epsilon | 79ae38d3832ab7d48543039eff6078538465eb83d8fbb124db2e319295ab5e68

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Node-js.exe
Size

63.5MB
MD5

52131512ecfb302895d8165fcb4b5425
SHA1

d94c0b3801a084527eaf8d160f5915c6d7b568bc
SHA256

79ae38d3832ab7d48543039eff6078538465eb83d8fbb124db2e319295ab5e68
SHA512

0c56edfa095008fa930bcfaec3345a560d5455a62e54f1988e88a25562506d065f57b2f9e9a5a0ecb6e96c36b917c41710764eecc00187d2d75acd6e4c3b1b3c
SSDEEP

1572864:QtDax5IpBXssOQMAc2MN71GdBqPbzRtoJGfc5gbkkr8:XxinssOzAcP7odE7o8hkM8

Score

10^/10

epsilon persistence spyware stealer

Malware Config

Signatures

Epsilon Stealer
Information stealer.
stealer epsilon

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation	Node-js.exe

Executes dropped EXE 64 IoCs

pid	Process
2932	Node-js.exe
1472	Node-js.exe
2040	Node-js.exe
3120	screenCapture_1.3.2.exe
3700	screenCapture_1.3.2.exe
888	screenCapture_1.3.2.exe
2616	screenCapture_1.3.2.exe
2620	screenCapture_1.3.2.exe
3860	screenCapture_1.3.2.exe
4572	screenCapture_1.3.2.exe
2228	screenCapture_1.3.2.exe
3668	screenCapture_1.3.2.exe
2684	screenCapture_1.3.2.exe
2452	screenCapture_1.3.2.exe
4844	screenCapture_1.3.2.exe
3508	screenCapture_1.3.2.exe
1344	screenCapture_1.3.2.exe
996	screenCapture_1.3.2.exe
4572	screenCapture_1.3.2.exe
4368	screenCapture_1.3.2.exe
4300	screenCapture_1.3.2.exe
2684	screenCapture_1.3.2.exe
4740	screenCapture_1.3.2.exe
4676	screenCapture_1.3.2.exe
3536	screenCapture_1.3.2.exe
1228	screenCapture_1.3.2.exe
3728	screenCapture_1.3.2.exe
4692	screenCapture_1.3.2.exe
2336	screenCapture_1.3.2.exe
3668	screenCapture_1.3.2.exe
768	screenCapture_1.3.2.exe
2340	screenCapture_1.3.2.exe
3228	screenCapture_1.3.2.exe
2452	screenCapture_1.3.2.exe
4316	screenCapture_1.3.2.exe
4552	screenCapture_1.3.2.exe
1356	screenCapture_1.3.2.exe
1796	screenCapture_1.3.2.exe
4156	screenCapture_1.3.2.exe
1544	screenCapture_1.3.2.exe
1464	screenCapture_1.3.2.exe
4644	screenCapture_1.3.2.exe
2800	screenCapture_1.3.2.exe
1508	screenCapture_1.3.2.exe
2636	screenCapture_1.3.2.exe
3860	screenCapture_1.3.2.exe
2620	screenCapture_1.3.2.exe
3068	screenCapture_1.3.2.exe
4368	screenCapture_1.3.2.exe
4760	screenCapture_1.3.2.exe
5108	screenCapture_1.3.2.exe
3060	screenCapture_1.3.2.exe
2496	screenCapture_1.3.2.exe
2792	screenCapture_1.3.2.exe
3196	screenCapture_1.3.2.exe
1040	screenCapture_1.3.2.exe
3704	screenCapture_1.3.2.exe
744	screenCapture_1.3.2.exe
540	screenCapture_1.3.2.exe
2112	screenCapture_1.3.2.exe
3940	screenCapture_1.3.2.exe
2668	screenCapture_1.3.2.exe
888	screenCapture_1.3.2.exe
4316	screenCapture_1.3.2.exe

Loads dropped DLL 12 IoCs

pid	Process
4060	Node-js.exe
4060	Node-js.exe
4060	Node-js.exe
2932	Node-js.exe
2932	Node-js.exe
1472	Node-js.exe
1472	Node-js.exe
1472	Node-js.exe
1472	Node-js.exe
2040	Node-js.exe
2932	Node-js.exe
3020	Node-js.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsBootManager = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsBootManager.exe"	reg.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
13	ipinfo.io
14	ipinfo.io

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
2444	WMIC.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery

T1057

pid	Process
3388	tasklist.exe
4028	tasklist.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2040	Node-js.exe
2040	Node-js.exe
3020	Node-js.exe
3020	Node-js.exe
3020	Node-js.exe
3020	Node-js.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4060	Node-js.exe
Token: SeIncreaseQuotaPrivilege	4560	WMIC.exe
Token: SeSecurityPrivilege	4560	WMIC.exe
Token: SeTakeOwnershipPrivilege	4560	WMIC.exe
Token: SeLoadDriverPrivilege	4560	WMIC.exe
Token: SeSystemProfilePrivilege	4560	WMIC.exe
Token: SeSystemtimePrivilege	4560	WMIC.exe
Token: SeProfSingleProcessPrivilege	4560	WMIC.exe
Token: SeIncBasePriorityPrivilege	4560	WMIC.exe
Token: SeCreatePagefilePrivilege	4560	WMIC.exe
Token: SeBackupPrivilege	4560	WMIC.exe
Token: SeRestorePrivilege	4560	WMIC.exe
Token: SeShutdownPrivilege	4560	WMIC.exe
Token: SeDebugPrivilege	4560	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4560	WMIC.exe
Token: SeRemoteShutdownPrivilege	4560	WMIC.exe
Token: SeUndockPrivilege	4560	WMIC.exe
Token: SeManageVolumePrivilege	4560	WMIC.exe
Token: 33	4560	WMIC.exe
Token: 34	4560	WMIC.exe
Token: 35	4560	WMIC.exe
Token: 36	4560	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4560	WMIC.exe
Token: SeSecurityPrivilege	4560	WMIC.exe
Token: SeTakeOwnershipPrivilege	4560	WMIC.exe
Token: SeLoadDriverPrivilege	4560	WMIC.exe
Token: SeSystemProfilePrivilege	4560	WMIC.exe
Token: SeSystemtimePrivilege	4560	WMIC.exe
Token: SeProfSingleProcessPrivilege	4560	WMIC.exe
Token: SeIncBasePriorityPrivilege	4560	WMIC.exe
Token: SeCreatePagefilePrivilege	4560	WMIC.exe
Token: SeBackupPrivilege	4560	WMIC.exe
Token: SeRestorePrivilege	4560	WMIC.exe
Token: SeShutdownPrivilege	4560	WMIC.exe
Token: SeDebugPrivilege	4560	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4560	WMIC.exe
Token: SeRemoteShutdownPrivilege	4560	WMIC.exe
Token: SeUndockPrivilege	4560	WMIC.exe
Token: SeManageVolumePrivilege	4560	WMIC.exe
Token: 33	4560	WMIC.exe
Token: 34	4560	WMIC.exe
Token: 35	4560	WMIC.exe
Token: 36	4560	WMIC.exe
Token: SeDebugPrivilege	3388	tasklist.exe
Token: SeIncreaseQuotaPrivilege	2076	WMIC.exe
Token: SeSecurityPrivilege	2076	WMIC.exe
Token: SeTakeOwnershipPrivilege	2076	WMIC.exe
Token: SeLoadDriverPrivilege	2076	WMIC.exe
Token: SeSystemProfilePrivilege	2076	WMIC.exe
Token: SeSystemtimePrivilege	2076	WMIC.exe
Token: SeProfSingleProcessPrivilege	2076	WMIC.exe
Token: SeIncBasePriorityPrivilege	2076	WMIC.exe
Token: SeCreatePagefilePrivilege	2076	WMIC.exe
Token: SeBackupPrivilege	2076	WMIC.exe
Token: SeRestorePrivilege	2076	WMIC.exe
Token: SeShutdownPrivilege	2076	WMIC.exe
Token: SeDebugPrivilege	2076	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2076	WMIC.exe
Token: SeRemoteShutdownPrivilege	2076	WMIC.exe
Token: SeUndockPrivilege	2076	WMIC.exe
Token: SeManageVolumePrivilege	2076	WMIC.exe
Token: 33	2076	WMIC.exe
Token: 34	2076	WMIC.exe
Token: 35	2076	WMIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 2932	4060	Node-js.exe	93
PID 4060 wrote to memory of 2932	4060	Node-js.exe	93
PID 2932 wrote to memory of 1344	2932	Node-js.exe	179
PID 2932 wrote to memory of 1344	2932	Node-js.exe	179
PID 1344 wrote to memory of 4560	1344	cmd.exe	355
PID 1344 wrote to memory of 4560	1344	cmd.exe	355
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 1472	2932	Node-js.exe	99
PID 2932 wrote to memory of 2040	2932	Node-js.exe	101
PID 2932 wrote to memory of 2040	2932	Node-js.exe	101
PID 2932 wrote to memory of 4792	2932	Node-js.exe	104
PID 2932 wrote to memory of 4792	2932	Node-js.exe	104
PID 2932 wrote to memory of 1848	2932	Node-js.exe	106
PID 2932 wrote to memory of 1848	2932	Node-js.exe	106
PID 2932 wrote to memory of 1516	2932	Node-js.exe	107
PID 2932 wrote to memory of 1516	2932	Node-js.exe	107
PID 1516 wrote to memory of 3388	1516	cmd.exe	138
PID 1516 wrote to memory of 3388	1516	cmd.exe	138
PID 1848 wrote to memory of 4844	1848	cmd.exe	340
PID 1848 wrote to memory of 4844	1848	cmd.exe	340
PID 4792 wrote to memory of 2860	4792	cmd.exe	333
PID 4792 wrote to memory of 2860	4792	cmd.exe	333
PID 2932 wrote to memory of 864	2932	Node-js.exe	113
PID 2932 wrote to memory of 864	2932	Node-js.exe	113
PID 864 wrote to memory of 2076	864	cmd.exe	115
PID 864 wrote to memory of 2076	864	cmd.exe	115

