e02b653a88a1d974fbe10477573d9df576fba9736acbfcf41274a9224d1f36e4829c845fb0be1ddb73e383c2e771e76b7c4cbcc86adc7123b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\te.pak

Filesize
57KB

MD5
a4340bbec8f0c49f5e89585da82d44ea

SHA1
6fb388bd8ead67e3bd246a935357bdf5e80a01d1

SHA256
c85653c015986bae50bfdb45f98cfe8617f2d76355c37ba0ce9993520428dddd

SHA512
64cb7a0de8a2efb8d41a4ce46a02291b7769aa4228c6773f1110ffb4bfa0deecfa200576ee9bb4a4ed5de5247f325cf870facf6eaa3512de5e1a3f869c0fc632

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\th.pak

Filesize
68KB

MD5
9f1093af9f7e00dbe43eb8dd90ed9561

SHA1
23743ec7f164a5bc15ef280ffe683eae046ff789

SHA256
cb286eefc0607514925d5aac9549e16e6d2ece396498c52b21f9260796d1dbe8

SHA512
066b86bad9dd6f011c1fb10721757f99da006e6636376d04be99fe0a48aa4a24244a3345559f335d663e268410446bdffb2e5929d4dc8dacc07eae0d02fcf3fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\tr.pak

Filesize
132KB

MD5
c35883adeb8f7374ad0930eba9845033

SHA1
d19d862e23853525f7e849121fab483d4f1d6fde

SHA256
4f94c7713e8e57471b353ddc46e889f0b3f43b08827b16fc097773d470e87a2e

SHA512
d5fe71343a14271121b03f79066ac496f23b9b84cc349afcf053fa5691a3d15653dad27b3d0ca822d2819f5ac9c139eb68b6e0c1a9faec5947684b0964fde2dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\uk.pak

Filesize
139KB

MD5
23fbd45152cc10b2590b153873e509d8

SHA1
25707c60e93e3c4326c10169762fca0b525fa9c0

SHA256
a2f20dc740ce04eeb9cf3cbd34ebafe09b577cfe474ea8afd37166a1d89ff50a

SHA512
42df39f71f99c2595b7282127f9139d8dd4b8474ec4584aa2eb4e05db221ff3178b2793ddb4abd23ba5baee9ecf3c6543540f96427d515c572f11754b26db075

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\ur.pak

Filesize
195KB

MD5
5fd3a0cb69d1ec613e0ed08bb7465b91

SHA1
d65ff862d6a6f4c445f719e33de21c0884439752

SHA256
76d82187c4961dfcb8f74d9d2becb2301ee46d4ff4d66b2e33ae40273ce309e7

SHA512
e3f3eb1831a099be00d26375dd0413d54daaa164f0f3a511deb0b8adfb64a6d282c74f1bf656edc3baf7de4c229f8a76ce8fb5c5d5f10a48af0805c02ba9cfba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\vi.pak

Filesize
94KB

MD5
e3267db3d9705c85954bed7e01722df8

SHA1
ecaf64e65cebe4b998b5c29caf6e9e08163ad1ee

SHA256
d1c55e8676bdb41b18dc12b58cceffd7eb80bf06361ab241afaf3cb4a89daf2d

SHA512
af0fe268d5d00c5422c89afd01cfe7853c046e9be8ff265edbfd3468b36fdc60fe3da06b49b4250b8e55993ccb3de70c90aaeb942ad9fbcd266bda4100a348e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\zh-CN.pak

Filesize
45KB

MD5
5e263a719407063fbfbf96628e97fb3a

SHA1
7ea2f363cd130e947afafef65276437e18af8d55

SHA256
7e927df7657a8a57a1a77e025dbc830f980a65c934219385f01a53d321ec2cbe

SHA512
fd4f5fb346ea73e3befe6eba228ae3b904903ba3eb34f5eba9c0f1c550fe157a2e544b9f7afdcd35dc1c66373fdda30f927343157007e96ce8af4aca861865eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\locales\zh-TW.pak

Filesize
174KB

MD5
248cb98642157a073b86f1d50cbff61a

SHA1
ead5a10abc2cacf4093363e894f03be6aacd9046

SHA256
7c97b838074cb57b9cb6ed8bbdcbcf5bfb365a28a0747102ebb3eafc38acf0a0

SHA512
7d31984b0405e089dbe6080b0fbe189b48f8fe9a9d6ea3384d1416c6a159be6d749a24791b906fc4149424326e2566146bdf84a456095dfcfafbb35996a7b059

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\resources.pak

Filesize
194KB

MD5
8d66c7f54900bd68a4f2e520d93376d0

SHA1
e3852457cf740e7d0d9e7a758ba3b9a3c340db3f

SHA256
9abd37002ecbf7b408490462c6b1a20fdc9442a8fca66b226dfab5ceb8f1d04e

SHA512
b2c782107749effb26043a4148eb6d5409e988ef9563bae06faae6017a883ee57e8a52bb8cedf661769261acdc9ed3e942e0970d988bde2e3ae32ce5b65c4bd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\resources\app.asar

