Malware Analysis Report

2024-11-30 03:30

Sample ID 240408-n8lmvsgf92
Target Node-js.exe
SHA256 79ae38d3832ab7d48543039eff6078538465eb83d8fbb124db2e319295ab5e68
Tags
epsilon persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

79ae38d3832ab7d48543039eff6078538465eb83d8fbb124db2e319295ab5e68

Threat Level: Known bad

The file Node-js.exe was found to be: Known bad.

Malicious Activity Summary

epsilon persistence spyware stealer

Epsilon Stealer

Reads user/profile data of web browsers

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Adds Run key to start application

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: CmdExeWriteProcessMemorySpam

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates processes with tasklist

Modifies Internet Explorer settings

Detects videocard installed

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 12:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win10v2004-20231215-en

Max time kernel

91s

Max time network

154s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 85.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win10v2004-20240226-en

Max time kernel

121s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"

Signatures

Epsilon Stealer

stealer epsilon

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsBootManager = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsBootManager.exe" C:\Windows\system32\reg.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4060 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 4060 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2932 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 1344 wrote to memory of 4560 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 1344 wrote to memory of 4560 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2932 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 2932 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 2932 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 2932 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 2932 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 2932 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 1516 wrote to memory of 3388 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1516 wrote to memory of 3388 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1848 wrote to memory of 4844 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 1848 wrote to memory of 4844 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 4792 wrote to memory of 2860 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 4792 wrote to memory of 2860 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Conhost.exe
PID 2932 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 2932 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 864 wrote to memory of 2076 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 864 wrote to memory of 2076 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"

C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe

C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=gpu-process --field-trial-handle=1648,11268517857202682625,14060108786690470399,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,11268517857202682625,14060108786690470399,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --mojo-platform-channel-handle=2080 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11mgm3d.g9cz.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-3gae49.9t45r.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES753F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC505355FEFCDB4D6AB2A43534D708270.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11mgm3d.g9cz.jpg"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES75CC.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC744C3DDCD4C544518E7AC87140573CE4.TMP"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15d7wam.zu2aj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15d7wam.zu2aj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c0yfe1.vx5n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c0yfe1.vx5n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ckz9a.7zc4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ckz9a.7zc4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-zpkorb.fxmo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-zpkorb.fxmo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1geqkqe.lnej.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1geqkqe.lnej.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jmx90q.nr5p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jmx90q.nr5p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13409v6.54ra.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13409v6.54ra.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ur7wba.bt3r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ur7wba.bt3r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ayp28c.d4u1k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ayp28c.d4u1k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-8eddbj.8h8u7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-8eddbj.8h8u7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fnkkco.udugi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fnkkco.udugi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15v46sm.41avl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15v46sm.41avl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-12oxt1s.g0fg.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-52aez.5m6kc3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-12oxt1s.g0fg.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-52aez.5m6kc3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1td0m2p.rwzvg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1td0m2p.rwzvg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15y4c8p.hiwh.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-h9kccm.1mn6j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15y4c8p.hiwh.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-h9kccm.1mn6j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wspw3i.t3pk.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-twgn5x.3siir.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wspw3i.t3pk.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-twgn5x.3siir.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-nns49f.vwhp.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-hb7ria.sydpa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-hb7ria.sydpa.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-nns49f.vwhp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-krpxdw.y1xdl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-krpxdw.y1xdl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-vp8u8e.zxxyl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-vp8u8e.zxxyl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xbe83n.kobv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xbe83n.kobv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-12h6c5f.hgn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-12h6c5f.hgn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u1jhob.yo13.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u1jhob.yo13.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ey82.6bk31.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ey82.6bk31.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-w860cg.eo7pp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-w860cg.eo7pp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-jmjogk.rh6sc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-jmjogk.rh6sc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p4wtzy.m9cek.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p4wtzy.m9cek.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fqx9hd.ttnn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fqx9hd.ttnn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rg1uyt.zy3g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rg1uyt.zy3g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-qt8n7i.34yjj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-qt8n7i.34yjj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-14p4i7i.ats8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-14p4i7i.ats8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-sck1m1.a6t2l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-sck1m1.a6t2l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-dycvbi.lmsc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-dycvbi.lmsc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18cs97c.gkmi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18cs97c.gkmi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-668pko.d2vdw.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-668pko.d2vdw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-9swaxi.direq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-9swaxi.direq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-3asdq6.4hyec.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-3asdq6.4hyec.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e3f0vt.gstl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e3f0vt.gstl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19ngp4o.t47l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19ngp4o.t47l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1oc9xg3.yih4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1oc9xg3.yih4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-igkcxr.y1k9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-igkcxr.y1k9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cp68a1.w9s4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cp68a1.w9s4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-135ioqp.6pzn.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-135ioqp.6pzn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cajjfe.5gd3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cajjfe.5gd3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-a83ocw.kyeq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-a83ocw.kyeq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-188m6gc.b68tl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-188m6gc.b68tl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1dnisk3.qu7rk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1dnisk3.qu7rk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d9yrll.8epui.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d9yrll.8epui.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13gfggr.p116.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13gfggr.p116.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k4pdd8.r6t7k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k4pdd8.r6t7k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fhxmg8.9y6bk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fhxmg8.9y6bk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16n60uh.b4xcg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16n60uh.b4xcg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18q6fxb.ozze.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18q6fxb.ozze.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ly3wj.5btj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ly3wj.5btj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tu43os.sgp9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tu43os.sgp9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-xkixw9.c3mxl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-xkixw9.c3mxl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-tcrpx5.w020t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-tcrpx5.w020t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gospy3.5e5vt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gospy3.5e5vt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1puoxef.1k3e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1puoxef.1k3e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mugz8u.orvy.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mugz8u.orvy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jf2jrv.jx4d.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jf2jrv.jx4d.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ioxw2q.wja8.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ioxw2q.wja8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ot4w7.dmk8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ot4w7.dmk8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13kchp1.5g0y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13kchp1.5g0y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-caym2z.60lde.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-caym2z.60lde.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-doehpk.33mue.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-doehpk.33mue.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-isdigu.ao38n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-isdigu.ao38n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ii7ae9.mawif.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ii7ae9.mawif.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-10isx6u.a6g6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-10isx6u.a6g6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nn6be8.t243.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nn6be8.t243.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-m6a7ue.hhv6b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-m6a7ue.hhv6b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ts3nxh.kx3n8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ts3nxh.kx3n8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fkl6pn.rgsn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fkl6pn.rgsn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-6asebt.hmn23.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-6asebt.hmn23.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f8whtc.owkz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f8whtc.owkz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-mbuk1p.zqyke.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-mbuk1p.zqyke.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-x7yx4v.vi9e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-x7yx4v.vi9e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t96niy.uv5x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t96niy.uv5x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13rwf8o.lziz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13rwf8o.lziz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2dtpz.eoso.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2dtpz.eoso.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fb9gcv.c703b.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fb9gcv.c703b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-68vfpa.w57cb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-68vfpa.w57cb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cyn31g.jjspk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cyn31g.jjspk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fpvwhp.n7n9i.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fpvwhp.n7n9i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-skaehp.924cp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-skaehp.924cp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xqwhk.p5pu.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xqwhk.p5pu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1msl9nm.7tzb.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1msl9nm.7tzb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1b93k55.b0cr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1b93k55.b0cr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qpsju9.l5xe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qpsju9.l5xe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-scnvi5.edrk.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-scnvi5.edrk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-10s7hfm.ewil.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-10s7hfm.ewil.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d6q4rs.y9b2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d6q4rs.y9b2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fuwobj.dsw8.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fuwobj.dsw8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qlhsyd.g71g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qlhsyd.g71g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18b6vey.m32v.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18b6vey.m32v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-qlxmpw.m3q8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-qlxmpw.m3q8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m5opic.m4xv.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m5opic.m4xv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-m35p50.t2v68.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-m35p50.t2v68.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c8u5bc.r67a.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c8u5bc.r67a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-bf55ef.ngazr.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-bf55ef.ngazr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-bp0j1a.v2omf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-bp0j1a.v2omf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sjjsuw.4sjjf.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sjjsuw.4sjjf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-hnjjej.6rh6b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-hnjjej.6rh6b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jqge9s.rdzc.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jqge9s.rdzc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ex9f2e.f7ov.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ex9f2e.f7ov.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-l9kov.fk863l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-l9kov.fk863l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ppvtg4.6r0i.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ppvtg4.6r0i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yn82me.loig.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yn82me.loig.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ohdl9v.6n7j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ohdl9v.6n7j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11t4ehr.a23q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11t4ehr.a23q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p6i4v0.i23v.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p6i4v0.i23v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xf8x0.h1ex.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xf8x0.h1ex.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-k06pgk.radg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-k06pgk.radg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-y62cdq.gsl9c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-y62cdq.gsl9c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-85df19.ro86m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-85df19.ro86m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-wqqwpt.y9rh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-wqqwpt.y9rh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-btp3t0.isdaa.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-btp3t0.isdaa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1leucyt.xg2o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1leucyt.xg2o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ocplk8.dxun.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ocplk8.dxun.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-86awi1.p30j6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-86awi1.p30j6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1swq8uf.pzjv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1swq8uf.pzjv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p2d26q.3l14.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p2d26q.3l14.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-iitlnz.grigl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-iitlnz.grigl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19i7dyu.o0sz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19i7dyu.o0sz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-17s92if.3rv1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-17s92if.3rv1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1kgi1uu.f82vk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1kgi1uu.f82vk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wgid6p.3vqp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wgid6p.3vqp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-scz54o.xfsr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-scz54o.xfsr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gli3q3.7wae.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gli3q3.7wae.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-wsis7w.2t6k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-wsis7w.2t6k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18kft1z.8udwl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18kft1z.8udwl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-158ri4l.cd1g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-158ri4l.cd1g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16du1qy.jjyy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16du1qy.jjyy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xz34rl.nvx3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xz34rl.nvx3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-i1cfgs.w4hpo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-i1cfgs.w4hpo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-5zrdci.bzil6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-5zrdci.bzil6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sm1t2x.jjuo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sm1t2x.jjuo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-z3houf.gddg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-z3houf.gddg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1aknqlf.y3pi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1aknqlf.y3pi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1743pmu.jmqj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1743pmu.jmqj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cl91k8.b1bdk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cl91k8.b1bdk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-4xhs98.g33na.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-4xhs98.g33na.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13ghy02.uyh6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13ghy02.uyh6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2yhc2.hmax.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2yhc2.hmax.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1skvqgk.gcmu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1skvqgk.gcmu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-k5jqkf.cl3n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-k5jqkf.cl3n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-7nzzi0.itgj2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-7nzzi0.itgj2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16sk3o3.fv6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16sk3o3.fv6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18ye3bc.8lru.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18ye3bc.8lru.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bjqv53.reza.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bjqv53.reza.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-147i4ok.e6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-147i4ok.e6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-y9bb7m.mec6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-y9bb7m.mec6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n8gqrv.hhlc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n8gqrv.hhlc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-l8y4at.l1gz8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-l8y4at.l1gz8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u9bpin.aj7b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u9bpin.aj7b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d2z50m.h0dz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d2z50m.h0dz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-jqu6gj.0rwv7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-jqu6gj.0rwv7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-9sh4mi.1rddg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-9sh4mi.1rddg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-bopeal.zbono.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-bopeal.zbono.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-s3ime1.5jpb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-s3ime1.5jpb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mgma7w.tkcc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mgma7w.tkcc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cn2m9e.g47p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cn2m9e.g47p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-jydrhx.6arqo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-jydrhx.6arqo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-mg62r5.lq7o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-mg62r5.lq7o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19sxnj9.6k1bf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19sxnj9.6k1bf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xwx0rh.1lp5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xwx0rh.1lp5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d36evx.21vl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d36evx.21vl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-b64zif.mwz3i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-b64zif.mwz3i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t6mi1x.jlev.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t6mi1x.jlev.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1txfl9b.ee8i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1txfl9b.ee8i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wsw78.54zk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wsw78.54zk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1lmjmm.gsnsn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1lmjmm.gsnsn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-saddqm.nr11.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-saddqm.nr11.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yvzj9b.lakv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yvzj9b.lakv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n214t9.p0knl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n214t9.p0knl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-12d4kec.veso.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-12d4kec.veso.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-o8hus4.kuuud.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-o8hus4.kuuud.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-r90ltr.cbv6f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-r90ltr.cbv6f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e9zr41.po0jh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e9zr41.po0jh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-q8oto.9qr6b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-q8oto.9qr6b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rd7t7s.x63v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rd7t7s.x63v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-dq7ank.ftg8e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-dq7ank.ftg8e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1saoqjq.9n93.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1saoqjq.9n93.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1g89iae.ziuf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1g89iae.ziuf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-sdl4e4.ijntj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-sdl4e4.ijntj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-zmx2ut.5sk6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-zmx2ut.5sk6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-14y8pgs.hmo9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-14y8pgs.hmo9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-v8ex1j.tnlr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-v8ex1j.tnlr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-rmlypu.5mltr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-rmlypu.5mltr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ibujs3.3ifxm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ibujs3.3ifxm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gaq3w7.97vqq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gaq3w7.97vqq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gohp57.v9qtj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gohp57.v9qtj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vpt4vb.uxs2g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vpt4vb.uxs2g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-tbqr0h.rse9i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-tbqr0h.rse9i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qps6ww.fibm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qps6ww.fibm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k3rkas.3pim.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k3rkas.3pim.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16qj61x.gc0bi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16qj61x.gc0bi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bihmuv.4ba6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bihmuv.4ba6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e948w9.avu3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e948w9.avu3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-sz7mjx.mje2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-sz7mjx.mje2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-w1l6xp.4nma.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-w1l6xp.4nma.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f2yb7r.6gxi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f2yb7r.6gxi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1uve92t.snpw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1uve92t.snpw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-pxpb8p.rdo5l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-pxpb8p.rdo5l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1im0bma.broy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1im0bma.broy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gan3uv.50hf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gan3uv.50hf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gl3c7g.d7u95.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gl3c7g.d7u95.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t4rj6g.ijd7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t4rj6g.ijd7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-17wy0tb.hlrs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-17wy0tb.hlrs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-4fj3ef.05gb6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-4fj3ef.05gb6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nqpw26.uuik.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nqpw26.uuik.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-egbcuy.hugb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-egbcuy.hugb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w6q69a.xr16.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w6q69a.xr16.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vljwx1.2r67.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vljwx1.2r67.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1hd6w7h.kgh0j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1hd6w7h.kgh0j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-78k66s.rrs5f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-78k66s.rrs5f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ak23hd.lgfeo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ak23hd.lgfeo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-kfjhpa.1yrl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-kfjhpa.1yrl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-t0bp5b.a1rb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-t0bp5b.a1rb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-rwzzik.ebmw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-rwzzik.ebmw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1018gm4.mb6g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1018gm4.mb6g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-pnbt6b.cf96k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-pnbt6b.cf96k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11m7rg5.9lww.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11m7rg5.9lww.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m9n28k.z1wp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m9n28k.z1wp.jpg"