C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
  C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic CsProduct Get UUID
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4560
- - C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
    "C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=gpu-process --field-trial-handle=1648,11268517857202682625,14060108786690470399,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
    "C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,11268517857202682625,14060108786690470399,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --mojo-platform-channel-handle=2080 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4792
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
      4⤵
      PID:2860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1848
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
      4⤵
      PID:4844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1516
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:3388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:864
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
    3⤵
    PID:2140
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:2444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
    3⤵
    PID:2800
  - - C:\Windows\system32\cmd.exe
      cmd /c chcp 65001
      4⤵
      PID:3064
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:4796
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      PID:3392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f"
    3⤵
    PID:1152
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f
      4⤵
      Adds Run key to start application
      PID:4320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
    3⤵
    PID:2696
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:4028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11mgm3d.g9cz.jpg" "
    3⤵
    PID:3344
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
      4⤵
      PID:1820
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES753F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC505355FEFCDB4D6AB2A43534D708270.TMP"
        5⤵
        
        PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11mgm3d.g9cz.jpg"
      4⤵
      Executes dropped EXE
      PID:3120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-3gae49.9t45r.jpg" "
    3⤵
    PID:4460
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
      4⤵
      PID:2556
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES75CC.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC744C3DDCD4C544518E7AC87140573CE4.TMP"
        5⤵
        