Filesize
113KB

MD5
6d2934d008bde09accd9244e8b72ca05

SHA1
e35c259d033836521b04619c10bed75dc41ec279

SHA256
efac01f277e189f7a68f1894132f4792902c255d5a2524d908f4ebdf5c1faaca

SHA512
6a7c7be41dfacc0aa1c6f987af349e6eca0cff02d9c0a1608f53407192af22557d1247ff19e3a1340abf248f84e0ba3117b80fca6c4e7feddec1c59007113634

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

Filesize
350B

MD5
8951565428aa6644f1505edb592ab38f

SHA1
9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2

SHA256
8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83

SHA512
7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Filesize
3KB

MD5
d226502c9bf2ae0a7f029bd7930be88e

SHA1
6be773fb30c7693b338f7c911b253e4f430c2f9b

SHA256
77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f

SHA512
93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

Filesize
13KB

MD5
da0f40d84d72ae3e9324ad9a040a2e58

SHA1
4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

SHA256
818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

SHA512
30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\resources\elevate.exe

Filesize
83KB

MD5
7caa66d339caf412f12b910b84d4270c

SHA1
eaf1b56c5e74c7d74369f763337f3da705a8cc47

SHA256
eedb9120709c5c7241448d2f39c7800e1d43aa76c5e8cfa3d054aa29c1d431a8

SHA512
e76615cef56de34c8a656fba4196f6f6de18a80ece647e0f5b84afa63a0bc245f0f57ce03e97f24fb29e38f5104fa5de05e4032267f13c81d6bbdaa59086f357

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\snapshot_blob.bin

Filesize
253KB

MD5
e0d268b077b9e1082020411104399aa9

SHA1
fe4d9b56c2aab86e6803e911e4f3b9b56c18b791

SHA256
4caac466c80598858b74012ca5a551e2be07f01204642396105a9457e107a638

SHA512
5c9a7b6591e399f42c554658766b3b306cdb6f7fd96a405514d3d83419435dcc8d08700997cd8dd39751e8dd53aec1a0d1ff19e8e0295c5f7651fcf28e7c5f06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\v8_context_snapshot.bin

Filesize
261KB

MD5
0bd52927c7fe241500713676c52a7905

SHA1
453bf55c5165e05165f49fb47c8dd01155c95cec

SHA256
13a1bc48db241547f10e261ede3249b661f012c13c8e250b671c2eb9dfbe84b1

SHA512
aec36e93abaacdff973baf489d3b0639a967c49e2ac0222bddcc8a91203fd659991b75451ef190556dc5c2e9b518634f39d5d0553a8cb766cfc08dc0910d098d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\vk_swiftshader.dll

Filesize
208KB

MD5
c1719fc410267749e6a06ea8f79d8265

SHA1
aea2c34f38c7faff9666723be0343532915c15ce

SHA256
b186af6e65afd8d4a4cbe2e4962c323e555a455f75fdcd6f0b09b8601b4f49c2

SHA512
47825f60bb1489d3748132a38eda0e19f8cc0b5378f028819b89f04dbabd019fae73fbaf9b4e73e8e79bd84446d9eabc4ae7e128f7f67bcfbd9def2d78a883f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\7z-out\vulkan-1.dll

Filesize
168KB

MD5
c2e6cd3d8b9a0229ebcad3a0a4881d24

SHA1
2da51df6db1c4c11599d5037e7adcbc0dd4eb09b

SHA256
829a58493c2b9ee3a861d1743968e08bce7dd4eb9b63f8fae5b16cd7ec824536

SHA512
b7ff7ba7f315e80ce3426262802895279bc542712000155ac25c76e64cb9f7dd63f9249e2d53befcb3571d4d55e48f28b9dae806041adb1b947f430d3ebace45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\StdUtils.dll

Filesize
96KB

MD5
3dafdca3c18ca7193a9119e75e4c4a85

SHA1
7021b21671a156d055c327d00833d3662512b77c

SHA256
6c114a6d7eaff99f14989b2704c704bf0ed37302a76d874ae91725d2ae7d5981

SHA512
3c224fea0cd2e576364c1a33abf9dbd42478d32773a4abc2581d21f9075abd8f241f5254c73f5433315ed13f547d6c3f243ac18023c8a58f7ec30f977dcfe48e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi5A85.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

Filesize
12KB

MD5
35cf30a258b7626227a9ab97bdb02732

SHA1
1ae9149994fc5b41b16fe75811530d388fb0c4f5

SHA256
0da7bacda1176b5d049fce856097b9efdfba44d72234ee2e367a46d518ae4dbe

SHA512
4c8823d8ba16e359f577d98d4f510662a90abb98a40394d10b6e7e70284552ee9d615ebe1ee09fca72ddead4a38435d58d43d194ccb4bc096ac2e7beaa27cdfc