C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=gpu-process --field-trial-handle=1648,11268517857202682625,14060108786690470399,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADoAAAIAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qq3l2o.10fm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qq3l2o.10fm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ye7lw8.sw6gh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ye7lw8.sw6gh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1j6335r.eljc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1j6335r.eljc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h1pslh.3jj6f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h1pslh.3jj6f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1s9i7ul.ssd0h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1s9i7ul.ssd0h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-7abjpi.vx9di.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-7abjpi.vx9di.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tn86xv.kha7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tn86xv.kha7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15l14nb.35ee.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15l14nb.35ee.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18g8khf.ze03.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18g8khf.ze03.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-aix2ch.173b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-aix2ch.173b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-160t8h2.bi5cl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-160t8h2.bi5cl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-dej18m.n2nte.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-dej18m.n2nte.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1op54vw.zvqml.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1op54vw.zvqml.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ushp1l.x0pv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ushp1l.x0pv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mho4b2.x5m1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mho4b2.x5m1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-8r0954.hkrc4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-8r0954.hkrc4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1o4acz0.u8ec.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1o4acz0.u8ec.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-e0504r.qfh7m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-e0504r.qfh7m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-90d40m.cv6pv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-90d40m.cv6pv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1pp8m8p.qkj5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1pp8m8p.qkj5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-p9p00b.ew09.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-p9p00b.ew09.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fys60q.jxknb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fys60q.jxknb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w33ods.yei9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w33ods.yei9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1458v5l.ov4z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1458v5l.ov4z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18x3155.fiq5i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18x3155.fiq5i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-8st5cu.rykaj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-8st5cu.rykaj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1r5lnss.m682.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1r5lnss.m682.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1y2olqa.b3c3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1y2olqa.b3c3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-10zvdx1.jpmn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-10zvdx1.jpmn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-r48ugh.t7bw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-r48ugh.t7bw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-luxfmd.9lac.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-luxfmd.9lac.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qcv4bk.ko5s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qcv4bk.ko5s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-td1w28.ar1xs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-td1w28.ar1xs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-vy248l.lixgr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-vy248l.lixgr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-5rzyfx.9yagj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-5rzyfx.9yagj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-v9jk8f.qhw7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-v9jk8f.qhw7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ha51zd.yp59.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ha51zd.yp59.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-190tn3a.tu08.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-190tn3a.tu08.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-xzzfhu.lrr1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-xzzfhu.lrr1.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 119.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 whoevenareyou.equi-hosting.fr tcp
US 188.114.96.2:443 tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\chrome_100_percent.pak

MD5 0fd0a948532d8c353c7227ae69ed7800
SHA1 c6679bfb70a212b6bc570cbdf3685946f8f9464c
SHA256 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf
SHA512 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\chrome_200_percent.pak

MD5 1014a2ee8ee705c5a1a56cda9a8e72ee
SHA1 5492561fb293955f30e95a5f3413a14bca512c30
SHA256 ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57
SHA512 ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\ffmpeg.dll

MD5 7dc7b2fb25544a613deaa08b05805d75
SHA1 2cb49bd3427534dbfe00c8929317346c2232a024
SHA256 11c431e680b512e215ea11b64489c865c29aef4c116afae99941712015260d07
SHA512 21c7bcf25a97012c23a58fbe896c5396e889cefd3370735d0d26d0e71eb7bde4b794ccfc56c75bbcf423e1380e3dc5943ac966ae96a57b98860bbbadc8b72996

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\LICENSES.chromium.html

MD5 27206d29e7a2d80ee16f7f02ee89fb0f
SHA1 3cf857751158907166f87ed03f74b40621e883ef
SHA256 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab
SHA512 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\libGLESv2.dll

MD5 368a951df457bbe926e384e452e2c42b
SHA1 3e8f89c4ccbc406824502f6cc0966e74ca8808a2
SHA256 47514cc1d5e169ac196113e795040d5d4f32bc382a1b05b0c9e429c428c7c3df
SHA512 799bf188e4128ed0e7291183a0070b71601dcc65a393f40f3e25d7c72f637cc820bd06affa1d109e056ef9c2cf20ab218af13da194dd1d183983bf9878df79fd

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\libEGL.dll

MD5 221921bf5e21a84382fe89d21b744356
SHA1 1b72a53fd663e73c3950d8b1c6140db3cdb6f78a
SHA256 175cd7579b98522229ff530789f351c5e052bc28691e75da2b696bea926100a4
SHA512 05d8b1b6c87a95be3c2f42268cc1dcb44db3595d86d45be31211486ee9355f05846d5d4964cd426de6772636348a0a1dd33716a2b2731ca02c451f3bf72fdbfd

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\icudtl.dat

MD5 224ba45e00bbbb237b34f0facbb550bf
SHA1 1b0f81da88149d9c610a8edf55f8f12a87ca67de
SHA256 8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc
SHA512 c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\Node-js.exe

MD5 06295a324f405a3c7082f1fbadc35f1e
SHA1 513108b3aeb2ad8491c6dd1ad74d4711bc85b2f8
SHA256 80770adbb4d1c5d6736eb80e2aa0246965a76ea99517f0e1a77c16d0f0fc4957
SHA512 41205e55908be61c0bd81fe904710b88dfb1e37d06b1c48d5b66b16f4c52ce2101991f158da3fa228e9b5511cc30563fdf6329c75a4c49554ce294c5ca0d48c7

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources.pak

MD5 f616d69f6e582582930d06c5c18f0f70
SHA1 fde8e2653f2a5317492105bcabeb3565faaf74de
SHA256 bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855
SHA512 492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\v8_context_snapshot.bin

MD5 89f5b9dc2c1eccfce7c3681b8066125f
SHA1 273175d93ae554da7f63a6475426a6515d0c8cd1
SHA256 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91
SHA512 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\snapshot_blob.bin

MD5 dbe18c25f68d40444ea576a68e78a12e
SHA1 44453e3fa8400cbe6bb674adaaad4ea09dab0e14
SHA256 c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c
SHA512 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\vk_swiftshader.dll

MD5 679bbc7de5f8fccc8f68d1fc5d5d3156
SHA1 5dbe2043d1108f273c7f84d31183c01cb3e12624
SHA256 5ab2d9f61fc256b398b80a6223aa187041525b0891c36a9fe64bdc6e37c0bc55
SHA512 12b8d60d5debfc5c7281eb2a3b296d13c8a0254286f81321640dbc526ab00435a719691e755df5706b00a79d06f825b19968ba699ac72031a69dfabbdc95ff63

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\vulkan-1.dll

MD5 16cd9deb27a902f758d72f5fe3bfa94a
SHA1 b5209cf5493b1c7f93ee4cafea5586ae7ca3aa93
SHA256 a2c6fc4251700f4e5129d5363df8c69a43dff6d46dad61d76b9e75209eeab11a
SHA512 82a31cb2a93bd1fe317ef7a7d15b61ad02dfd636629f1e156e6b0ae81218218a1184d83512f0b549b1baae32c7845b7265b5b69094bb12c90cd2bb61a1a34570

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\cs.pak

MD5 6310a8e1c7e8ca3a1611d78b4d67845b
SHA1 fa8cff4ec0b1cf3aca65e6745d9f31154dc48115
SHA256 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e
SHA512 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ca.pak

MD5 5c5c2e574c8d51a61d9e58547d89b0df
SHA1 268d6a348c22616432191ae55bb8c34e039feac7
SHA256 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73
SHA512 e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fa.pak

MD5 00bc7a02631c7de396537ee08deeec7c
SHA1 063c897b59cd70955cee3ca27d8743a0989f0a86
SHA256 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec
SHA512 cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\et.pak

MD5 7c8be63adae41cfa46a1a614de18e842
SHA1 eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4
SHA256 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be
SHA512 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\es.pak

MD5 2c8b6b9b30b62618c65237943c030e6a
SHA1 887717930c8d070f0ba965c8a215478653d3845f
SHA256 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4
SHA512 b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\lt.pak

MD5 6e6993270327064cad2ff0784f20585a
SHA1 924a2ce4fffee99f29cbee875cd5abab2e814888
SHA256 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434
SHA512 f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ko.pak

MD5 95239fdef6e852df2d2e9d52dd99b622
SHA1 360be5e62ac4573ee1a6bfa7effbe245c039862d
SHA256 f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae
SHA512 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\kn.pak

MD5 acab21f3fafc58f1f42016f33d032158
SHA1 682f11e3c282724093179c85a7df7d0992495cd4
SHA256 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f
SHA512 d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ja.pak

MD5 f8dcd5f1433d83464b44265449de812c
SHA1 47763205f105e19cadafdeb1cdec6f45001f2c58
SHA256 f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b
SHA512 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\it.pak