        PID:3388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15d7wam.zu2aj.jpg" "
    3⤵
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15d7wam.zu2aj.jpg"
      4⤵
      Executes dropped EXE
      PID:3700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c0yfe1.vx5n.jpg" "
    3⤵
    PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c0yfe1.vx5n.jpg"
      4⤵
      Executes dropped EXE
      PID:888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ckz9a.7zc4.jpg" "
    3⤵
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ckz9a.7zc4.jpg"
      4⤵
      Executes dropped EXE
      PID:2616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-zpkorb.fxmo.jpg" "
    3⤵
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-zpkorb.fxmo.jpg"
      4⤵
      Executes dropped EXE
      PID:2620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1geqkqe.lnej.jpg" "
    3⤵
    PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1geqkqe.lnej.jpg"
      4⤵
      Executes dropped EXE
      PID:3860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jmx90q.nr5p.jpg" "
    3⤵
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jmx90q.nr5p.jpg"
      4⤵
      Executes dropped EXE
      PID:4572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13409v6.54ra.jpg" "
    3⤵
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13409v6.54ra.jpg"
      4⤵
      Executes dropped EXE
      PID:2228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ur7wba.bt3r.jpg" "
    3⤵
    PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ur7wba.bt3r.jpg"
      4⤵
      Executes dropped EXE
      PID:3668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ayp28c.d4u1k.jpg" "
    3⤵
    PID:768
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ayp28c.d4u1k.jpg"
      4⤵
      Executes dropped EXE
      PID:2684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-8eddbj.8h8u7.jpg" "
    3⤵
    PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-8eddbj.8h8u7.jpg"
      4⤵
      Executes dropped EXE
      PID:2452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fnkkco.udugi.jpg" "
    3⤵
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fnkkco.udugi.jpg"
      4⤵
      Executes dropped EXE
      PID:4844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15v46sm.41avl.jpg" "
    3⤵
    PID:32
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15v46sm.41avl.jpg"
      4⤵
      Executes dropped EXE
      PID:3508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-12oxt1s.g0fg.jpg" "
    3⤵
    PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-12oxt1s.g0fg.jpg"
      4⤵
      Executes dropped EXE
      PID:1344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-52aez.5m6kc3.jpg" "
    3⤵
    PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-52aez.5m6kc3.jpg"
      4⤵
      Executes dropped EXE
      PID:996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1td0m2p.rwzvg.jpg" "
    3⤵
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1td0m2p.rwzvg.jpg"
      4⤵
      Executes dropped EXE
      PID:4572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15y4c8p.hiwh.jpg" "
    3⤵
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15y4c8p.hiwh.jpg"
      4⤵
      Executes dropped EXE
      PID:4368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-h9kccm.1mn6j.jpg" "
    3⤵
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-h9kccm.1mn6j.jpg"
      4⤵
      Executes dropped EXE
      PID:4300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wspw3i.t3pk.jpg" "
    3⤵
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wspw3i.t3pk.jpg"
      4⤵
      Executes dropped EXE
      PID:2684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-twgn5x.3siir.jpg" "
    3⤵
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-twgn5x.3siir.jpg"
      4⤵
      Executes dropped EXE
      PID:4740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-nns49f.vwhp.jpg" "
    3⤵
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-nns49f.vwhp.jpg"
      4⤵
      Executes dropped EXE
      PID:3536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-hb7ria.sydpa.jpg" "
    3⤵
    PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-hb7ria.sydpa.jpg"
      4⤵
      Executes dropped EXE
      PID:4676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-krpxdw.y1xdl.jpg" "
    3⤵
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-krpxdw.y1xdl.jpg"
      4⤵
      Executes dropped EXE
      PID:1228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-vp8u8e.zxxyl.jpg" "
    3⤵
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-vp8u8e.zxxyl.jpg"
      4⤵
      Executes dropped EXE
      PID:3728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xbe83n.kobv.jpg" "
    3⤵
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xbe83n.kobv.jpg"
      4⤵
      Executes dropped EXE
      PID:4692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-12h6c5f.hgn.jpg" "
    3⤵
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-12h6c5f.hgn.jpg"
      4⤵
      Executes dropped EXE
      PID:2336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u1jhob.yo13.jpg" "
    3⤵
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u1jhob.yo13.jpg"
      4⤵
      Executes dropped EXE
      PID:3668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ey82.6bk31.jpg" "
    3⤵
    PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ey82.6bk31.jpg"
      4⤵
      Executes dropped EXE
      PID:768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-w860cg.eo7pp.jpg" "
    3⤵
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-w860cg.eo7pp.jpg"
      4⤵
      Executes dropped EXE
      PID:2340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-jmjogk.rh6sc.jpg" "
    3⤵
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-jmjogk.rh6sc.jpg"
      4⤵
      Executes dropped EXE
      PID:3228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p4wtzy.m9cek.jpg" "
    3⤵
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p4wtzy.m9cek.jpg"
      4⤵
      Executes dropped EXE
      PID:2452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fqx9hd.ttnn.jpg" "
    3⤵
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fqx9hd.ttnn.jpg"
      4⤵
      Executes dropped EXE
      PID:4316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rg1uyt.zy3g.jpg" "
    3⤵
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rg1uyt.zy3g.jpg"
      4⤵
      Executes dropped EXE
      PID:4552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-qt8n7i.34yjj.jpg" "
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-qt8n7i.34yjj.jpg"
      4⤵
      Executes dropped EXE
      PID:1356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-14p4i7i.ats8.jpg" "
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-14p4i7i.ats8.jpg"
      4⤵
      Executes dropped EXE
      PID:1796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-sck1m1.a6t2l.jpg" "
    3⤵
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-sck1m1.a6t2l.jpg"
      4⤵
      Executes dropped EXE
      PID:4156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-dycvbi.lmsc.jpg" "
    3⤵
    PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-dycvbi.lmsc.jpg"
      4⤵
      Executes dropped EXE
      PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18cs97c.gkmi.jpg" "
    3⤵
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18cs97c.gkmi.jpg"
      4⤵
      Executes dropped EXE
      PID:1464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-668pko.d2vdw.jpg" "
    3⤵
    PID:3536
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-668pko.d2vdw.jpg"
      4⤵
      Executes dropped EXE
      PID:4644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-9swaxi.direq.jpg" "
    3⤵
    PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-9swaxi.direq.jpg"
      4⤵
      Executes dropped EXE
      PID:2800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-3asdq6.4hyec.jpg" "
    3⤵
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-3asdq6.4hyec.jpg"
      4⤵
      Executes dropped EXE
      PID:1508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e3f0vt.gstl.jpg" "
    3⤵
    PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e3f0vt.gstl.jpg"
      4⤵
      Executes dropped EXE
      PID:2636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19ngp4o.t47l.jpg" "
    3⤵
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19ngp4o.t47l.jpg"
      4⤵
      Executes dropped EXE
      PID:3860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1oc9xg3.yih4.jpg" "
    3⤵
    PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1oc9xg3.yih4.jpg"
      4⤵
      Executes dropped EXE
      PID:2620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-igkcxr.y1k9.jpg" "
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-igkcxr.y1k9.jpg"
      4⤵
      Executes dropped EXE
      PID:3068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cp68a1.w9s4.jpg" "
    3⤵
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cp68a1.w9s4.jpg"
      4⤵
      Executes dropped EXE
      PID:4368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-135ioqp.6pzn.jpg" "
    3⤵
    PID:2224
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-135ioqp.6pzn.jpg"
      4⤵
      Executes dropped EXE
      PID:4760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cajjfe.5gd3.jpg" "
    3⤵
    PID:380
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cajjfe.5gd3.jpg"
      4⤵
      Executes dropped EXE
      PID:5108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-a83ocw.kyeq.jpg" "
    3⤵
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-a83ocw.kyeq.jpg"
      4⤵
      Executes dropped EXE
      PID:3060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-188m6gc.b68tl.jpg" "
    3⤵
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-188m6gc.b68tl.jpg"
      4⤵
      Executes dropped EXE
      PID:2496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1dnisk3.qu7rk.jpg" "
    3⤵
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1dnisk3.qu7rk.jpg"
      4⤵
      Executes dropped EXE
      PID:2792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d9yrll.8epui.jpg" "
    3⤵
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d9yrll.8epui.jpg"
      4⤵
      Executes dropped EXE
      PID:3196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13gfggr.p116.jpg" "
    3⤵
    PID:436
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13gfggr.p116.jpg"
      4⤵
      Executes dropped EXE
      PID:1040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k4pdd8.r6t7k.jpg" "
    3⤵
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k4pdd8.r6t7k.jpg"
      4⤵
      Executes dropped EXE
      PID:3704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fhxmg8.9y6bk.jpg" "
    3⤵
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fhxmg8.9y6bk.jpg"
      4⤵
      Executes dropped EXE
      PID:744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16n60uh.b4xcg.jpg" "
    3⤵
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16n60uh.b4xcg.jpg"
      4⤵
      Executes dropped EXE
      PID:540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18q6fxb.ozze.jpg" "
    3⤵
    PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18q6fxb.ozze.jpg"
      4⤵
      Executes dropped EXE
      PID:2112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ly3wj.5btj.jpg" "
    3⤵
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ly3wj.5btj.jpg"
      4⤵
      Executes dropped EXE
      PID:3940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tu43os.sgp9.jpg" "
    3⤵
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tu43os.sgp9.jpg"
      4⤵
      Executes dropped EXE
      PID:2668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-xkixw9.c3mxl.jpg" "
    3⤵
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-xkixw9.c3mxl.jpg"
      4⤵
      Executes dropped EXE
      PID:888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-tcrpx5.w020t.jpg" "
    3⤵
    PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-tcrpx5.w020t.jpg"
      4⤵
      Executes dropped EXE
      PID:4316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gospy3.5e5vt.jpg" "