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State

Filesize
300B

MD5
de17453edccf75cb102d2fa264fb1a54

SHA1
9166a3445a3b26642fc3415a8187089bbf4e189f

SHA256
9042a6906d90966678f2399dfcbb3823185aa1fd8b2923dc097be700afe25e97

SHA512
a10e21f846793f75059a34af26257d18d1efb16d7ed6c4564b2c5f7d96fa3ed338d24ea37e91c03038af9edf64533630c56b1677fc2fe06f4a4d146dda75865d

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher\Network\Network Persistent State~RFe58a12d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC359FECD83CAD4B4D879225C1B79F587A.TMP

Filesize
1KB

MD5
a6f2d21624678f54a2abed46e9f3ab17

SHA1
a2a6f07684c79719007d434cbd1cd2164565734a

SHA256
ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344

SHA512
0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

Download Submit
memory/224-744-0x00007FFB1E9C0000-0x00007FFB1F482000-memory.dmp

Filesize
10.8MB

Download
memory/224-743-0x00007FFB1E9C0000-0x00007FFB1F482000-memory.dmp

Filesize
10.8MB

Download
memory/348-893-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/348-896-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/620-877-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/620-923-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/1508-670-0x00007FFB1EB60000-0x00007FFB1F622000-memory.dmp

Filesize
10.8MB

Download
memory/1508-673-0x00007FFB1EB60000-0x00007FFB1F622000-memory.dmp

Filesize
10.8MB

Download
memory/1540-808-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/1540-864-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/1624-838-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/1624-776-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/1872-872-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/1872-870-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/1896-1884-0x0000024C44C40000-0x0000024C44C41000-memory.dmp

Filesize
4KB

Download
memory/1896-1885-0x0000024C44C40000-0x0000024C44C41000-memory.dmp

Filesize
4KB

Download
memory/1896-1879-0x0000024C44C40000-0x0000024C44C41000-memory.dmp

Filesize
4KB

Download
memory/1896-1874-0x0000024C44C40000-0x0000024C44C41000-memory.dmp

Filesize
4KB

Download
memory/1896-1873-0x0000024C44C40000-0x0000024C44C41000-memory.dmp

Filesize
4KB

Download
memory/1896-1872-0x0000024C44C40000-0x0000024C44C41000-memory.dmp

Filesize
4KB

Download
memory/1896-1882-0x0000024C44C40000-0x0000024C44C41000-memory.dmp

Filesize
4KB

Download
memory/1896-1881-0x0000024C44C40000-0x0000024C44C41000-memory.dmp

Filesize
4KB

Download
memory/1896-1886-0x0000024C44C40000-0x0000024C44C41000-memory.dmp

Filesize
4KB

Download
memory/1896-1878-0x0000024C44C40000-0x0000024C44C41000-memory.dmp

Filesize
4KB

Download
memory/1900-881-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/1996-891-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/2480-770-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/2480-762-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/2664-737-0x00007FFB1E9C0000-0x00007FFB1F482000-memory.dmp

Filesize
10.8MB

Download
memory/2664-815-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/2664-818-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/2664-734-0x00007FFB1E9C0000-0x00007FFB1F482000-memory.dmp

Filesize
10.8MB

Download
memory/2704-919-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/2800-834-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/2800-829-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3036-914-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3036-865-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3132-758-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3132-755-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3224-797-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3312-911-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3360-813-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3360-810-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3436-780-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3436-783-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3488-846-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3488-848-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3648-839-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3716-863-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3716-909-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3772-905-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3932-884-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3988-796-0x00007FFB1EB60000-0x00007FFB1F622000-memory.dmp

Filesize
10.8MB

Download
memory/3988-902-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3988-663-0x00007FFB1EB60000-0x00007FFB1F622000-memory.dmp

Filesize
10.8MB

Download
memory/3992-820-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/3992-823-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4020-801-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4020-804-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4124-789-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4124-790-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4240-890-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4240-844-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4408-924-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4452-915-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4684-656-0x00007FFB1EB60000-0x00007FFB1F622000-memory.dmp

Filesize
10.8MB

Download
memory/4684-664-0x00007FFB1EB60000-0x00007FFB1F622000-memory.dmp

Filesize
10.8MB

Download
memory/4684-654-0x0000000000050000-0x000000000005A000-memory.dmp

Filesize
40KB

Download
memory/4696-858-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4696-855-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4892-748-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/4892-751-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/5036-850-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download
memory/5036-853-0x00007FFB1EA70000-0x00007FFB1F532000-memory.dmp

Filesize
10.8MB

Download