MD5 812115ccf85cb84b2ea167a16e16587b
SHA1 317e50a1c4c7d8c46554822b43a81a0d8237dfd6
SHA256 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37
SHA512 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\id.pak

MD5 d0517c1bf9a89e06ed2b510b9408e578
SHA1 71494250010ed09b55f3879488d4566808a8398b
SHA256 19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3
SHA512 20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\hu.pak

MD5 14d81146ec6e0ddf4b14fa7b2df372c3
SHA1 9c77f0f0c959f2cb21e283b352176596a77992fd
SHA256 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568
SHA512 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\hr.pak

MD5 7bee03725ba9ace3cb2aaf64cf0c26a2
SHA1 076f0ce744bad1cf242325d5b2378b501e069d38
SHA256 e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941
SHA512 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\hi.pak

MD5 361f04e0a4176ac478b7b7674779388c
SHA1 68b4e7a9a31e0f9450c856d073b8d03613ae9816
SHA256 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c
SHA512 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\he.pak

MD5 70de839caf5f0caeccc5a2b7dd438583
SHA1 aa4b932b2313bca859568d62e8c12f9249d7bb81
SHA256 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479
SHA512 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\gu.pak

MD5 2e015f0ad58e22b8eaf60e4d727aa3a0
SHA1 dba0b894f32ad6507ea6a41917c0631f06f2c03e
SHA256 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c
SHA512 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fr.pak

MD5 9442fbfc2b150479f4836706313e42c2
SHA1 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f
SHA256 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87
SHA512 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fil.pak

MD5 919d0bae6d964906176cec8530c019ba
SHA1 ab41e78a91314608ffa0cec927b4e001b3833e4a
SHA256 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa
SHA512 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fi.pak

MD5 4215d02d92e1be2e182197a0bb87ef29
SHA1 005cc2d1ed5039fc34fc14270344ebc938760554
SHA256 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb
SHA512 b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\es-419.pak

MD5 7b45d7be08eed5dfee3d12f0b7e6111d
SHA1 e14d2e0861d42bc31ea778237f77fd71c5dd32c8
SHA256 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c
SHA512 dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\en-US.pak

MD5 214e2b52108bbde227209a00664d30a5
SHA1 e2ac97090a3935c8aa7aa466e87b67216284b150
SHA256 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab
SHA512 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\en-GB.pak

MD5 dabd9d0434e128d6ae3feec3b2c2801e
SHA1 d7a25ac86c15f5d4a3b3d4b713a5302c5b385498
SHA256 dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835
SHA512 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\el.pak

MD5 9d654962e91275c7538dabdb450a2f03
SHA1 3121a84f1035d7b44e4597ebe4857137b7172da6
SHA256 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27
SHA512 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\de.pak

MD5 b48f5b846d1b32f8426255e8a03b4d20
SHA1 77272097e67ba495d73e3d82e3100237a1664fcc
SHA256 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745
SHA512 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\da.pak

MD5 42628b87e74b0a3a7cbce510f2ef674f
SHA1 c9fc502eac895690f4bd0bd3cd47b72819bfc342
SHA256 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5
SHA512 ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\bn.pak

MD5 5670d1c74a07e5e9bb3853307ea2cfd7
SHA1 7cd7568d2bd4c64b8685bf17e3289afe923468b2
SHA256 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a
SHA512 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\bg.pak

MD5 7005e72419774fc1d78ba0718fca1b47
SHA1 bedcb1e0897a1a47a878bb820735d8e373a4b4f1
SHA256 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d
SHA512 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ar.pak

MD5 5209516dee9d9ce64854b70da199108c
SHA1 5797e37da5909e47e03d323abf884b573adf0840
SHA256 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246
SHA512 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\am.pak

MD5 985be89267e0d559bffd4b66380e5e53
SHA1 fa33e9bbfff5a89dcc26f52634561e27c1cf0e05
SHA256 bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b
SHA512 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\lv.pak

MD5 e21a8a96d9f17e1f9e3ede2cb66eea9b
SHA1 e3f456b5d238ce2095e7a51a4250fe26c361bfdc
SHA256 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090
SHA512 f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\mr.pak

MD5 abcc39abc488cdbf73e44f53d74b15af
SHA1 982f12328342eddbacfbe45be577d839568c96e0
SHA256 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54
SHA512 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ml.pak

MD5 7dabd95b96d90662432026c0a9ae1c22
SHA1 49eb49428d642bd906aed9b0b69870a843326efd
SHA256 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5
SHA512 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ms.pak

MD5 53e8b7262db4c5b04ba5b39c07eddb32
SHA1 9cb8946966547630cee42de04eb8604e6bb5af86
SHA256 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a
SHA512 c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\nb.pak

MD5 bc1983b1c86badb361fe07031a93fa48
SHA1 5bd14d7d7a335dd6457377fc0eaed07a56c369e6
SHA256 229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d
SHA512 fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\nl.pak

MD5 f1210067dc72e8c82444b2ad9a3f7897
SHA1 3cf8c6fcb93a5f79fe6190aa0551d673887125da
SHA256 d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9
SHA512 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\pl.pak

MD5 31200d5726b3d1cfbe9ac3bc7138a389
SHA1 e82f0300046e7cc9ffa13223c11cbb94d62c0dc6
SHA256 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3
SHA512 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\pt-BR.pak

MD5 7f150a17a11d43e395f571dd23951d88
SHA1 f8b8d6f89f63d92f04156f2b44b36b6045fd3723
SHA256 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9
SHA512 de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\pt-PT.pak

MD5 553594ab0e163c6375ebe75524095dec
SHA1 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5
SHA256 bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df
SHA512 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sk.pak

MD5 9ce4e3abe9d948f6a89759d0ab188dba
SHA1 447e5c8803d0284c69ffb990ac0060adf93f4d25
SHA256 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2
SHA512 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ru.pak

MD5 12836eeb93367830b3b88b404449a3e7
SHA1 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c
SHA256 f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf
SHA512 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ro.pak

MD5 06a36fa95702b38e749568037634828e
SHA1 9c584a9b7a0446fbc44bf5fecab71ab1312a592f
SHA256 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b
SHA512 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sl.pak

MD5 7a75fa0fd3ddd471cdf9b15d3b3860ca
SHA1 f07e3e136768501e69e76529011003bd45fcc0a4
SHA256 d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959
SHA512 e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sr.pak

MD5 b2555a29076995ccf01580f0f1b2f766
SHA1 284ed665f078620afdd6c7d074a6f9e26dbef1dd
SHA256 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0
SHA512 a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sw.pak

MD5 0dad65bd01e92ec4001c8377a3f6900a
SHA1 91353a816b6b1d0aa5bf5342b8f2bd430da57286
SHA256 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892
SHA512 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sv.pak

MD5 03154d7a3c69ec91714c799b86267a1d
SHA1 8671e9672002c58581488416f2320005140adedf
SHA256 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b
SHA512 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ta.pak

MD5 7503d3994d48911a38370095f5c83ec8
SHA1 a98917d5de0cc237d226ad64792fc9840bec0a0a
SHA256 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33
SHA512 d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\te.pak

MD5 b5e9289d02b4963d292bbb4210e9ab5d
SHA1 48382ab36b77cbec280833f587450270b5080a85
SHA256 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9
SHA512 eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\th.pak

MD5 687a80e1cb637003c3e5f05d3f4b89b4
SHA1 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6
SHA256 daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654
SHA512 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\vi.pak

MD5 a01c81f3bd56d52c205ce6742dfe52c7
SHA1 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25
SHA256 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f
SHA512 e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\uk.pak

MD5 6f2f1b073ccef426c7eb49362123f2d0
SHA1 048921ad0cba17256e9838257d9f47969cdf6172
SHA256 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f
SHA512 cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\tr.pak

MD5 a38eea92c514716b8ab019ab792bf541
SHA1 cae203c3ed63807d4f2d89333540556b5e92e161
SHA256 54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd
SHA512 835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\zh-CN.pak

MD5 376ef5a6f076a9757f58d7b10526eb73
SHA1 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e
SHA256 f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6
SHA512 e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\zh-TW.pak

MD5 3d230011248333ed6cee72f667c8df45
SHA1 4114f307a31516bb6309fa9fc2572722b8d93d24
SHA256 b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1
SHA512 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar

MD5 f6c6ad773f93816165c624116e9d3419
SHA1 c360da20299d5c3cc048b7779e7649ac4aa5326f
SHA256 a6424c4b281f19eb973d47083ad641ef45b534daea729215c8dbf5f89faa8d89
SHA512 01667b291a6bc1dd735efaf03ab0b0a6b0f00a698e15be905a0101620e8cdaf77d5afbf69b5c11baf5ba4d39b476ec5417ed35b815284f0fa8f198b890fb5b89

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

MD5 d226502c9bf2ae0a7f029bd7930be88e
SHA1 6be773fb30c7693b338f7c911b253e4f430c2f9b
SHA256 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f
SHA512 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\swiftshader\libEGL.dll

MD5 e7dd19ed46c7a21d0101d1a5cc0fe39b
SHA1 89a51cd7d4c7a6f3dca571b24bce726568292ea1
SHA256 d8d1b787de2e2dae70ebb21dadf734dd11ceac03f9a873c911f4b2e2477b745c
SHA512 921f276efa055eb4136572e889e7741bd3fd776065f70495d6ede7d1cdf0cc933c67f9eec82bd5a5d30f77ec8bfce83f46d00e65ba1488ff95ee38004567105c

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 f6fc51755690e7ae2380d7606c0303bf
SHA1 aa98430be7f0591b054b52db556d032c5e8dae3b
SHA256 7747ba44a1caa758106d3a2a67438933cca7e7ede2d564c2fa7be2b11b206506
SHA512 7974b4f1c64d512d0769e8d991b30a28697d561dd0e20927835059459a6f14d3ee5b04a7454e744481f10b1281a5b6b3091adb3212b59527528a35e05c57fa78

C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\78199c5c-5a15-4a3b-9c67-c74c5d6f2539.tmp.node

MD5 8982448cb4f28b82876befe6e8af25d1
SHA1 4d3b2fb5b42fc27c1ac9363003abc16ada188581
SHA256 78734316565f73b735bc3acb4c8bc6b41fe886ca20ee81e620dbea1e23e1fb38
SHA512 3edef33d5cd40f3432aeae603e725f0aacd6e7e387cc6723eac8d3030c3c78e43539a5e6e63c75a4acfd24e9c9fc8913d204ba6523be01ca31cca9a181a49a4b

memory/1472-568-0x00007FF9E3FD0000-0x00007FF9E3FD1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fab691c6-b8f9-471f-b9a9-8d4ee0da5607.tmp.node

MD5 30af610789f7032760077d9c1197d0f3
SHA1 b57027046f9c7b3d4cda0aef5c8baa334b6fc339
SHA256 64d0ead558c2ad1676574a0603111bf683286ea151daa2733c64739764de4722
SHA512 457dfb6de5b0ea065a8736447c3d63eb70161dffb1a4b5e2e0f9cdc579c5422cf305ffa48f90a847c5d98cf7888cb7022494c4e280ba7fe49c1e3035a81ca0a4

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC505355FEFCDB4D6AB2A43534D708270.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES753F.tmp

MD5 edba54bccba7cab28cabe04b5778c5af
SHA1 3227e37d93b8b4e49bee2d88db6c78129f1b6d51
SHA256 fbefed34f207224e7bd701b01479fcefb84a14802a45484c50fb31927df40ace
SHA512 4fed08396fbd37f04b991937bcc76cbb8a42f37b8755efdf17a39c6e709b684b742e45bde65173466da609d3ead30b1f6ff3fd41b076ca0cc1a5ca24bad5206a