    3⤵
    PID:840
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gospy3.5e5vt.jpg"
      4⤵
      PID:2228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1puoxef.1k3e.jpg" "
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1puoxef.1k3e.jpg"
      4⤵
      PID:2416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mugz8u.orvy.jpg" "
    3⤵
    PID:3392
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mugz8u.orvy.jpg"
      4⤵
      PID:4756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jf2jrv.jx4d.jpg" "
    3⤵
    PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jf2jrv.jx4d.jpg"
      4⤵
      PID:1072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ioxw2q.wja8.jpg" "
    3⤵
    PID:2772
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ioxw2q.wja8.jpg"
      4⤵
      PID:540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ot4w7.dmk8.jpg" "
    3⤵
    PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ot4w7.dmk8.jpg"
      4⤵
      PID:4312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13kchp1.5g0y.jpg" "
    3⤵
    PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13kchp1.5g0y.jpg"
      4⤵
      PID:4844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-caym2z.60lde.jpg" "
    3⤵
    PID:380
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-caym2z.60lde.jpg"
      4⤵
      PID:2444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-doehpk.33mue.jpg" "
    3⤵
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-doehpk.33mue.jpg"
      4⤵
      PID:3664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-isdigu.ao38n.jpg" "
    3⤵
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-isdigu.ao38n.jpg"
      4⤵
      PID:3456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ii7ae9.mawif.jpg" "
    3⤵
    PID:2524
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ii7ae9.mawif.jpg"
      4⤵
      PID:3084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-10isx6u.a6g6.jpg" "
    3⤵
    PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-10isx6u.a6g6.jpg"
      4⤵
      PID:4560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nn6be8.t243.jpg" "
    3⤵
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nn6be8.t243.jpg"
      4⤵
      PID:2724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-m6a7ue.hhv6b.jpg" "
    3⤵
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-m6a7ue.hhv6b.jpg"
      4⤵
      PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ts3nxh.kx3n8.jpg" "
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ts3nxh.kx3n8.jpg"
      4⤵
      PID:3700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fkl6pn.rgsn.jpg" "
    3⤵
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fkl6pn.rgsn.jpg"
      4⤵
      PID:3264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-6asebt.hmn23.jpg" "
    3⤵
    PID:4420
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-6asebt.hmn23.jpg"
      4⤵
      PID:3688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f8whtc.owkz.jpg" "
    3⤵
    PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f8whtc.owkz.jpg"
      4⤵
      PID:2800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-mbuk1p.zqyke.jpg" "
    3⤵
    PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-mbuk1p.zqyke.jpg"
      4⤵
      PID:2508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-x7yx4v.vi9e.jpg" "
    3⤵
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-x7yx4v.vi9e.jpg"
      4⤵
      PID:2488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t96niy.uv5x.jpg" "
    3⤵
    PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t96niy.uv5x.jpg"
      4⤵
      PID:2236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13rwf8o.lziz.jpg" "
    3⤵
    PID:32
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13rwf8o.lziz.jpg"
      4⤵
      PID:2216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2dtpz.eoso.jpg" "
    3⤵
    PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2dtpz.eoso.jpg"
      4⤵
      PID:2228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fb9gcv.c703b.jpg" "
    3⤵
    PID:3704
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fb9gcv.c703b.jpg"
      4⤵
      PID:1796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-68vfpa.w57cb.jpg" "
    3⤵
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-68vfpa.w57cb.jpg"
      4⤵
      PID:1524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cyn31g.jjspk.jpg" "
    3⤵
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cyn31g.jjspk.jpg"
      4⤵
      PID:2212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fpvwhp.n7n9i.jpg" "
    3⤵
    PID:456
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fpvwhp.n7n9i.jpg"
      4⤵
      PID:540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-skaehp.924cp.jpg" "
    3⤵
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-skaehp.924cp.jpg"
      4⤵
      PID:1924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xqwhk.p5pu.jpg" "
    3⤵
    PID:2888
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xqwhk.p5pu.jpg"
      4⤵
      PID:4516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1msl9nm.7tzb.jpg" "
    3⤵
    PID:3060
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1msl9nm.7tzb.jpg"
      4⤵
      PID:2444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1b93k55.b0cr.jpg" "
    3⤵
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1b93k55.b0cr.jpg"
      4⤵
      PID:1656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qpsju9.l5xe.jpg" "
    3⤵
    PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qpsju9.l5xe.jpg"
      4⤵
      PID:1032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-scnvi5.edrk.jpg" "
    3⤵
    PID:2792
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-scnvi5.edrk.jpg"
      4⤵
      PID:4780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-10s7hfm.ewil.jpg" "
    3⤵
    PID:3152
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-10s7hfm.ewil.jpg"
      4⤵
      PID:4560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d6q4rs.y9b2.jpg" "
    3⤵
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d6q4rs.y9b2.jpg"
      4⤵
      PID:2724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fuwobj.dsw8.jpg" "
    3⤵
    PID:1628
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fuwobj.dsw8.jpg"
      4⤵
      PID:3668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qlhsyd.g71g.jpg" "
    3⤵
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qlhsyd.g71g.jpg"
      4⤵
      PID:4984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18b6vey.m32v.jpg" "
    3⤵
    PID:2392
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18b6vey.m32v.jpg"
      4⤵
      PID:2108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-qlxmpw.m3q8.jpg" "
    3⤵
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-qlxmpw.m3q8.jpg"
      4⤵
      PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m5opic.m4xv.jpg" "
    3⤵
    PID:452
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m5opic.m4xv.jpg"
      4⤵
      PID:1904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-m35p50.t2v68.jpg" "
    3⤵
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-m35p50.t2v68.jpg"
      4⤵
      PID:3436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c8u5bc.r67a.jpg" "
    3⤵
    PID:632
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c8u5bc.r67a.jpg"
      4⤵
      PID:1804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-bf55ef.ngazr.jpg" "
    3⤵
    PID:2776
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:752
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-bf55ef.ngazr.jpg"
      4⤵
      PID:868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-bp0j1a.v2omf.jpg" "
    3⤵
    PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-bp0j1a.v2omf.jpg"
      4⤵
      PID:840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sjjsuw.4sjjf.jpg" "
    3⤵
    PID:2588
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sjjsuw.4sjjf.jpg"
      4⤵
      PID:1168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-hnjjej.6rh6b.jpg" "
    3⤵
    PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-hnjjej.6rh6b.jpg"
      4⤵
      PID:2640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jqge9s.rdzc.jpg" "
    3⤵
    PID:1156
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jqge9s.rdzc.jpg"
      4⤵
      PID:3700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ex9f2e.f7ov.jpg" "
    3⤵
    PID:1596
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:744
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ex9f2e.f7ov.jpg"
      4⤵
      PID:3864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-l9kov.fk863l.jpg" "
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-l9kov.fk863l.jpg"
      4⤵
      PID:4028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ppvtg4.6r0i.jpg" "
    3⤵
    PID:4804
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ppvtg4.6r0i.jpg"
      4⤵
      PID:3408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yn82me.loig.jpg" "
    3⤵
    PID:3228
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yn82me.loig.jpg"
      4⤵
      PID:4704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ohdl9v.6n7j.jpg" "
    3⤵
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ohdl9v.6n7j.jpg"
      4⤵
      PID:1132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11t4ehr.a23q.jpg" "
    3⤵
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11t4ehr.a23q.jpg"
      4⤵
      PID:2968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p6i4v0.i23v.jpg" "
    3⤵
    PID:4584
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p6i4v0.i23v.jpg"
      4⤵
      PID:3576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xf8x0.h1ex.jpg" "
    3⤵
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xf8x0.h1ex.jpg"
      4⤵
      PID:1012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-k06pgk.radg.jpg" "
    3⤵
    PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-k06pgk.radg.jpg"
      4⤵
      PID:1704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-y62cdq.gsl9c.jpg" "
    3⤵
    PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-y62cdq.gsl9c.jpg"
      4⤵
      PID:956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-85df19.ro86m.jpg" "
    3⤵
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-85df19.ro86m.jpg"
      4⤵
      PID:1664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-wqqwpt.y9rh.jpg" "
    3⤵
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-wqqwpt.y9rh.jpg"
      4⤵
      PID:2064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-btp3t0.isdaa.jpg" "
    3⤵
    PID:1604
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-btp3t0.isdaa.jpg"
      4⤵
      PID:4368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1leucyt.xg2o.jpg" "
    3⤵
    PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1leucyt.xg2o.jpg"
      4⤵
      PID:2908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ocplk8.dxun.jpg" "
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ocplk8.dxun.jpg"
      4⤵
      PID:4356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-86awi1.p30j6.jpg" "
    3⤵
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-86awi1.p30j6.jpg"
      4⤵
      PID:2224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1swq8uf.pzjv.jpg" "
    3⤵
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1swq8uf.pzjv.jpg"
      4⤵
      PID:1944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p2d26q.3l14.jpg" "
    3⤵
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p2d26q.3l14.jpg"
      4⤵
      PID:2800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-iitlnz.grigl.jpg" "
    3⤵
    PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-iitlnz.grigl.jpg"
      4⤵
      PID:3436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19i7dyu.o0sz.jpg" "
    3⤵
    PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19i7dyu.o0sz.jpg"
      4⤵
      PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-17s92if.3rv1.jpg" "
    3⤵
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-17s92if.3rv1.jpg"
      4⤵