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 3f7beb165cfd632bbf67257850340b95
SHA1 16bb38f80886327e4cb594a3457e55a270a407a5
SHA256 47faed1e273b06078dbf48c95d97276f73147e9353f17f4e248cda81c8527dfc
SHA512 98d516bd25bc7c613770a4de73434e4b82eb3cbe27370f3da92d30cab4982075943eb2dcff43575ff0c23c3c4997f7b7407474345cee21b768382090c96b765c

memory/3120-660-0x0000000000A90000-0x0000000000A9A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RES75CC.tmp

MD5 83bc4086608a2242aa664ec383810902
SHA1 972eebf0284c5ce8a02a45a14d80cfb1708a382b
SHA256 6a6ba0c5403172677646673382001db3eeb3dee258d5e54138ce76a8723d48db
SHA512 7e0ed5293c24786fb1c9ac8b96068a3143a71b15f36c1aaed056242479dfc7dc5006ba669fb70f67f7e76d219934a81b9487caeccae162ee6b11c726bf9cd10f

memory/3120-666-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\202438-2932-11mgm3d.g9cz.jpg

MD5 49b2e129e5dcb0f589c703e186fdc579
SHA1 56dbe4783e34243b57813358cdd4018af190d911
SHA256 997769368730f7ffc2f54e12cebf2efcbbb4d7c5c41df62a40634323aba2ab4a
SHA512 8a55b55b7f3b2170bb8ea3b76af60961e4e8ce94ebd946f64d4dd8fcc53750b18be86ba9b522a27801532a35dfa9bd8274ac2e5e7940f3c2091ae640db387914

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

MD5 f3ac7a0e31b9af1b495241eff29915ad
SHA1 286fe23eba741cd3fca3f3e9a919021946655392
SHA256 f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a
SHA512 b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210

memory/3700-675-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/888-680-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3700-679-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/888-685-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2616-693-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2620-696-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3860-701-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4572-710-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4572-707-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2228-716-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3668-724-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2684-729-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3120-732-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2452-737-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/1472-741-0x000002B512010000-0x000002B5120BD000-memory.dmp

memory/4844-749-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3508-750-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2616-754-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/1344-759-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/996-760-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2620-761-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4572-762-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3860-763-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4572-768-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4300-775-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4368-774-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2228-781-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4740-782-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3668-783-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2684-780-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4740-787-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4676-790-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3536-795-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4676-797-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2452-798-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/1228-799-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/1228-803-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4844-805-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3728-809-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4692-812-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/1344-816-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2336-817-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3668-822-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3668-821-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/768-824-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/768-827-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4368-829-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2340-833-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3228-835-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2452-839-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/2452-842-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3536-846-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4316-847-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4552-849-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4552-852-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3728-854-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/1356-858-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/1796-862-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4692-859-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/4156-867-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3668-868-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/1544-869-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/1544-872-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp

memory/3020-1796-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

memory/3020-1798-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

memory/3020-1797-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

memory/3020-1803-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

memory/3020-1802-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

memory/3020-1805-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

memory/3020-1804-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

memory/3020-1807-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

memory/3020-1806-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

memory/3020-1808-0x0000023360DF0000-0x0000023360DF1000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win7-20240319-en

Max time kernel

122s

Max time network

134s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

162s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3936 --field-trial-handle=2232,i,11267738607351977302,107266978269557304,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
DE 216.58.206.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 42.206.58.216.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20240215-en

Max time kernel

117s

Max time network

118s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win10v2004-20240226-en

Max time kernel

144s

Max time network

157s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 85.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
NL 52.111.243.29:443 tcp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 72.246.173.187:80 www.microsoft.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 187.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20240221-en

Max time kernel

118s

Max time network

126s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 224

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20240319-en

Max time kernel

29s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2968 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2968 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2968 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2968 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
PID 2400 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 2400 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe
PID 1736 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe
PID 1736 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe
PID 2400 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe C:\Windows\system32\conhost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"

C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe

C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=gpu-process --field-trial-handle=1128,12790241130063352255,4611309582561463643,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=gpu-process --field-trial-handle=1128,12790241130063352255,4611309582561463643,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1200 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1nsgefp.11jr.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-fuyfpt.9dbp.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hqyxy8.rrb4.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-kqjasl.9xcqd.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-19gifde.qba2.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1imhzz0.f3l.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-f1m00z.e1cdw.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1j4nbl5.oqu6.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-145dy2p.gq26g.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ngmtj5.lw6t.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ghery0.pbv1.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1tqv1g0.8d2q.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1wbin9s.to06.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-i61cc8.esks.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1kxpmut.wem9.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1aisms8.rs5rk.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ivoyu7.n3p4.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "7123041801751793660-807559248469464351060127821509691080-1271640710840630956"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1q9r5dx.3i4n.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1iggk3o.ruts.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-e0zodq.b4a94.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-t8j58g.60t1.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ml2nfa.flw8j.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-pn61mx.nav9e.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1c6j7lu.cbhfg.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-184wdlq.py69.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-8h62qh.gjfc.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1w13rhm.eh83i.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ueimz.22dib.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES417.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC6537DB1643F47B59A6B21FCBCE03D50.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES416.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC54D72BF2E614AC293559C353DF66B56.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES419.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC4959CC1197194516A614D36F525432D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-7q8fdd.moj3y.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1dhlp3z.9zwp.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-owyhxr.w2qb.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xh8f3y.srfy.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-uhljml.ko9yc.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hlj832.d0wa.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1nueos7.svoz.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES426.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC922C3FE169CD415CB7FEA05FE43990EA.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES483.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC91D7BD9987441968435D341E33D5D2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES418.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC807148D6ED654492AA9E2435AE9F4F7.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES436.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5DBCD18A5D44DC3AB159283F0EBF02B.TMP"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hqyxy8.rrb4.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-145dy2p.gq26g.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xh8f3y.srfy.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-uhljml.ko9yc.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hlj832.d0wa.jpg"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES485.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCEE6756CA40A84DB792FAA492E7773E.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES484.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCD610A43B259C452BA0A4B8905E25B378.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES438.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC87F749F919204024A740D1486D48AE62.TMP"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1nueos7.svoz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1uf7gfo.r7xz.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES435.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5AF1006382294CBCA3835CE7291C5BF7.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES41A.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF346E41537E04C9680A3CE4D941A8A54.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES712.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF7359BD787C94F5493E323230341596.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES534.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF4916966466542CD8747FB696E9018E.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB76.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF895896643D842D0A95C3B548C962D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES52F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC799E2862DC8C4EAD889044FABD7E15C.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES533.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC2E1796C0DC294282B69187332E27D43.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6F3.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC7F929C0DB6634AFB9971A7328E85F564.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES532.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5EEAA7A9E0B540FC8349E0259AC89453.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES530.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC3B03164C46C94D63BE6E34D1319FCA1.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES536.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC19D070C6B74745B4A9A16A3BA41E4C52.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES535.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC23C3E144DD5643C9B6D9254BF2B4F49.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES531.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC2B2EFEB267804F8892E131168746376C.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCFC.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC97FA8B6D314ED19759BF43D4B5DEE6.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEFE.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCB7C6B3E319D44D1C9C2E36C5F8F887C4.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES439.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC3A40259858F40328FA991AAD66A361.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7DD.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC1BA0A6CBC1A448E9A569A41BD061F6E5.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES437.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC10AECCE285BF4F8E99C1312C2DF6B99.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES657.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC66FD3D6521D445EBBF517FBD9BD7EC6F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA4D.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCEF2D9CD93DB247CC939B995C4D60CEB8.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1249.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC64FC0E2CA18F4F12A445C6AFADEEC79C.TMP"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1uf7gfo.r7xz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1v27p9.zcmp1.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-hjw3ou.4mp4h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1v27p9.zcmp1.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-hjw3ou.4mp4h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jav8qm.gty9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jav8qm.gty9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-8bggcs.xp36.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-8bggcs.xp36.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-19b0buc.zbji.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-19b0buc.zbji.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-4xctwf.wdac5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-4xctwf.wdac5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1wjbzd.o0332.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1wjbzd.o0332.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1myrp1k.78nc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1myrp1k.78nc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-dnlzuv.vgl0c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-dnlzuv.vgl0c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5tfrhf.jdqdi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5tfrhf.jdqdi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ox3n5l.4cba.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-ox3n5l.4cba.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1dn1y4g.miete.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-pjlnxr.fmpyk.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-192g1p6.63ei.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1q3xtfo.agjqf.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ztiu4a.cdne.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1odsmq7.qk6e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-pjlnxr.fmpyk.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1dn1y4g.miete.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-ztiu4a.cdne.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1q3xtfo.agjqf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1apztnm.sj6s.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-n5pjye.37ck.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1odsmq7.qk6e.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-192g1p6.63ei.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1apztnm.sj6s.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-n5pjye.37ck.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-azz05.3pzm98.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-azz05.3pzm98.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-mwym0y.xr3k.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y5niov.odj5.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-g23ui8.d8hfp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-mwym0y.xr3k.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y5niov.odj5.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-g23ui8.d8hfp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-96gfrd.cm61h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-96gfrd.cm61h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-6mjjmn.5sgbw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-6mjjmn.5sgbw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-2m7fy8.7jo0b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-2m7fy8.7jo0b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-14o8g0p.73wh.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y8jsge.ppl2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-14o8g0p.73wh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-dvtlfg.h1rq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y8jsge.ppl2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qjcsil.kq8c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-dvtlfg.h1rq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1l0kpx9.6hhb.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1a3m3o5.fw6x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1a3m3o5.fw6x.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1l0kpx9.6hhb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1lm7lmy.z226.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qjcsil.kq8c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-13m8ssv.kipd.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-9m1m88.kvf1k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1lm7lmy.z226.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-13m8ssv.kipd.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-9m1m88.kvf1k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-3czz9d.vny73.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-no5gjc.xbce.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y6ede4.hj5t.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rmwuxm.yi4g.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-p8unr.e4z8sf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-3czz9d.vny73.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y6ede4.hj5t.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-no5gjc.xbce.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-kqru57.7wgb.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-pvk2ej.1zq1.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1q2o9sh.fvy9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-p8unr.e4z8sf.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rmwuxm.yi4g.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-kqru57.7wgb.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-pvk2ej.1zq1.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1q2o9sh.fvy9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1pjqe2n.ba4a.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-946gcm.dmg1p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1pjqe2n.ba4a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-epqm4x.09ep.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-n6mvt9.q0se.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jiebfi.6fqb.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1g64ths.6ydd.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1mg97bi.hxn8k.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ckk7t4.rixu.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-u42ko7.r56m.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1lqblt0.ot8eh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-946gcm.dmg1p.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-epqm4x.09ep.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jiebfi.6fqb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-smqke0.arco.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-18wpjce.ys59.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1kjmxi3.9g0ff.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-n6mvt9.q0se.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1g64ths.6ydd.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1mg97bi.hxn8k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1iuwaxs.azu4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-u42ko7.r56m.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-ckk7t4.rixu.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1lqblt0.ot8eh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-qne95p.vss3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-18wpjce.ys59.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-aisnyv.ww4fo.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jc45nl.lzkg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1kjmxi3.9g0ff.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1iuwaxs.azu4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rqd98v.e021.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-smqke0.arco.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-qne95p.vss3.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-aisnyv.ww4fo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1clk6xo.yk3r.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-2x2phd.4yhnb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rqd98v.e021.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jc45nl.lzkg.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1clk6xo.yk3r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vh5h2m.5gyhi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-2x2phd.4yhnb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-jucjul.fqfmd.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qnd223.y4qc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vh5h2m.5gyhi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-tq75wb.uw52g.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-n7yf1v.qlwzf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qnd223.y4qc.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-tq75wb.uw52g.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-jucjul.fqfmd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1gntsln.qsmf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-n7yf1v.qlwzf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ymatk2.zsv1k.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-a6zb2o.wboje.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1gntsln.qsmf.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ymatk2.zsv1k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-19e1tro.devk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-a6zb2o.wboje.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-atbk1w.n3mh8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-19e1tro.devk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ktuvmc.hk07.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-atbk1w.n3mh8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-i88jmg.7c6n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ktuvmc.hk07.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-i88jmg.7c6n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1li6ykl.9wcih.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-yg0hra.o7r9h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1li6ykl.9wcih.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5in51e.1sg67.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-yg0hra.o7r9h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ajriqc.ikpth.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-ajriqc.ikpth.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5in51e.1sg67.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1a2s8q0.xefa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1a2s8q0.xefa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-3v78d8.yv4in.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-3v78d8.yv4in.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xpaor.1jbcv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xpaor.1jbcv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jfcty2.ojc8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jfcty2.ojc8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-138av89.plt3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-138av89.plt3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-vnvgj6.h171.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-vnvgj6.h171.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1u7twdg.p13nk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1u7twdg.p13nk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-cif0pw.ckzjr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-cif0pw.ckzjr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ig7tow.48j4k.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-yyydyn.93ijj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ig7tow.48j4k.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-yyydyn.93ijj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-qnv1dh.dhl5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-qnv1dh.dhl5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-i6k1xc.6743.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-kvfro6.agyi8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-kvfro6.agyi8.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-i6k1xc.6743.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1k4p0n6.vtt7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1k4p0n6.vtt7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-c9e257.jv3iw.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-xmyzb3.k8sm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-c9e257.jv3iw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qreve7.g9qa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-xmyzb3.k8sm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1kfhrj5.tjt4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qreve7.g9qa.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1kfhrj5.tjt4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-r8orc.te6is.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-6tvq8z.jzkq8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-r8orc.te6is.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-16yn85e.vvx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-6tvq8z.jzkq8.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-16yn85e.vvx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-jipocp.5c81.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-jipocp.5c81.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vdc9jx.igy4.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-uxf8w.4gueb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vdc9jx.igy4.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-uxf8w.4gueb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1akv25p.f8jp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1akv25p.f8jp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rma8p0.dz1r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rma8p0.dz1r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-jx1wjv.r2f9.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1toqkyl.hdqr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-jx1wjv.r2f9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-o0hofw.zsfx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1toqkyl.hdqr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-9f5kc8.ilvv7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-o0hofw.zsfx.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-9f5kc8.ilvv7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1yjccgj.k3ee.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-wyxdn7.8ukg.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1gm0x9n.xe47.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1yjccgj.k3ee.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-wyxdn7.8ukg.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1gm0x9n.xe47.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5zctku.idn9k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5zctku.idn9k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vuwvqy.14h4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vuwvqy.14h4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vfucyt.4re9.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-12fvqjf.5sg7.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-omcocj.g7r4i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vfucyt.4re9.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-12fvqjf.5sg7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-x0lsui.kpkq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-omcocj.g7r4i.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-x0lsui.kpkq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-r5t96.yhfp1j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-r5t96.yhfp1j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hf3nmy.i4fyi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hf3nmy.i4fyi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1r8yiis.ls85j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1r8yiis.ls85j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-84p56l.fwq6s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-84p56l.fwq6s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-6knr10.go3qs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-6knr10.go3qs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1d1dm25.hl2s.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1wje4rl.2kep.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1d1dm25.hl2s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1u039lh.oxbs.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-12vfpri.zfw3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1u039lh.oxbs.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1wje4rl.2kep.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-12vfpri.zfw3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-161pq7h.vmmzl.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1thd69c.4m2b.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-195c7ub.hfiv.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1sxbqdr.kacy.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-qbqtw.tuo63.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5a6sj5.ome4h.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1f1hbv1.pymg.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-13jbq6u.09a7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-195c7ub.hfiv.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-161pq7h.vmmzl.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5a6sj5.ome4h.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-qbqtw.tuo63.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1thd69c.4m2b.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1sxbqdr.kacy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-12hjtk7.h3tul.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-13jbq6u.09a7.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1f1hbv1.pymg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-j8q4qs.4yj2k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-12hjtk7.h3tul.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1sjc1n3.xha5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-j8q4qs.4yj2k.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1sjc1n3.xha5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vo0uyl.9hnz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vo0uyl.9hnz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-14ng5jo.yip8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-14ng5jo.yip8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1bdaz6g.pml5.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xgf2px.tnfz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1bdaz6g.pml5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-kx9bnc.0u5ja.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xgf2px.tnfz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-omnu1g.zxfbg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-kx9bnc.0u5ja.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5s3wnj.xwdv3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-omnu1g.zxfbg.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5s3wnj.xwdv3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-og8015.44sea.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1766202373200984314-1281255737-783682891199741456720273591819738198471566194504"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-6xwzho.mdaiq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-og8015.44sea.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-15izs8a.dt4zh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-6xwzho.mdaiq.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-15izs8a.dt4zh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-wvyoz9.bsh8h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-wvyoz9.bsh8h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-pc3dyp.rwja.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-pc3dyp.rwja.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-pzxvxd.yq55s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-pzxvxd.yq55s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-bs895m.17uhp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-bs895m.17uhp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-15wkibm.lrre.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-15wkibm.lrre.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1doc07x.xi9h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1doc07x.xi9h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-mwh626.1klmq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-mwh626.1klmq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ss8op9.hmu3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-ss8op9.hmu3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-iqbwfi.f256.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-iqbwfi.f256.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1uf0djr.ragk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1uf0djr.ragk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1fgrl7w.95z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1fgrl7w.95z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xtaa8s.hkby.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xtaa8s.hkby.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1n5sg1c.oy2y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1n5sg1c.oy2y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ctcirn.ktby.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ctcirn.ktby.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1247qi0.fdyw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1247qi0.fdyw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-txq657.tx0eb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-txq657.tx0eb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vtr0ha.xoe2l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vtr0ha.xoe2l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1l4v7ol.z1qs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1l4v7ol.z1qs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-dblbtg.7oshe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-dblbtg.7oshe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-27uuph.6ggv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-27uuph.6ggv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-12ebkak.8mrk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-12ebkak.8mrk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1cilljb.jy8w.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1cilljb.jy8w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-jju0g6.m2pqg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-jju0g6.m2pqg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-63qrqz.n9c6d.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-63qrqz.n9c6d.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-gc6pxv.u3p4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-gc6pxv.u3p4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1dkyuyk.dd2u.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1dkyuyk.dd2u.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-165ji9s.h4qx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-165ji9s.h4qx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-6sg77f.axagh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-6sg77f.axagh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1grm3xg.g3t7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1grm3xg.g3t7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-cpo4d4.16h8i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-cpo4d4.16h8i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-q4suxo.ngalc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-q4suxo.ngalc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1edxz7x.t3w7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1edxz7x.t3w7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-14cxdkm.in51.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-14cxdkm.in51.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ou0lc0.n3jq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ou0lc0.n3jq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5fdqk4.j5h3u.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5fdqk4.j5h3u.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1iynf32.apf9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1iynf32.apf9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-gqnnbo.llgwg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-gqnnbo.llgwg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-e3go7m.3ya4s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-e3go7m.3ya4s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-f9tm54.sncgd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-f9tm54.sncgd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-11592zl.ymec.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-11592zl.ymec.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1k8tnn5.q936.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1k8tnn5.q936.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-116e2s6.c3vfj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-116e2s6.c3vfj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-sjkytw.5s2bc.jpg" "

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp

Files

\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\chrome_100_percent.pak

MD5 0fd0a948532d8c353c7227ae69ed7800
SHA1 c6679bfb70a212b6bc570cbdf3685946f8f9464c
SHA256 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf
SHA512 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\chrome_200_percent.pak

MD5 1014a2ee8ee705c5a1a56cda9a8e72ee
SHA1 5492561fb293955f30e95a5f3413a14bca512c30
SHA256 ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57
SHA512 ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\ffmpeg.dll

MD5 7dc7b2fb25544a613deaa08b05805d75
SHA1 2cb49bd3427534dbfe00c8929317346c2232a024
SHA256 11c431e680b512e215ea11b64489c865c29aef4c116afae99941712015260d07
SHA512 21c7bcf25a97012c23a58fbe896c5396e889cefd3370735d0d26d0e71eb7bde4b794ccfc56c75bbcf423e1380e3dc5943ac966ae96a57b98860bbbadc8b72996

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\icudtl.dat

MD5 224ba45e00bbbb237b34f0facbb550bf
SHA1 1b0f81da88149d9c610a8edf55f8f12a87ca67de
SHA256 8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc
SHA512 c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\libEGL.dll

MD5 221921bf5e21a84382fe89d21b744356
SHA1 1b72a53fd663e73c3950d8b1c6140db3cdb6f78a
SHA256 175cd7579b98522229ff530789f351c5e052bc28691e75da2b696bea926100a4
SHA512 05d8b1b6c87a95be3c2f42268cc1dcb44db3595d86d45be31211486ee9355f05846d5d4964cd426de6772636348a0a1dd33716a2b2731ca02c451f3bf72fdbfd

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\libGLESv2.dll

MD5 368a951df457bbe926e384e452e2c42b
SHA1 3e8f89c4ccbc406824502f6cc0966e74ca8808a2
SHA256 47514cc1d5e169ac196113e795040d5d4f32bc382a1b05b0c9e429c428c7c3df
SHA512 799bf188e4128ed0e7291183a0070b71601dcc65a393f40f3e25d7c72f637cc820bd06affa1d109e056ef9c2cf20ab218af13da194dd1d183983bf9878df79fd

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\LICENSES.chromium.html

MD5 27206d29e7a2d80ee16f7f02ee89fb0f
SHA1 3cf857751158907166f87ed03f74b40621e883ef
SHA256 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab
SHA512 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\Node-js.exe

MD5 06295a324f405a3c7082f1fbadc35f1e
SHA1 513108b3aeb2ad8491c6dd1ad74d4711bc85b2f8
SHA256 80770adbb4d1c5d6736eb80e2aa0246965a76ea99517f0e1a77c16d0f0fc4957
SHA512 41205e55908be61c0bd81fe904710b88dfb1e37d06b1c48d5b66b16f4c52ce2101991f158da3fa228e9b5511cc30563fdf6329c75a4c49554ce294c5ca0d48c7

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\snapshot_blob.bin

MD5 dbe18c25f68d40444ea576a68e78a12e
SHA1 44453e3fa8400cbe6bb674adaaad4ea09dab0e14
SHA256 c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c
SHA512 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources.pak

MD5 f616d69f6e582582930d06c5c18f0f70
SHA1 fde8e2653f2a5317492105bcabeb3565faaf74de
SHA256 bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855
SHA512 492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\v8_context_snapshot.bin

MD5 89f5b9dc2c1eccfce7c3681b8066125f
SHA1 273175d93ae554da7f63a6475426a6515d0c8cd1
SHA256 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91
SHA512 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\vk_swiftshader.dll

MD5 679bbc7de5f8fccc8f68d1fc5d5d3156
SHA1 5dbe2043d1108f273c7f84d31183c01cb3e12624
SHA256 5ab2d9f61fc256b398b80a6223aa187041525b0891c36a9fe64bdc6e37c0bc55
SHA512 12b8d60d5debfc5c7281eb2a3b296d13c8a0254286f81321640dbc526ab00435a719691e755df5706b00a79d06f825b19968ba699ac72031a69dfabbdc95ff63

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\vulkan-1.dll

MD5 16cd9deb27a902f758d72f5fe3bfa94a
SHA1 b5209cf5493b1c7f93ee4cafea5586ae7ca3aa93
SHA256 a2c6fc4251700f4e5129d5363df8c69a43dff6d46dad61d76b9e75209eeab11a
SHA512 82a31cb2a93bd1fe317ef7a7d15b61ad02dfd636629f1e156e6b0ae81218218a1184d83512f0b549b1baae32c7845b7265b5b69094bb12c90cd2bb61a1a34570

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\am.pak

MD5 985be89267e0d559bffd4b66380e5e53
SHA1 fa33e9bbfff5a89dcc26f52634561e27c1cf0e05
SHA256 bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b
SHA512 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ar.pak