      PID:2236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1kgi1uu.f82vk.jpg" "
    3⤵
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1kgi1uu.f82vk.jpg"
      4⤵
      PID:3212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wgid6p.3vqp.jpg" "
    3⤵
    PID:428
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wgid6p.3vqp.jpg"
      4⤵
      PID:1592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-scz54o.xfsr.jpg" "
    3⤵
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-scz54o.xfsr.jpg"
      4⤵
      PID:5080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gli3q3.7wae.jpg" "
    3⤵
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gli3q3.7wae.jpg"
      4⤵
      PID:1936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-wsis7w.2t6k.jpg" "
    3⤵
    PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-wsis7w.2t6k.jpg"
      4⤵
      PID:1596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18kft1z.8udwl.jpg" "
    3⤵
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18kft1z.8udwl.jpg"
      4⤵
      PID:4028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-158ri4l.cd1g.jpg" "
    3⤵
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-158ri4l.cd1g.jpg"
      4⤵
      PID:3544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16du1qy.jjyy.jpg" "
    3⤵
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16du1qy.jjyy.jpg"
      4⤵
      PID:3504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xz34rl.nvx3.jpg" "
    3⤵
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xz34rl.nvx3.jpg"
      4⤵
      PID:2260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-i1cfgs.w4hpo.jpg" "
    3⤵
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-i1cfgs.w4hpo.jpg"
      4⤵
      PID:4420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-5zrdci.bzil6.jpg" "
    3⤵
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-5zrdci.bzil6.jpg"
      4⤵
      PID:3968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sm1t2x.jjuo.jpg" "
    3⤵
    PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sm1t2x.jjuo.jpg"
      4⤵
      PID:3436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-z3houf.gddg.jpg" "
    3⤵
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-z3houf.gddg.jpg"
      4⤵
      PID:4564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1aknqlf.y3pi.jpg" "
    3⤵
    PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1aknqlf.y3pi.jpg"
      4⤵
      PID:1344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1743pmu.jmqj.jpg" "
    3⤵
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1743pmu.jmqj.jpg"
      4⤵
      PID:1396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cl91k8.b1bdk.jpg" "
    3⤵
    PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cl91k8.b1bdk.jpg"
      4⤵
      PID:2216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-4xhs98.g33na.jpg" "
    3⤵
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-4xhs98.g33na.jpg"
      4⤵
      PID:3624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13ghy02.uyh6.jpg" "
    3⤵
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13ghy02.uyh6.jpg"
      4⤵
      PID:3416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2yhc2.hmax.jpg" "
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2yhc2.hmax.jpg"
      4⤵
      PID:3252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1skvqgk.gcmu.jpg" "
    3⤵
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1skvqgk.gcmu.jpg"
      4⤵
      PID:2112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-k5jqkf.cl3n.jpg" "
    3⤵
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-k5jqkf.cl3n.jpg"
      4⤵
      PID:2608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-7nzzi0.itgj2.jpg" "
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-7nzzi0.itgj2.jpg"
      4⤵
      PID:2384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16sk3o3.fv6.jpg" "
    3⤵
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16sk3o3.fv6.jpg"
      4⤵
      PID:1352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18ye3bc.8lru.jpg" "
    3⤵
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18ye3bc.8lru.jpg"
      4⤵
      PID:1188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bjqv53.reza.jpg" "
    3⤵
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bjqv53.reza.jpg"
      4⤵
      PID:2284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-147i4ok.e6.jpg" "
    3⤵
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-147i4ok.e6.jpg"
      4⤵
      PID:3324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-y9bb7m.mec6.jpg" "
    3⤵
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-y9bb7m.mec6.jpg"
      4⤵
      PID:2084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n8gqrv.hhlc.jpg" "
    3⤵
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n8gqrv.hhlc.jpg"
      4⤵
      PID:4564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-l8y4at.l1gz8.jpg" "
    3⤵
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-l8y4at.l1gz8.jpg"
      4⤵
      PID:1728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u9bpin.aj7b.jpg" "
    3⤵
    PID:224
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u9bpin.aj7b.jpg"
      4⤵
      PID:3480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d2z50m.h0dz.jpg" "
    3⤵
    PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d2z50m.h0dz.jpg"
      4⤵
      PID:4980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-jqu6gj.0rwv7.jpg" "
    3⤵
    PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-jqu6gj.0rwv7.jpg"
      4⤵
      PID:2792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-9sh4mi.1rddg.jpg" "
    3⤵
    PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-9sh4mi.1rddg.jpg"
      4⤵
      PID:3112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-bopeal.zbono.jpg" "
    3⤵
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-bopeal.zbono.jpg"
      4⤵
      PID:1480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-s3ime1.5jpb.jpg" "
    3⤵
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-s3ime1.5jpb.jpg"
      4⤵
      PID:2480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mgma7w.tkcc.jpg" "
    3⤵
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mgma7w.tkcc.jpg"
      4⤵
      PID:3292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cn2m9e.g47p.jpg" "
    3⤵
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cn2m9e.g47p.jpg"
      4⤵
      PID:4984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-jydrhx.6arqo.jpg" "
    3⤵
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-jydrhx.6arqo.jpg"
      4⤵
      PID:3940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-mg62r5.lq7o.jpg" "
    3⤵
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-mg62r5.lq7o.jpg"
      4⤵
      PID:1992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19sxnj9.6k1bf.jpg" "
    3⤵
    PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19sxnj9.6k1bf.jpg"
      4⤵
      PID:2508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xwx0rh.1lp5.jpg" "
    3⤵
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xwx0rh.1lp5.jpg"
      4⤵
      PID:4320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d36evx.21vl.jpg" "
    3⤵
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d36evx.21vl.jpg"
      4⤵
      PID:4216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-b64zif.mwz3i.jpg" "
    3⤵
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-b64zif.mwz3i.jpg"
      4⤵
      PID:4304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t6mi1x.jlev.jpg" "
    3⤵
    PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t6mi1x.jlev.jpg"
      4⤵
      PID:1340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1txfl9b.ee8i.jpg" "
    3⤵
    PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1txfl9b.ee8i.jpg"
      4⤵
      PID:1996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wsw78.54zk.jpg" "
    3⤵
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wsw78.54zk.jpg"
      4⤵
      PID:3456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1lmjmm.gsnsn.jpg" "
    3⤵
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1lmjmm.gsnsn.jpg"
      4⤵
      PID:4688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-saddqm.nr11.jpg" "
    3⤵
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-saddqm.nr11.jpg"
      4⤵
      PID:2484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yvzj9b.lakv.jpg" "
    3⤵
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yvzj9b.lakv.jpg"
      4⤵
      PID:1364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n214t9.p0knl.jpg" "
    3⤵
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n214t9.p0knl.jpg"
      4⤵
      PID:1408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-12d4kec.veso.jpg" "
    3⤵
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-12d4kec.veso.jpg"
      4⤵
      PID:1432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-o8hus4.kuuud.jpg" "
    3⤵
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-o8hus4.kuuud.jpg"
      4⤵
      PID:772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-r90ltr.cbv6f.jpg" "
    3⤵
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-r90ltr.cbv6f.jpg"
      4⤵
      PID:3244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e9zr41.po0jh.jpg" "
    3⤵
    PID:348
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e9zr41.po0jh.jpg"
      4⤵
      PID:1496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-q8oto.9qr6b.jpg" "
    3⤵
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-q8oto.9qr6b.jpg"
      4⤵
      PID:1944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rd7t7s.x63v.jpg" "
    3⤵
    PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rd7t7s.x63v.jpg"
      4⤵
      PID:2952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-dq7ank.ftg8e.jpg" "
    3⤵
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-dq7ank.ftg8e.jpg"
      4⤵
      PID:888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1saoqjq.9n93.jpg" "
    3⤵
    PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1saoqjq.9n93.jpg"
      4⤵
      PID:4536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1g89iae.ziuf.jpg" "
    3⤵
    PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1g89iae.ziuf.jpg"
      4⤵
      PID:3860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-sdl4e4.ijntj.jpg" "
    3⤵
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-sdl4e4.ijntj.jpg"
      4⤵
      PID:4692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-zmx2ut.5sk6.jpg" "
    3⤵
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-zmx2ut.5sk6.jpg"
      4⤵
      PID:2184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-14y8pgs.hmo9.jpg" "
    3⤵
    PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-14y8pgs.hmo9.jpg"
      4⤵
      PID:3456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-v8ex1j.tnlr.jpg" "
    3⤵
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-v8ex1j.tnlr.jpg"
      4⤵
      PID:1168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-rmlypu.5mltr.jpg" "
    3⤵
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-rmlypu.5mltr.jpg"
      4⤵
      PID:2484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ibujs3.3ifxm.jpg" "
    3⤵
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ibujs3.3ifxm.jpg"
      4⤵
      PID:1556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gaq3w7.97vqq.jpg" "
    3⤵
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gaq3w7.97vqq.jpg"
      4⤵
      PID:1408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gohp57.v9qtj.jpg" "
    3⤵
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gohp57.v9qtj.jpg"
      4⤵
      PID:1432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vpt4vb.uxs2g.jpg" "
    3⤵
    PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vpt4vb.uxs2g.jpg"
      4⤵
      PID:2908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-tbqr0h.rse9i.jpg" "
    3⤵
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-tbqr0h.rse9i.jpg"
      4⤵
      PID:3244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qps6ww.fibm.jpg" "
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qps6ww.fibm.jpg"
      4⤵
      PID:2860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k3rkas.3pim.jpg" "
    3⤵
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k3rkas.3pim.jpg"
      4⤵
      PID:708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16qj61x.gc0bi.jpg" "
    3⤵
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16qj61x.gc0bi.jpg"
      4⤵
      PID:4036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bihmuv.4ba6.jpg" "
    3⤵
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bihmuv.4ba6.jpg"
      4⤵
      PID:3224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e948w9.avu3.jpg" "
    3⤵
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e948w9.avu3.jpg"
      4⤵
      PID:2084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-sz7mjx.mje2.jpg" "
    3⤵
    PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-sz7mjx.mje2.jpg"
      4⤵
      PID:1444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-w1l6xp.4nma.jpg" "
    3⤵
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-w1l6xp.4nma.jpg"
      4⤵
      PID:1344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f2yb7r.6gxi.jpg" "
    3⤵
    PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f2yb7r.6gxi.jpg"
      4⤵
      PID:3728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1uve92t.snpw.jpg" "
    3⤵
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1uve92t.snpw.jpg"
      4⤵
      PID:1516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-pxpb8p.rdo5l.jpg" "
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-pxpb8p.rdo5l.jpg"
      4⤵
      PID:32
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1im0bma.broy.jpg" "
    3⤵
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1im0bma.broy.jpg"
      4⤵
      PID:4300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gan3uv.50hf.jpg" "
    3⤵
    PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gan3uv.50hf.jpg"
      4⤵
      PID:3112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gl3c7g.d7u95.jpg" "
    3⤵
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gl3c7g.d7u95.jpg"
      4⤵
      PID:952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t4rj6g.ijd7.jpg" "
    3⤵
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t4rj6g.ijd7.jpg"
      4⤵
      PID:540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-17wy0tb.hlrs.jpg" "
    3⤵
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-17wy0tb.hlrs.jpg"
      4⤵
      PID:5112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-4fj3ef.05gb6.jpg" "
    3⤵
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-4fj3ef.05gb6.jpg"
      4⤵
      PID:3716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nqpw26.uuik.jpg" "
    3⤵
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nqpw26.uuik.jpg"
      4⤵
      PID:3856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-egbcuy.hugb.jpg" "
    3⤵
    PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-egbcuy.hugb.jpg"
      4⤵
      PID:4676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w6q69a.xr16.jpg" "
    3⤵
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w6q69a.xr16.jpg"
      4⤵
      PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vljwx1.2r67.jpg" "
    3⤵
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vljwx1.2r67.jpg"
      4⤵
      PID:2160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1hd6w7h.kgh0j.jpg" "
    3⤵
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1hd6w7h.kgh0j.jpg"
      4⤵
      PID:4588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-78k66s.rrs5f.jpg" "
    3⤵
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-78k66s.rrs5f.jpg"
      4⤵
      PID:4888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ak23hd.lgfeo.jpg" "
    3⤵
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ak23hd.lgfeo.jpg"
      4⤵
      PID:4296
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-kfjhpa.1yrl.jpg" "
    3⤵
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-kfjhpa.1yrl.jpg"
      4⤵
      PID:2524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-t0bp5b.a1rb.jpg" "
    3⤵
    PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-t0bp5b.a1rb.jpg"
      4⤵
      PID:956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-rwzzik.ebmw.jpg" "
    3⤵
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-rwzzik.ebmw.jpg"
      4⤵
      PID:1040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1018gm4.mb6g.jpg" "
    3⤵
    PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1018gm4.mb6g.jpg"
      4⤵
      PID:2484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-pnbt6b.cf96k.jpg" "
    3⤵
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-pnbt6b.cf96k.jpg"
      4⤵
      PID:3252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11m7rg5.9lww.jpg" "
    3⤵
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11m7rg5.9lww.jpg"
      4⤵
      PID:968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m9n28k.z1wp.jpg" "
    3⤵
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m9n28k.z1wp.jpg"
      4⤵
      PID:5008
- - C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
    "C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=gpu-process --field-trial-handle=1648,11268517857202682625,14060108786690470399,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADoAAAIAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qq3l2o.10fm.jpg" "
    3⤵
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qq3l2o.10fm.jpg"
      4⤵
      PID:4828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ye7lw8.sw6gh.jpg" "
    3⤵
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ye7lw8.sw6gh.jpg"
      4⤵
      PID:2860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1j6335r.eljc.jpg" "
    3⤵
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1j6335r.eljc.jpg"
      4⤵
      PID:1768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h1pslh.3jj6f.jpg" "
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h1pslh.3jj6f.jpg"
      4⤵
      PID:3120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1s9i7ul.ssd0h.jpg" "
    3⤵
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1s9i7ul.ssd0h.jpg"
      4⤵
      PID:4320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-7abjpi.vx9di.jpg" "
    3⤵
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-7abjpi.vx9di.jpg"
      4⤵
      PID:4536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tn86xv.kha7.jpg" "
    3⤵
    PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tn86xv.kha7.jpg"
      4⤵
      PID:3860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15l14nb.35ee.jpg" "
    3⤵
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15l14nb.35ee.jpg"
      4⤵
      PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18g8khf.ze03.jpg" "
    3⤵
    PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18g8khf.ze03.jpg"
      4⤵
      PID:2520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-aix2ch.173b.jpg" "
    3⤵
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-aix2ch.173b.jpg"
      4⤵
      PID:3152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-160t8h2.bi5cl.jpg" "
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-160t8h2.bi5cl.jpg"
      4⤵
      PID:4780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-dej18m.n2nte.jpg" "
    3⤵
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-dej18m.n2nte.jpg"
      4⤵
      PID:2484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1op54vw.zvqml.jpg" "
    3⤵
    PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1op54vw.zvqml.jpg"
      4⤵
      PID:3392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ushp1l.x0pv.jpg" "
    3⤵
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ushp1l.x0pv.jpg"
      4⤵
      PID:968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mho4b2.x5m1.jpg" "
    3⤵
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mho4b2.x5m1.jpg"
      4⤵
      PID:3552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-8r0954.hkrc4.jpg" "
    3⤵
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-8r0954.hkrc4.jpg"
      4⤵
      PID:2608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1o4acz0.u8ec.jpg" "
    3⤵
    PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1o4acz0.u8ec.jpg"
      4⤵
      PID:3716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-e0504r.qfh7m.jpg" "
    3⤵
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-e0504r.qfh7m.jpg"
      4⤵
      PID:1924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-90d40m.cv6pv.jpg" "
    3⤵
    PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-90d40m.cv6pv.jpg"
      4⤵
      PID:708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1pp8m8p.qkj5.jpg" "
    3⤵
    PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1pp8m8p.qkj5.jpg"
      4⤵
      PID:3516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-p9p00b.ew09.jpg" "
    3⤵
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-p9p00b.ew09.jpg"
      4⤵
      PID:2840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fys60q.jxknb.jpg" "
    3⤵
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fys60q.jxknb.jpg"
      4⤵
      PID:1252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w33ods.yei9.jpg" "
    3⤵
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w33ods.yei9.jpg"
      4⤵
      PID:2604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1458v5l.ov4z.jpg" "
    3⤵
    PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1458v5l.ov4z.jpg"
      4⤵
      PID:2376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18x3155.fiq5i.jpg" "
    3⤵
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18x3155.fiq5i.jpg"
      4⤵
      PID:536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-8st5cu.rykaj.jpg" "
    3⤵
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-8st5cu.rykaj.jpg"
      4⤵
      PID:840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1r5lnss.m682.jpg" "
    3⤵
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1r5lnss.m682.jpg"
      4⤵
      PID:3108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1y2olqa.b3c3.jpg" "
    3⤵
    PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1y2olqa.b3c3.jpg"
      4⤵
      PID:1168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-10zvdx1.jpmn.jpg" "
    3⤵
    PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-10zvdx1.jpmn.jpg"
      4⤵
      PID:3416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-r48ugh.t7bw.jpg" "
    3⤵
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-r48ugh.t7bw.jpg"
      4⤵
      PID:1596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-luxfmd.9lac.jpg" "
    3⤵
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-luxfmd.9lac.jpg"
      4⤵
      PID:2336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qcv4bk.ko5s.jpg" "
    3⤵
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qcv4bk.ko5s.jpg"
      4⤵
      PID:4732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-td1w28.ar1xs.jpg" "
    3⤵
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-td1w28.ar1xs.jpg"
      4⤵
      PID:4028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-vy248l.lixgr.jpg" "
    3⤵
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-vy248l.lixgr.jpg"
      4⤵
      PID:2668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-5rzyfx.9yagj.jpg" "
    3⤵
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-5rzyfx.9yagj.jpg"
      4⤵
      PID:1608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-v9jk8f.qhw7.jpg" "
    3⤵
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-v9jk8f.qhw7.jpg"
      4⤵
      PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ha51zd.yp59.jpg" "
    3⤵
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ha51zd.yp59.jpg"
      4⤵
      PID:3120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-190tn3a.tu08.jpg" "
    3⤵
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-190tn3a.tu08.jpg"
      4⤵
      PID:3612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-xzzfhu.lrr1.jpg" "
    3⤵
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
      screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-xzzfhu.lrr1.jpg"
      4⤵
      PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