MD5 5209516dee9d9ce64854b70da199108c
SHA1 5797e37da5909e47e03d323abf884b573adf0840
SHA256 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246
SHA512 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\bg.pak

MD5 7005e72419774fc1d78ba0718fca1b47
SHA1 bedcb1e0897a1a47a878bb820735d8e373a4b4f1
SHA256 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d
SHA512 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ca.pak

MD5 5c5c2e574c8d51a61d9e58547d89b0df
SHA1 268d6a348c22616432191ae55bb8c34e039feac7
SHA256 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73
SHA512 e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\bn.pak

MD5 5670d1c74a07e5e9bb3853307ea2cfd7
SHA1 7cd7568d2bd4c64b8685bf17e3289afe923468b2
SHA256 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a
SHA512 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\da.pak

MD5 42628b87e74b0a3a7cbce510f2ef674f
SHA1 c9fc502eac895690f4bd0bd3cd47b72819bfc342
SHA256 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5
SHA512 ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\cs.pak

MD5 6310a8e1c7e8ca3a1611d78b4d67845b
SHA1 fa8cff4ec0b1cf3aca65e6745d9f31154dc48115
SHA256 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e
SHA512 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\de.pak

MD5 b48f5b846d1b32f8426255e8a03b4d20
SHA1 77272097e67ba495d73e3d82e3100237a1664fcc
SHA256 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745
SHA512 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\el.pak

MD5 9d654962e91275c7538dabdb450a2f03
SHA1 3121a84f1035d7b44e4597ebe4857137b7172da6
SHA256 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27
SHA512 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\en-GB.pak

MD5 dabd9d0434e128d6ae3feec3b2c2801e
SHA1 d7a25ac86c15f5d4a3b3d4b713a5302c5b385498
SHA256 dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835
SHA512 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\en-US.pak

MD5 214e2b52108bbde227209a00664d30a5
SHA1 e2ac97090a3935c8aa7aa466e87b67216284b150
SHA256 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab
SHA512 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\es-419.pak

MD5 7b45d7be08eed5dfee3d12f0b7e6111d
SHA1 e14d2e0861d42bc31ea778237f77fd71c5dd32c8
SHA256 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c
SHA512 dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\es.pak

MD5 2c8b6b9b30b62618c65237943c030e6a
SHA1 887717930c8d070f0ba965c8a215478653d3845f
SHA256 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4
SHA512 b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\et.pak

MD5 7c8be63adae41cfa46a1a614de18e842
SHA1 eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4
SHA256 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be
SHA512 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\fa.pak

MD5 00bc7a02631c7de396537ee08deeec7c
SHA1 063c897b59cd70955cee3ca27d8743a0989f0a86
SHA256 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec
SHA512 cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\fi.pak

MD5 4215d02d92e1be2e182197a0bb87ef29
SHA1 005cc2d1ed5039fc34fc14270344ebc938760554
SHA256 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb
SHA512 b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\fil.pak

MD5 919d0bae6d964906176cec8530c019ba
SHA1 ab41e78a91314608ffa0cec927b4e001b3833e4a
SHA256 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa
SHA512 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\fr.pak

MD5 9442fbfc2b150479f4836706313e42c2
SHA1 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f
SHA256 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87
SHA512 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\gu.pak

MD5 2e015f0ad58e22b8eaf60e4d727aa3a0
SHA1 dba0b894f32ad6507ea6a41917c0631f06f2c03e
SHA256 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c
SHA512 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\he.pak

MD5 70de839caf5f0caeccc5a2b7dd438583
SHA1 aa4b932b2313bca859568d62e8c12f9249d7bb81
SHA256 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479
SHA512 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\hr.pak

MD5 7bee03725ba9ace3cb2aaf64cf0c26a2
SHA1 076f0ce744bad1cf242325d5b2378b501e069d38
SHA256 e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941
SHA512 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\hi.pak

MD5 361f04e0a4176ac478b7b7674779388c
SHA1 68b4e7a9a31e0f9450c856d073b8d03613ae9816
SHA256 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c
SHA512 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\hu.pak

MD5 14d81146ec6e0ddf4b14fa7b2df372c3
SHA1 9c77f0f0c959f2cb21e283b352176596a77992fd
SHA256 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568
SHA512 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\id.pak

MD5 d0517c1bf9a89e06ed2b510b9408e578
SHA1 71494250010ed09b55f3879488d4566808a8398b
SHA256 19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3
SHA512 20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\it.pak

MD5 812115ccf85cb84b2ea167a16e16587b
SHA1 317e50a1c4c7d8c46554822b43a81a0d8237dfd6
SHA256 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37
SHA512 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\kn.pak

MD5 acab21f3fafc58f1f42016f33d032158
SHA1 682f11e3c282724093179c85a7df7d0992495cd4
SHA256 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f
SHA512 d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ja.pak

MD5 f8dcd5f1433d83464b44265449de812c
SHA1 47763205f105e19cadafdeb1cdec6f45001f2c58
SHA256 f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b
SHA512 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ko.pak

MD5 95239fdef6e852df2d2e9d52dd99b622
SHA1 360be5e62ac4573ee1a6bfa7effbe245c039862d
SHA256 f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae
SHA512 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\lt.pak

MD5 6e6993270327064cad2ff0784f20585a
SHA1 924a2ce4fffee99f29cbee875cd5abab2e814888
SHA256 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434
SHA512 f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\lv.pak

MD5 e21a8a96d9f17e1f9e3ede2cb66eea9b
SHA1 e3f456b5d238ce2095e7a51a4250fe26c361bfdc
SHA256 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090
SHA512 f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ml.pak

MD5 7dabd95b96d90662432026c0a9ae1c22
SHA1 49eb49428d642bd906aed9b0b69870a843326efd
SHA256 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5
SHA512 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\mr.pak

MD5 abcc39abc488cdbf73e44f53d74b15af
SHA1 982f12328342eddbacfbe45be577d839568c96e0
SHA256 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54
SHA512 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ms.pak

MD5 53e8b7262db4c5b04ba5b39c07eddb32
SHA1 9cb8946966547630cee42de04eb8604e6bb5af86
SHA256 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a
SHA512 c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\nb.pak

MD5 bc1983b1c86badb361fe07031a93fa48
SHA1 5bd14d7d7a335dd6457377fc0eaed07a56c369e6
SHA256 229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d
SHA512 fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\nl.pak

MD5 f1210067dc72e8c82444b2ad9a3f7897
SHA1 3cf8c6fcb93a5f79fe6190aa0551d673887125da
SHA256 d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9
SHA512 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\pl.pak

MD5 31200d5726b3d1cfbe9ac3bc7138a389
SHA1 e82f0300046e7cc9ffa13223c11cbb94d62c0dc6
SHA256 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3
SHA512 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\pt-BR.pak

MD5 7f150a17a11d43e395f571dd23951d88
SHA1 f8b8d6f89f63d92f04156f2b44b36b6045fd3723
SHA256 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9
SHA512 de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\pt-PT.pak

MD5 553594ab0e163c6375ebe75524095dec
SHA1 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5
SHA256 bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df
SHA512 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ro.pak

MD5 06a36fa95702b38e749568037634828e
SHA1 9c584a9b7a0446fbc44bf5fecab71ab1312a592f
SHA256 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b
SHA512 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ru.pak

MD5 12836eeb93367830b3b88b404449a3e7
SHA1 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c
SHA256 f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf
SHA512 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\sk.pak

MD5 9ce4e3abe9d948f6a89759d0ab188dba
SHA1 447e5c8803d0284c69ffb990ac0060adf93f4d25
SHA256 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2
SHA512 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\sl.pak

MD5 7a75fa0fd3ddd471cdf9b15d3b3860ca
SHA1 f07e3e136768501e69e76529011003bd45fcc0a4
SHA256 d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959
SHA512 e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\sr.pak

MD5 b2555a29076995ccf01580f0f1b2f766
SHA1 284ed665f078620afdd6c7d074a6f9e26dbef1dd
SHA256 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0
SHA512 a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\sv.pak

MD5 03154d7a3c69ec91714c799b86267a1d
SHA1 8671e9672002c58581488416f2320005140adedf
SHA256 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b
SHA512 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\sw.pak

MD5 0dad65bd01e92ec4001c8377a3f6900a
SHA1 91353a816b6b1d0aa5bf5342b8f2bd430da57286
SHA256 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892
SHA512 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ta.pak

MD5 7503d3994d48911a38370095f5c83ec8
SHA1 a98917d5de0cc237d226ad64792fc9840bec0a0a
SHA256 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33
SHA512 d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\te.pak

MD5 b5e9289d02b4963d292bbb4210e9ab5d
SHA1 48382ab36b77cbec280833f587450270b5080a85
SHA256 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9
SHA512 eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\th.pak

MD5 687a80e1cb637003c3e5f05d3f4b89b4
SHA1 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6
SHA256 daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654
SHA512 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\tr.pak

MD5 a38eea92c514716b8ab019ab792bf541
SHA1 cae203c3ed63807d4f2d89333540556b5e92e161
SHA256 54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd
SHA512 835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\uk.pak

MD5 6f2f1b073ccef426c7eb49362123f2d0
SHA1 048921ad0cba17256e9838257d9f47969cdf6172
SHA256 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f
SHA512 cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\vi.pak

MD5 a01c81f3bd56d52c205ce6742dfe52c7
SHA1 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25
SHA256 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f
SHA512 e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\zh-CN.pak

MD5 376ef5a6f076a9757f58d7b10526eb73
SHA1 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e
SHA256 f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6
SHA512 e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\zh-TW.pak

MD5 3d230011248333ed6cee72f667c8df45
SHA1 4114f307a31516bb6309fa9fc2572722b8d93d24
SHA256 b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1
SHA512 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources\app.asar

MD5 f6c6ad773f93816165c624116e9d3419
SHA1 c360da20299d5c3cc048b7779e7649ac4aa5326f
SHA256 a6424c4b281f19eb973d47083ad641ef45b534daea729215c8dbf5f89faa8d89
SHA512 01667b291a6bc1dd735efaf03ab0b0a6b0f00a698e15be905a0101620e8cdaf77d5afbf69b5c11baf5ba4d39b476ec5417ed35b815284f0fa8f198b890fb5b89

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

MD5 d226502c9bf2ae0a7f029bd7930be88e
SHA1 6be773fb30c7693b338f7c911b253e4f430c2f9b
SHA256 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f
SHA512 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\swiftshader\libEGL.dll

MD5 e7dd19ed46c7a21d0101d1a5cc0fe39b
SHA1 89a51cd7d4c7a6f3dca571b24bce726568292ea1
SHA256 d8d1b787de2e2dae70ebb21dadf734dd11ceac03f9a873c911f4b2e2477b745c
SHA512 921f276efa055eb4136572e889e7741bd3fd776065f70495d6ede7d1cdf0cc933c67f9eec82bd5a5d30f77ec8bfce83f46d00e65ba1488ff95ee38004567105c

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 f6fc51755690e7ae2380d7606c0303bf
SHA1 aa98430be7f0591b054b52db556d032c5e8dae3b
SHA256 7747ba44a1caa758106d3a2a67438933cca7e7ede2d564c2fa7be2b11b206506
SHA512 7974b4f1c64d512d0769e8d991b30a28697d561dd0e20927835059459a6f14d3ee5b04a7454e744481f10b1281a5b6b3091adb3212b59527528a35e05c57fa78

C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\b68192e1-03d9-4104-aab7-85b22fd2bc3e.tmp.node