Filesize
862B

MD5
f3ac7a0e31b9af1b495241eff29915ad

SHA1
286fe23eba741cd3fca3f3e9a919021946655392

SHA256
f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a

SHA512
b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210

Download Submit
C:\Users\Admin\AppData\Local\Temp\202438-2932-11mgm3d.g9cz.jpg

Filesize
82KB

MD5
49b2e129e5dcb0f589c703e186fdc579

SHA1
56dbe4783e34243b57813358cdd4018af190d911

SHA256
997769368730f7ffc2f54e12cebf2efcbbb4d7c5c41df62a40634323aba2ab4a

SHA512
8a55b55b7f3b2170bb8ea3b76af60961e4e8ce94ebd946f64d4dd8fcc53750b18be86ba9b522a27801532a35dfa9bd8274ac2e5e7940f3c2091ae640db387914

Download Submit
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\chrome_100_percent.pak

Filesize
138KB

MD5
0fd0a948532d8c353c7227ae69ed7800

SHA1
c6679bfb70a212b6bc570cbdf3685946f8f9464c

SHA256
69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf

SHA512
0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\78199c5c-5a15-4a3b-9c67-c74c5d6f2539.tmp.node

Filesize
652KB

MD5
8982448cb4f28b82876befe6e8af25d1

SHA1
4d3b2fb5b42fc27c1ac9363003abc16ada188581

SHA256
78734316565f73b735bc3acb4c8bc6b41fe886ca20ee81e620dbea1e23e1fb38

SHA512
3edef33d5cd40f3432aeae603e725f0aacd6e7e387cc6723eac8d3030c3c78e43539a5e6e63c75a4acfd24e9c9fc8913d204ba6523be01ca31cca9a181a49a4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES753F.tmp

Filesize
1KB

MD5
edba54bccba7cab28cabe04b5778c5af

SHA1
3227e37d93b8b4e49bee2d88db6c78129f1b6d51

SHA256
fbefed34f207224e7bd701b01479fcefb84a14802a45484c50fb31927df40ace

SHA512
4fed08396fbd37f04b991937bcc76cbb8a42f37b8755efdf17a39c6e709b684b742e45bde65173466da609d3ead30b1f6ff3fd41b076ca0cc1a5ca24bad5206a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES75CC.tmp

Filesize
1KB

MD5
83bc4086608a2242aa664ec383810902

SHA1
972eebf0284c5ce8a02a45a14d80cfb1708a382b

SHA256
6a6ba0c5403172677646673382001db3eeb3dee258d5e54138ce76a8723d48db

SHA512
7e0ed5293c24786fb1c9ac8b96068a3143a71b15f36c1aaed056242479dfc7dc5006ba669fb70f67f7e76d219934a81b9487caeccae162ee6b11c726bf9cd10f

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

Filesize
240B

MD5
810ae82f863a5ffae14d3b3944252a4e

SHA1
5393e27113753191436b14f0cafa8acabcfe6b2a

SHA256
453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c

SHA512
2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

Filesize
231B

MD5
dec2be4f1ec3592cea668aa279e7cc9b

SHA1
327cf8ab0c895e10674e00ea7f437784bb11d718

SHA256
753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc

SHA512
81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

Download Submit
C:\Users\Admin\AppData\Local\Temp\fab691c6-b8f9-471f-b9a9-8d4ee0da5607.tmp.node

Filesize
2.7MB

MD5
30af610789f7032760077d9c1197d0f3

SHA1
b57027046f9c7b3d4cda0aef5c8baa334b6fc339

SHA256
64d0ead558c2ad1676574a0603111bf683286ea151daa2733c64739764de4722

SHA512
457dfb6de5b0ea065a8736447c3d63eb70161dffb1a4b5e2e0f9cdc579c5422cf305ffa48f90a847c5d98cf7888cb7022494c4e280ba7fe49c1e3035a81ca0a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\LICENSES.chromium.html

Filesize
5.2MB

MD5
27206d29e7a2d80ee16f7f02ee89fb0f

SHA1
3cf857751158907166f87ed03f74b40621e883ef

SHA256
2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab

SHA512
390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\Node-js.exe

Filesize
134.3MB

MD5
06295a324f405a3c7082f1fbadc35f1e

SHA1
513108b3aeb2ad8491c6dd1ad74d4711bc85b2f8

SHA256
80770adbb4d1c5d6736eb80e2aa0246965a76ea99517f0e1a77c16d0f0fc4957

SHA512
41205e55908be61c0bd81fe904710b88dfb1e37d06b1c48d5b66b16f4c52ce2101991f158da3fa228e9b5511cc30563fdf6329c75a4c49554ce294c5ca0d48c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\chrome_200_percent.pak

Filesize
202KB

MD5
1014a2ee8ee705c5a1a56cda9a8e72ee

SHA1
5492561fb293955f30e95a5f3413a14bca512c30

SHA256
ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57

SHA512
ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
7dc7b2fb25544a613deaa08b05805d75

SHA1
2cb49bd3427534dbfe00c8929317346c2232a024

SHA256
11c431e680b512e215ea11b64489c865c29aef4c116afae99941712015260d07

SHA512
21c7bcf25a97012c23a58fbe896c5396e889cefd3370735d0d26d0e71eb7bde4b794ccfc56c75bbcf423e1380e3dc5943ac966ae96a57b98860bbbadc8b72996

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\icudtl.dat

Filesize
9.7MB

MD5
224ba45e00bbbb237b34f0facbb550bf

SHA1
1b0f81da88149d9c610a8edf55f8f12a87ca67de

SHA256
8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc

SHA512
c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\libEGL.dll

Filesize
431KB

MD5
221921bf5e21a84382fe89d21b744356

SHA1
1b72a53fd663e73c3950d8b1c6140db3cdb6f78a

SHA256
175cd7579b98522229ff530789f351c5e052bc28691e75da2b696bea926100a4

SHA512
05d8b1b6c87a95be3c2f42268cc1dcb44db3595d86d45be31211486ee9355f05846d5d4964cd426de6772636348a0a1dd33716a2b2731ca02c451f3bf72fdbfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\libGLESv2.dll

Filesize
7.5MB

MD5
368a951df457bbe926e384e452e2c42b

SHA1
3e8f89c4ccbc406824502f6cc0966e74ca8808a2

SHA256
47514cc1d5e169ac196113e795040d5d4f32bc382a1b05b0c9e429c428c7c3df

SHA512
799bf188e4128ed0e7291183a0070b71601dcc65a393f40f3e25d7c72f637cc820bd06affa1d109e056ef9c2cf20ab218af13da194dd1d183983bf9878df79fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\am.pak

Filesize
166KB

MD5
985be89267e0d559bffd4b66380e5e53

SHA1
fa33e9bbfff5a89dcc26f52634561e27c1cf0e05

SHA256
bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b

SHA512
7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ar.pak

Filesize
171KB

MD5
5209516dee9d9ce64854b70da199108c

SHA1
5797e37da5909e47e03d323abf884b573adf0840

SHA256
8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246

SHA512
0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\bg.pak

Filesize
182KB

MD5
7005e72419774fc1d78ba0718fca1b47

SHA1
bedcb1e0897a1a47a878bb820735d8e373a4b4f1

SHA256
2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d

SHA512
7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\bn.pak

Filesize
238KB

MD5
5670d1c74a07e5e9bb3853307ea2cfd7

SHA1
7cd7568d2bd4c64b8685bf17e3289afe923468b2

SHA256
706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a

SHA512
27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ca.pak

Filesize
115KB

MD5
5c5c2e574c8d51a61d9e58547d89b0df

SHA1
268d6a348c22616432191ae55bb8c34e039feac7

SHA256
4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73

SHA512
e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\cs.pak

Filesize
118KB

MD5
6310a8e1c7e8ca3a1611d78b4d67845b

SHA1
fa8cff4ec0b1cf3aca65e6745d9f31154dc48115

SHA256
10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e

SHA512
900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\da.pak

Filesize
108KB

MD5
42628b87e74b0a3a7cbce510f2ef674f

SHA1
c9fc502eac895690f4bd0bd3cd47b72819bfc342

SHA256
450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5

SHA512
ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\de.pak

Filesize
116KB

MD5
b48f5b846d1b32f8426255e8a03b4d20

SHA1
77272097e67ba495d73e3d82e3100237a1664fcc

SHA256
28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745

SHA512
07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\el.pak

Filesize
202KB

MD5
9d654962e91275c7538dabdb450a2f03

SHA1
3121a84f1035d7b44e4597ebe4857137b7172da6

SHA256
9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27

SHA512
0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\en-GB.pak

Filesize
95KB

MD5
dabd9d0434e128d6ae3feec3b2c2801e

SHA1
d7a25ac86c15f5d4a3b3d4b713a5302c5b385498

SHA256
dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835

SHA512
831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\en-US.pak

Filesize
95KB

MD5
214e2b52108bbde227209a00664d30a5

SHA1
e2ac97090a3935c8aa7aa466e87b67216284b150

SHA256
1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab

SHA512
9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\es-419.pak

Filesize
113KB

MD5
7b45d7be08eed5dfee3d12f0b7e6111d

SHA1
e14d2e0861d42bc31ea778237f77fd71c5dd32c8

SHA256
263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c

SHA512
dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\es.pak

Filesize
115KB

MD5
2c8b6b9b30b62618c65237943c030e6a

SHA1
887717930c8d070f0ba965c8a215478653d3845f

SHA256
4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4

SHA512
b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\et.pak

Filesize
104KB

MD5
7c8be63adae41cfa46a1a614de18e842

SHA1
eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4

SHA256
0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be

SHA512
4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fa.pak

Filesize
163KB

MD5
00bc7a02631c7de396537ee08deeec7c

SHA1
063c897b59cd70955cee3ca27d8743a0989f0a86

SHA256
93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec

SHA512
cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fi.pak

Filesize
106KB

MD5
4215d02d92e1be2e182197a0bb87ef29

SHA1
005cc2d1ed5039fc34fc14270344ebc938760554

SHA256
22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb

SHA512
b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fil.pak

Filesize
118KB

MD5
919d0bae6d964906176cec8530c019ba

SHA1
ab41e78a91314608ffa0cec927b4e001b3833e4a

SHA256
851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa

SHA512
1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fr.pak

Filesize
124KB

MD5
9442fbfc2b150479f4836706313e42c2

SHA1
4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f

SHA256
01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87

SHA512
4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\gu.pak

Filesize
228KB

MD5
2e015f0ad58e22b8eaf60e4d727aa3a0

SHA1
dba0b894f32ad6507ea6a41917c0631f06f2c03e

SHA256
168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c

SHA512
3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\he.pak

Filesize
143KB

MD5
70de839caf5f0caeccc5a2b7dd438583

SHA1
aa4b932b2313bca859568d62e8c12f9249d7bb81

SHA256
66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479

SHA512
73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\hi.pak

Filesize
236KB

MD5
361f04e0a4176ac478b7b7674779388c

SHA1
68b4e7a9a31e0f9450c856d073b8d03613ae9816

SHA256
95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c

SHA512
7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\hr.pak

Filesize
113KB

MD5
7bee03725ba9ace3cb2aaf64cf0c26a2

SHA1
076f0ce744bad1cf242325d5b2378b501e069d38

SHA256
e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941

SHA512
1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\hu.pak

Filesize
121KB

MD5
14d81146ec6e0ddf4b14fa7b2df372c3

SHA1
9c77f0f0c959f2cb21e283b352176596a77992fd

SHA256
588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568

SHA512
9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\id.pak

Filesize
103KB

MD5
d0517c1bf9a89e06ed2b510b9408e578

SHA1
71494250010ed09b55f3879488d4566808a8398b

SHA256
19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3

SHA512
20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\it.pak

Filesize
112KB

MD5
812115ccf85cb84b2ea167a16e16587b

SHA1
317e50a1c4c7d8c46554822b43a81a0d8237dfd6

SHA256
52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37

SHA512
5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ja.pak

Filesize
136KB

MD5
f8dcd5f1433d83464b44265449de812c

SHA1
47763205f105e19cadafdeb1cdec6f45001f2c58

SHA256
f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b

SHA512
76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\kn.pak

Filesize
260KB

MD5
acab21f3fafc58f1f42016f33d032158

SHA1
682f11e3c282724093179c85a7df7d0992495cd4

SHA256
8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f

SHA512
d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ko.pak

Filesize
114KB

MD5
95239fdef6e852df2d2e9d52dd99b622

SHA1
360be5e62ac4573ee1a6bfa7effbe245c039862d

SHA256
f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae

SHA512
0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\lt.pak

Filesize
123KB

MD5
6e6993270327064cad2ff0784f20585a

SHA1
924a2ce4fffee99f29cbee875cd5abab2e814888

SHA256
848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434

SHA512
f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\lv.pak

Filesize
123KB

MD5
e21a8a96d9f17e1f9e3ede2cb66eea9b

SHA1
e3f456b5d238ce2095e7a51a4250fe26c361bfdc

SHA256
1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090

SHA512
f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ml.pak

Filesize
274KB

MD5
7dabd95b96d90662432026c0a9ae1c22

SHA1
49eb49428d642bd906aed9b0b69870a843326efd

SHA256
50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5

SHA512
6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\mr.pak

Filesize
224KB

MD5
abcc39abc488cdbf73e44f53d74b15af

SHA1
982f12328342eddbacfbe45be577d839568c96e0

SHA256
5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54

SHA512
7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ms.pak

Filesize
106KB

MD5
53e8b7262db4c5b04ba5b39c07eddb32

SHA1
9cb8946966547630cee42de04eb8604e6bb5af86

SHA256
45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a

SHA512
c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\nb.pak

Filesize
105KB

MD5
bc1983b1c86badb361fe07031a93fa48

SHA1
5bd14d7d7a335dd6457377fc0eaed07a56c369e6

SHA256
229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d

SHA512
fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\nl.pak

Filesize
108KB

MD5
f1210067dc72e8c82444b2ad9a3f7897

SHA1
3cf8c6fcb93a5f79fe6190aa0551d673887125da

SHA256
d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9

SHA512
9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\pl.pak

Filesize
119KB

MD5
31200d5726b3d1cfbe9ac3bc7138a389

SHA1
e82f0300046e7cc9ffa13223c11cbb94d62c0dc6

SHA256
74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3

SHA512
8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\pt-BR.pak

Filesize
112KB

MD5
7f150a17a11d43e395f571dd23951d88

SHA1
f8b8d6f89f63d92f04156f2b44b36b6045fd3723

SHA256
72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9

SHA512
de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\pt-PT.pak

Filesize
113KB

MD5
553594ab0e163c6375ebe75524095dec

SHA1
199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5

SHA256
bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df

SHA512
30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ro.pak

Filesize
116KB

MD5
06a36fa95702b38e749568037634828e

SHA1
9c584a9b7a0446fbc44bf5fecab71ab1312a592f

SHA256
833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b

SHA512
33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ru.pak

Filesize
184KB

MD5
12836eeb93367830b3b88b404449a3e7

SHA1
2e2f66213fcb0ce5dc170753b8c11f9d96917d1c

SHA256
f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf

SHA512
7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sk.pak

Filesize
120KB

MD5
9ce4e3abe9d948f6a89759d0ab188dba

SHA1
447e5c8803d0284c69ffb990ac0060adf93f4d25

SHA256
5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2

SHA512
78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sl.pak

Filesize
114KB

MD5
7a75fa0fd3ddd471cdf9b15d3b3860ca

SHA1
f07e3e136768501e69e76529011003bd45fcc0a4

SHA256
d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959

SHA512
e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sr.pak

Filesize
174KB

MD5
b2555a29076995ccf01580f0f1b2f766

SHA1
284ed665f078620afdd6c7d074a6f9e26dbef1dd

SHA256
6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0

SHA512
a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sv.pak

Filesize
105KB

MD5
03154d7a3c69ec91714c799b86267a1d

SHA1
8671e9672002c58581488416f2320005140adedf

SHA256
3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b

SHA512
0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sw.pak

Filesize
107KB

MD5
0dad65bd01e92ec4001c8377a3f6900a

SHA1
91353a816b6b1d0aa5bf5342b8f2bd430da57286

SHA256
702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892

SHA512
98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ta.pak

Filesize
271KB

MD5
7503d3994d48911a38370095f5c83ec8

SHA1
a98917d5de0cc237d226ad64792fc9840bec0a0a

SHA256
5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33

SHA512
d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\te.pak

Filesize
252KB

MD5
b5e9289d02b4963d292bbb4210e9ab5d

SHA1
48382ab36b77cbec280833f587450270b5080a85

SHA256
6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9

SHA512
eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\th.pak

Filesize
214KB

MD5
687a80e1cb637003c3e5f05d3f4b89b4

SHA1
1dfdc6cfa02fd1671cf39094ad4b93109bef48f6

SHA256
daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654

SHA512
30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\tr.pak

Filesize
110KB

MD5
a38eea92c514716b8ab019ab792bf541

SHA1
cae203c3ed63807d4f2d89333540556b5e92e161

SHA256
54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd

SHA512
835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\uk.pak

Filesize
185KB

MD5
6f2f1b073ccef426c7eb49362123f2d0

SHA1
048921ad0cba17256e9838257d9f47969cdf6172

SHA256
57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f

SHA512
cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\vi.pak

Filesize
131KB

MD5
a01c81f3bd56d52c205ce6742dfe52c7

SHA1
3d325a2885ca11cdf69d17d66fe5048bb0c8bf25

SHA256
8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f

SHA512
e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\zh-CN.pak

Filesize
97KB

MD5
376ef5a6f076a9757f58d7b10526eb73

SHA1
9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e

SHA256
f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6

SHA512
e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\zh-TW.pak

Filesize
96KB

MD5
3d230011248333ed6cee72f667c8df45

SHA1
4114f307a31516bb6309fa9fc2572722b8d93d24

SHA256
b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1

SHA512
442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources.pak

Filesize
5.6MB

MD5
f616d69f6e582582930d06c5c18f0f70

SHA1
fde8e2653f2a5317492105bcabeb3565faaf74de

SHA256
bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855

SHA512
492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar

Filesize
66.3MB

MD5
f6c6ad773f93816165c624116e9d3419

SHA1
c360da20299d5c3cc048b7779e7649ac4aa5326f

SHA256
a6424c4b281f19eb973d47083ad641ef45b534daea729215c8dbf5f89faa8d89

SHA512
01667b291a6bc1dd735efaf03ab0b0a6b0f00a698e15be905a0101620e8cdaf77d5afbf69b5c11baf5ba4d39b476ec5417ed35b815284f0fa8f198b890fb5b89

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

Filesize
350B

MD5
8951565428aa6644f1505edb592ab38f

SHA1
9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2

SHA256
8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83

SHA512
7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Filesize
3KB

MD5
d226502c9bf2ae0a7f029bd7930be88e

SHA1
6be773fb30c7693b338f7c911b253e4f430c2f9b

SHA256
77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f

SHA512
93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

Filesize
13KB

MD5
da0f40d84d72ae3e9324ad9a040a2e58

SHA1
4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

SHA256
818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

SHA512
30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\snapshot_blob.bin

Filesize
48KB

MD5
dbe18c25f68d40444ea576a68e78a12e

SHA1
44453e3fa8400cbe6bb674adaaad4ea09dab0e14

SHA256
c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c

SHA512
7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\swiftshader\libEGL.dll

Filesize
445KB

MD5
e7dd19ed46c7a21d0101d1a5cc0fe39b

SHA1
89a51cd7d4c7a6f3dca571b24bce726568292ea1

SHA256
d8d1b787de2e2dae70ebb21dadf734dd11ceac03f9a873c911f4b2e2477b745c

SHA512
921f276efa055eb4136572e889e7741bd3fd776065f70495d6ede7d1cdf0cc933c67f9eec82bd5a5d30f77ec8bfce83f46d00e65ba1488ff95ee38004567105c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
3.0MB

MD5
f6fc51755690e7ae2380d7606c0303bf

SHA1
aa98430be7f0591b054b52db556d032c5e8dae3b

SHA256
7747ba44a1caa758106d3a2a67438933cca7e7ede2d564c2fa7be2b11b206506

SHA512
7974b4f1c64d512d0769e8d991b30a28697d561dd0e20927835059459a6f14d3ee5b04a7454e744481f10b1281a5b6b3091adb3212b59527528a35e05c57fa78

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\v8_context_snapshot.bin

Filesize
160KB

MD5
89f5b9dc2c1eccfce7c3681b8066125f

SHA1
273175d93ae554da7f63a6475426a6515d0c8cd1

SHA256
7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91

SHA512
469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\vk_swiftshader.dll

Filesize
4.3MB

MD5
679bbc7de5f8fccc8f68d1fc5d5d3156

SHA1
5dbe2043d1108f273c7f84d31183c01cb3e12624

SHA256
5ab2d9f61fc256b398b80a6223aa187041525b0891c36a9fe64bdc6e37c0bc55

SHA512
12b8d60d5debfc5c7281eb2a3b296d13c8a0254286f81321640dbc526ab00435a719691e755df5706b00a79d06f825b19968ba699ac72031a69dfabbdc95ff63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\vulkan-1.dll

Filesize
715KB

MD5
16cd9deb27a902f758d72f5fe3bfa94a

SHA1
b5209cf5493b1c7f93ee4cafea5586ae7ca3aa93

SHA256
a2c6fc4251700f4e5129d5363df8c69a43dff6d46dad61d76b9e75209eeab11a

SHA512
82a31cb2a93bd1fe317ef7a7d15b61ad02dfd636629f1e156e6b0ae81218218a1184d83512f0b549b1baae32c7845b7265b5b69094bb12c90cd2bb61a1a34570

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

Filesize
12KB

MD5
3f7beb165cfd632bbf67257850340b95

SHA1
16bb38f80886327e4cb594a3457e55a270a407a5

SHA256
47faed1e273b06078dbf48c95d97276f73147e9353f17f4e248cda81c8527dfc

SHA512
98d516bd25bc7c613770a4de73434e4b82eb3cbe27370f3da92d30cab4982075943eb2dcff43575ff0c23c3c4997f7b7407474345cee21b768382090c96b765c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC505355FEFCDB4D6AB2A43534D708270.TMP

Filesize
1KB

MD5
a6f2d21624678f54a2abed46e9f3ab17

SHA1
a2a6f07684c79719007d434cbd1cd2164565734a

SHA256
ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344

SHA512
0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

Download Submit
memory/768-824-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/768-827-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/888-685-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/888-680-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/996-760-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/1228-803-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/1228-799-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/1344-759-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/1344-816-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/1356-858-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/1472-568-0x00007FF9E3FD0000-0x00007FF9E3FD1000-memory.dmp

Filesize
4KB

Download
memory/1472-741-0x000002B512010000-0x000002B5120BD000-memory.dmp

Filesize
692KB

Download
memory/1544-872-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/1544-869-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/1796-862-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2228-781-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2228-716-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2336-817-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2340-833-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2452-737-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2452-839-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2452-798-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2452-842-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2616-754-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2616-693-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2620-761-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2620-696-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2684-780-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/2684-729-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3020-1807-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Filesize
4KB

Download
memory/3020-1805-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Filesize
4KB

Download
memory/3020-1806-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Filesize
4KB

Download
memory/3020-1798-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Filesize
4KB

Download
memory/3020-1802-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Filesize
4KB

Download
memory/3020-1803-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Filesize
4KB

Download
memory/3020-1796-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Filesize
4KB

Download
memory/3020-1797-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Filesize
4KB

Download
memory/3020-1808-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Filesize
4KB

Download
memory/3020-1804-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Filesize
4KB

Download
memory/3120-660-0x0000000000A90000-0x0000000000A9A000-memory.dmp

Filesize
40KB

Download
memory/3120-732-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3120-666-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3228-835-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3508-750-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3536-846-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3536-795-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3668-822-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3668-821-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3668-783-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3668-724-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3668-868-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3700-679-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3700-675-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3728-854-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3728-809-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3860-763-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/3860-701-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4156-867-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4300-775-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4316-847-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4368-829-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4368-774-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4552-852-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4552-849-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4572-768-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4572-710-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4572-762-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4572-707-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4676-797-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4676-790-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4692-859-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4692-812-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4740-787-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4740-782-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4844-805-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download
memory/4844-749-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

Filesize
10.8MB

Download