MD5 8982448cb4f28b82876befe6e8af25d1
SHA1 4d3b2fb5b42fc27c1ac9363003abc16ada188581
SHA256 78734316565f73b735bc3acb4c8bc6b41fe886ca20ee81e620dbea1e23e1fb38
SHA512 3edef33d5cd40f3432aeae603e725f0aacd6e7e387cc6723eac8d3030c3c78e43539a5e6e63c75a4acfd24e9c9fc8913d204ba6523be01ca31cca9a181a49a4b

memory/2092-570-0x0000000000060000-0x0000000000061000-memory.dmp

memory/2092-604-0x0000000077720000-0x0000000077721000-memory.dmp

\Users\Admin\AppData\Local\Temp\56f5c6bd-6cbf-4d1b-90e0-3f988c8c64ec.tmp.node

MD5 30af610789f7032760077d9c1197d0f3
SHA1 b57027046f9c7b3d4cda0aef5c8baa334b6fc339
SHA256 64d0ead558c2ad1676574a0603111bf683286ea151daa2733c64739764de4722
SHA512 457dfb6de5b0ea065a8736447c3d63eb70161dffb1a4b5e2e0f9cdc579c5422cf305ffa48f90a847c5d98cf7888cb7022494c4e280ba7fe49c1e3035a81ca0a4

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Cookies\Google Chrome_6lxhv8bu.default-release.txt

MD5 34fc9231ffc47fbc0467da57069ab062
SHA1 150735ca67297ef0c51b6ab5637dbea011040eda
SHA256 668b13b9be41f23d5c901b3e439d2169f44a6fe9f1edc4fc74a32725cf89cf34
SHA512 b69babb5f295dc6a73a24e5632aedcc017a210fc4226620ba8b04fc77ff923f67b87919d0517256b4a10f0f04bc42e849ac122efc50d4286c8b436d754b81a3d

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

C:\Users\Admin\AppData\Local\Temp\screenCapture\CSCEE6756CA40A84DB792FAA492E7773E.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES416.tmp

MD5 0eea8060aba5a2e760d3047c7c7d7572
SHA1 eab5d5578dea828adddd39c6d5337bc47f440ff1
SHA256 63c221f177b4ed44d954273349d640e9e60e449805bbea42e56d9c2b0cb0f025
SHA512 5dcc8d6063482cff7107d0d3fa281ef432ce8b3c8b209429022962822a1eb94cc452d3510395485bbd861d29c6386ab106129988dcde8b43a70e1551e31c9eec

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 7d7c9699cc45499ecffc2b8660de35dc
SHA1 475cdb5568084165875fad487fd3d20608c6b101
SHA256 aaf1a5542830b8b00b8beb4b6cd8d3e9c06fcc329baaaa985bb7dd5420be552b
SHA512 04aaf3609a99ea26cd8abc687afd2f1bff7cab75469827337de3a32f4f22dbf43270209d47f4d1413c22ff7c54ce76bfaccd98ea13cf91ceafe0a134fa606c4f

C:\Users\Admin\AppData\Local\Temp\RES417.tmp

MD5 e51d91dd4cd2e4e43cfd5e0f2786b1d5
SHA1 26296d1068ecf374b60bc1b26764cbbf57a77a13
SHA256 f835af1bfa88577e9b1b60d9937cc91f81c33c77347050a558f9c3c13a3cbe99
SHA512 2050c4e94613c146a72558af8601895d957c1af1a8bb59060f2ef86c4e9f412c002d342da577d2cea937066ffb5ca06b62ec12b54781bf002d408c5d652b8773

C:\Users\Admin\AppData\Local\Temp\RES419.tmp

MD5 70341246c4d3c6b62bc297844cf20ac6
SHA1 4be19c046d62b377ddaf140ca8c79ee06ee48905
SHA256 640cc24d17b95f39bec5a9d3bd3fda8ecf9066f3cf6a9b1babb62c2facea91d1
SHA512 86338affef78cbbec5685133e1486e09cae82239dd507165e6f78f42f1fffb6ddd6079450595ae5e0f6c642c3d1dfbcdfff803199d1ef96d11c497cd0a1ed042

memory/2724-835-0x0000000000FD0000-0x0000000000FDA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\202438-2400-1jav8qm.gty9.jpg

MD5 da380d89f5a32d6a6410a8093adde6df
SHA1 44c25970ac92c2cde871a887d619b976f2ed0688
SHA256 b6846e6cfffeafc3de54ab6013bb8527a3fd852ae93f6690ee946c71e2c7a0bb
SHA512 4ac5bec08a36cebe799343e40298747a4e7052feeec0ab74ceb84e812c381fb6bc05b46434366553a6548e45a96c037bcff1e94c0d700850c4f790cf83af8009

memory/1804-913-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2624-914-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2948-915-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2524-917-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2988-918-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1500-927-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2724-920-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2356-926-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/3068-925-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2740-919-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2532-922-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2560-924-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2228-923-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2456-929-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2404-949-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2956-955-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2432-959-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2404-962-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2956-963-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1632-969-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1928-972-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2672-975-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2588-978-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2128-985-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1804-986-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2660-989-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/944-993-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1632-995-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1928-997-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1600-1005-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1308-1008-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2588-1011-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2672-1020-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2128-1022-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/944-1035-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1308-1046-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2576-1049-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1600-1052-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1940-1060-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2160-1065-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2484-1069-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/296-1080-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/680-1116-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1924-1122-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2044-1142-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2088-1145-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1480-1146-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2976-1149-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2336-1150-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1880-1151-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2324-1152-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1728-1169-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2652-1170-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/1384-1225-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2000-1228-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2092-1226-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2096-1232-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2672-1236-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/3364-1247-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2796-1268-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/3180-1282-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/2644-1285-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

memory/3244-1288-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20240221-en

Max time kernel

153s

Max time network

164s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"

Signatures

Epsilon Stealer

stealer epsilon

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsBootManager = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsBootManager.exe" C:\Windows\system32\reg.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1184 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2496 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2496 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2496 wrote to memory of 2604 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 1824 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1184 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1184 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 1824 wrote to memory of 2044 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1824 wrote to memory of 2044 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Users\Admin\AppData\Local\Temp\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=gpu-process --field-trial-handle=1068,3550203540164706208,1417463853522039480,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 /prefetch:2

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Users\Admin\AppData\Local\Temp\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=gpu-process --field-trial-handle=1068,3550203540164706208,1417463853522039480,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Users\Admin\AppData\Local\Temp\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1068,3550203540164706208,1417463853522039480,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --mojo-platform-channel-handle=1552 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-py86ls.60cvg.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-86j721.26r8q.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mb5nhi.q17fj.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-b1bkya.85tpi.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nv2urs.r81fr.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-l6v6v0.711sa.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8640.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5E211B12189341A0B557367A1E654F2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES865F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC871F6EDB20CC4F219AEA6E4A9EEABE.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES86AD.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCED626FAAEC4349CE8D48CC1198A6820.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES86AE.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC7BD249F546549E58BD6DB4FF03ACBDF.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES86AF.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCB32967F6E35C4C9D8134DBF7CFC9734F.TMP"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-b1bkya.85tpi.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-86j721.26r8q.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-l6v6v0.711sa.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-py86ls.60cvg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-kz6izo.j806q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-kz6izo.j806q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-qfhdpu.18ft.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-qfhdpu.18ft.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1kskgc1.u402.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1kskgc1.u402.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-8xmvs8.ili2n.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1v2t9ob.inin.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1v2t9ob.inin.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-8xmvs8.ili2n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lydjwj.cvoe.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-kvy2mt.p1gc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lydjwj.cvoe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1wc2huk.mp41.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bbor3k.05hc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-kvy2mt.p1gc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-vvql3x.91dnm.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-gafv7q.q937v.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ee4xrw.lmdak.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bbor3k.05hc.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-vvql3x.91dnm.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1wc2huk.mp41.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-gafv7q.q937v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sz4o97.1uyy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ee4xrw.lmdak.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-13qeaoy.06gpg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sz4o97.1uyy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nmo9k1.fje3a.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1390660288701929901-11120293981074595357305790223-776837148895447545-820031191"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-13qeaoy.06gpg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-yswbpr.wpq4q.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-131buq2.xdbuf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-nmo9k1.fje3a.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mfapfr.lz70i.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hilg3n.0eiet.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-131buq2.xdbuf.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-yswbpr.wpq4q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-e7nf7i.2l3k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mfapfr.lz70i.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hilg3n.0eiet.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-x3uad3.ks1m9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-e7nf7i.2l3k.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-x3uad3.ks1m9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sm0ymy.eyxe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sm0ymy.eyxe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-jp4k37.w7b2l.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1vy7cty.jtmm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-jp4k37.w7b2l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mdkhe.zil2k.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ke5w1l.0m0a.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1d6q8sg.9wzr.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-l7pjl9.3zoq.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-148746198818507658891898604110181438266712215694231496782642892673052-1003217195"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ke5w1l.0m0a.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-l7pjl9.3zoq.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1d6q8sg.9wzr.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1vy7cty.jtmm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-e6il5p.c6r8k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mdkhe.zil2k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-elq0t.6wemaw.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-50loox.y14l7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-e6il5p.c6r8k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-19us4fh.9duvg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-50loox.y14l7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-sq0cyq.nk37.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-elq0t.6wemaw.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-19us4fh.9duvg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1r0gbwk.qm5kk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-sq0cyq.nk37.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1r0gbwk.qm5kk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-zfi6t3.cnbn.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1d63gik.8egwj.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1915970101-926863811-912031410413356617-1211453020-31825253860025108121061283"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1d63gik.8egwj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cbeh8m.t7upj.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2287985647411462771576588833248765081-678710452870895755123305918-540496857"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-zfi6t3.cnbn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-53xzj3.gyl8j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cbeh8m.t7upj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1co6sdf.rv4i.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cmxpnp.kv0ml.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1138645684-11746978009661092961081448571-2015875496-12288875841941277986414171339"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-53xzj3.gyl8j.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1co6sdf.rv4i.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cmxpnp.kv0ml.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-thfwt1.s0uvh.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-835899565-164628960220768153991456804346-820918856-1041741829-9682774571271552959"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-7z2vn8.evo3t.jpg" "

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-thfwt1.s0uvh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-btooft.s3yyf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-btooft.s3yyf.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-7z2vn8.evo3t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-3rrpfc.fq57k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-3rrpfc.fq57k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ot2cc9.cq3r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ot2cc9.cq3r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-10q68iu.uqej.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nxgiz6.28in.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-10q68iu.uqej.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nxgiz6.28in.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-13qvpoa.8svl.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1y5dljd.4kil.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-13qvpoa.8svl.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1y5dljd.4kil.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-u5yd6n.pi66.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nj3d2d.n3ft.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-u5yd6n.pi66.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-nj3d2d.n3ft.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1g37ex7.qmkk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1g37ex7.qmkk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cux08z.coekr.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ty9mgt.51q6g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cux08z.coekr.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ty9mgt.51q6g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-sncd3a.u1o6q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-sncd3a.u1o6q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-103v5zy.4qtc.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1342689862-892618792789651934-87194425194823854915907408151170289222-1501014583"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-103v5zy.4qtc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-4zcoh6.6gpze.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "272767144-9919328621086838078-620614762-11571115759254417-9003082991247864701"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-4zcoh6.6gpze.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-10ko201.1qxm.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-821216625-127421257510740361672058508003-1223577960-1833849867404516550-159376406"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-10ko201.1qxm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-pe4fis.b89j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-pe4fis.b89j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-d9yk8g.313ga.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "15903933318147790701397869580-1396237230-581025646-4079790851817766641-266517051"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-d9yk8g.313ga.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1veifwu.fcf2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1veifwu.fcf2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-qlpb0m.o4ci.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "19001946901320869306-22017333619494108291062236521-1932315489-15514909461017032846"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-qlpb0m.o4ci.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1oz9cku.kxxn.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "96220166020935856441950580243-497532681-21224376331955177114194236365-1574425745"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1oz9cku.kxxn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rh4h4y.rzmx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rh4h4y.rzmx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-7fj4gc.laepw.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1094909754-11216129611699515501864267994-1910768820-973400534-19736536521296258419"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-7fj4gc.laepw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-15ur9w2.nzg3.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-88299912612088293081486043863-302921605-1964358713-20115163241698717329-1857286793"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-15ur9w2.nzg3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1c9dikk.zsu7.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-722485005-1802656232-1575017864712180026-1846131317508984664-221480749965573906"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1c9dikk.zsu7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1a1d6wu.pue9l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1a1d6wu.pue9l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mw3um1.iyzy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mw3um1.iyzy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-18uu6ch.1wq9.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-3294971941241939696302025681-1901118427506161051462337151628584151666659738"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-18uu6ch.1wq9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cdsfqw.2zh6.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-790608816-18721156504654741341269223065-945171304484221474-1920255775-1671006200"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cdsfqw.2zh6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-fm9x80.01kib.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1073475545-423539806121205795214718005961324272297-125473912-444408593-1435910746"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-fm9x80.01kib.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1pgw2hk.9vez.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1pgw2hk.9vez.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-q8q2yf.ojrxg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-q8q2yf.ojrxg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-fjfpfb.7y8ae.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-fjfpfb.7y8ae.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ep4ext.9ly2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ep4ext.9ly2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1t10ix6.uasc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1t10ix6.uasc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-10hz4qn.rgy9.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1436379277-6833393581802314671050966155-18212480631833022043-234768866-2083577235"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-10hz4qn.rgy9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ue5yby.8pwh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ue5yby.8pwh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-5gd4an.tvmio.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-5gd4an.tvmio.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-fqh85l.omhq8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-fqh85l.omhq8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ahnqce.mkvt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ahnqce.mkvt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-8515oh.d60ra.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-8515oh.d60ra.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1brxvl6.bh7e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1brxvl6.bh7e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-edodty.f6aw5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-edodty.f6aw5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-19oriwn.kyaq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-19oriwn.kyaq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mwstjb.c8j5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mwstjb.c8j5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-16uusvj.64sx.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-395112252-553869214-19239881943409372718151863971247180479-1977324615-1173495686"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-16uusvj.64sx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1652fje.buj3h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1652fje.buj3h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-troxxq.qrogn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-troxxq.qrogn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cvlkti.iyoqp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cvlkti.iyoqp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-6pptx7.4snes.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-6pptx7.4snes.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1jghz38.gpye.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1920554351268590743-156386384-246256415-16756909591980151720-2248233381150478974"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1jghz38.gpye.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-150g80p.899mj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-150g80p.899mj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-6ne748.owdbv.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1f5lhf.b8n6oh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-6ne748.owdbv.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1f5lhf.b8n6oh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1u8qynt.og4i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1u8qynt.og4i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-larccv.rsesq.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1634319692-1947296818-620784034-1256473535-655247559-1168279871499330279-912954788"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-larccv.rsesq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rpyopc.pcmx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rpyopc.pcmx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-11vdxz7.7gl9f.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-220254894-962159915508562145-1887347571-1718106185-1046197813346179661007999333"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-11vdxz7.7gl9f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-2ej3yj.vltst.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-2ej3yj.vltst.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hh5471.ccm3i.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "192603024915017650491795304210-17244283311008553423100447155-1042555320287370149"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hh5471.ccm3i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-g5an15.s8pok.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-g5an15.s8pok.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-66dicm.47uar.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-66dicm.47uar.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-7b8qr1.bdiw8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-7b8qr1.bdiw8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1tfb8pc.o22bk.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-125822822715529728905690384526039689261093722630215622569-1656198465-1269131388"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1tfb8pc.o22bk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1o88bwy.25pu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1o88bwy.25pu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fjoizb.7g2g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fjoizb.7g2g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1577sa2.c82t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1577sa2.c82t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-jq82h.j116xk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-jq82h.j116xk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sh6hvg.slna.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sh6hvg.slna.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-11azzkw.u4wd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-11azzkw.u4wd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-gi8u5n.v9fx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-gi8u5n.v9fx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1atqwk.hfyvj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1atqwk.hfyvj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-lzr1eq.424tm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-lzr1eq.424tm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h1y0h6.jrf7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h1y0h6.jrf7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1tlz3nd.08cm.jpg" "

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-185996109086214571516854240121799221389-1093383855993032542-17066936751807441971"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1tlz3nd.08cm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cz3h8c.00z5f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cz3h8c.00z5f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-i6dpmv.fc8af.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-i6dpmv.fc8af.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1t4jbik.xpv2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1t4jbik.xpv2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bkisqp.jwbw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bkisqp.jwbw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-18a34xp.ngqs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-18a34xp.ngqs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-i0zs2x.8d3lq.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-z5qpms.ou5gm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-i0zs2x.8d3lq.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-z5qpms.ou5gm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-6e1sur.kn3y8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-6e1sur.kn3y8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ksrdqf.jl66s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ksrdqf.jl66s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nadssx.qxmg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nadssx.qxmg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1e2kifr.cuak.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1e2kifr.cuak.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-18lae83.uxcrf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-18lae83.uxcrf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fziwrk.85nkg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fziwrk.85nkg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-jf8wcc.t9s2r.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-jf8wcc.t9s2r.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-14uv6jh.86pnl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-14uv6jh.86pnl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1m47761.evms.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1m47761.evms.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-13c4k9s.vy8b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-13c4k9s.vy8b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-6ylll8.b6fzh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-6ylll8.b6fzh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-u835rl.h9rc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-u835rl.h9rc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hgmpw7.6qymc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hgmpw7.6qymc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-114xxgw.p2ry.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-114xxgw.p2ry.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-2moxut.lxnz3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-2moxut.lxnz3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-a8nvip.kzyqm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-a8nvip.kzyqm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-g24x0p.wiw7j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-g24x0p.wiw7j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-7oi2oe.azl3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-7oi2oe.azl3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-13p9owr.pb0y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-13p9owr.pb0y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-t2e0vt.y5nz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-t2e0vt.y5nz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ttk3dm.cp508.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ttk3dm.cp508.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1yjx1q4.z1s6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1yjx1q4.z1s6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-15sry88.6yol.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-15sry88.6yol.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-15r9dz2.7yli.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-15r9dz2.7yli.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ltgplp.y8ltq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ltgplp.y8ltq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-4dfe0f.8mcc1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-4dfe0f.8mcc1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-vvn9ew.1dwp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-vvn9ew.1dwp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-tyeg1y.mee1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-tyeg1y.mee1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lwivdl.123s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lwivdl.123s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hncyyy.qerek.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hncyyy.qerek.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ev2aba.gkaat.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ev2aba.gkaat.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-11ycx6u.i83g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-11ycx6u.i83g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1gm9vk2.zrpb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1gm9vk2.zrpb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1od2mze.rudv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1od2mze.rudv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-a0dzsx.h84va.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-a0dzsx.h84va.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1j6fipj.k26z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1j6fipj.k26z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nni3c9.emq8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nni3c9.emq8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-dyr32d.wv7wr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-dyr32d.wv7wr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-k5f3a1.exp6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-k5f3a1.exp6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cui8wm.k87h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cui8wm.k87h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-wn1m3f.dkwx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-wn1m3f.dkwx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1gtbt2w.xhj9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1gtbt2w.xhj9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qeczfb.6tv3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qeczfb.6tv3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-71jxqo.p4c8b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-71jxqo.p4c8b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-twht0l.jahb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-twht0l.jahb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-r4h547.sfd7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-r4h547.sfd7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-12ndgcj.ldmel.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-12ndgcj.ldmel.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nog1hc.qhje.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-nog1hc.qhje.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-j09fli.83qln.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-j09fli.83qln.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1if5dbg.wx55.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1if5dbg.wx55.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-8a8ke3.yb03n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-8a8ke3.yb03n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1u5tto0.2zhz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1u5tto0.2zhz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-10bi6zn.lv2o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-10bi6zn.lv2o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-8jd0it.ndvlt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-8jd0it.ndvlt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sqcv6z.ui4jk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sqcv6z.ui4jk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ijljl7.q0i9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ijljl7.q0i9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-bhjv2e.zz0w6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-bhjv2e.zz0w6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nw8g3d.v719.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nw8g3d.v719.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qdbepp.w6vt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qdbepp.w6vt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-fdfoch.wchol.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-fdfoch.wchol.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-g1sijh.xdpwl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-g1sijh.xdpwl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-iaepwf.o2hbd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-iaepwf.o2hbd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-red1di.3q4va.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-red1di.3q4va.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-2ws7rn.bbky6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-2ws7rn.bbky6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-3pkh58.86ae6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-3pkh58.86ae6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ctmrf6.nr3nj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ctmrf6.nr3nj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ff3tij.grjb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ff3tij.grjb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lffb1q.89p1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lffb1q.89p1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-k3enhf.21npa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-k3enhf.21npa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-qn2ytq.4x8o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-qn2ytq.4x8o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cdfw96.vjabh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cdfw96.vjabh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fzn84w.yvoa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fzn84w.yvoa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-7u5gk8.k39q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-7u5gk8.k39q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-r9t7rf.62o4g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-r9t7rf.62o4g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h1448z.nz5y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h1448z.nz5y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-155nb0z.hrm5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-155nb0z.hrm5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-16rljkz.ontyl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-16rljkz.ontyl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-18kkcpq.nrjt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-18kkcpq.nrjt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-owxrd3.l2n9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-owxrd3.l2n9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ox9p3a.ys8i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ox9p3a.ys8i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-100u808.3g93.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-100u808.3g93.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qxpdv6.5o62g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qxpdv6.5o62g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1jf51sa.gfkx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1jf51sa.gfkx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-lzrl5h.c0uyc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-lzrl5h.c0uyc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-rs6w2i.ozb8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-rs6w2i.ozb8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-rzdz8g.hv0wq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-rzdz8g.hv0wq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1wf76y5.rpz5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1wf76y5.rpz5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1v9eytd.bkt8h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1v9eytd.bkt8h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-zadrzs.qc94i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-zadrzs.qc94i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nerp2r.7sxrg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-nerp2r.7sxrg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-706hk5.m5rdb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-706hk5.m5rdb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-142aky1.3wuni.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-142aky1.3wuni.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1hyn06f.bm3x.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1hyn06f.bm3x.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-12aia41.8ixt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-12aia41.8ixt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hu9yq9.fg4l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hu9yq9.fg4l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-aewi5c.jhaap.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-aewi5c.jhaap.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1octojd.j16w.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1octojd.j16w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-eixevl.ny8vl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-eixevl.ny8vl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-3ktu4j.fytlu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-3ktu4j.fytlu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-imq22g.7eroc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-imq22g.7eroc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bvr2rr.mxuy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bvr2rr.mxuy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-za1rtu.4xf4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-za1rtu.4xf4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ul2xdl.m6qp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ul2xdl.m6qp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nexojy.zcvs.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nexojy.zcvs.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-15qwz1c.cya5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-15qwz1c.cya5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-4d8otc.tm9c7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-4d8otc.tm9c7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-3ib963.v7hb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-3ib963.v7hb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rsdo7i.z6vz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rsdo7i.z6vz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1n1zyik.6lxr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1n1zyik.6lxr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-w9jwjv.yv8u.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-w9jwjv.yv8u.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-2snzva.3xl7s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-2snzva.3xl7s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-19m0xit.g8rnl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-19m0xit.g8rnl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ewow8o.kv0ps.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ewow8o.kv0ps.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hr0qjh.96xhc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hr0qjh.96xhc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h8d3l8.7b6di.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h8d3l8.7b6di.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1p4zlq1.yrhr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1p4zlq1.yrhr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-11q6xmx.yfu1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-11q6xmx.yfu1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ndjdwg.8vtx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ndjdwg.8vtx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-du8tl1.asdtb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-du8tl1.asdtb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nmvihz.drcih.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nmvihz.drcih.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1aho8le.0em7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1aho8le.0em7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nq92ru.smti.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-nq92ru.smti.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-110d9tb.tgbo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-110d9tb.tgbo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-qo5ile.y5jcg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-qo5ile.y5jcg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1pkhs36.7hy4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1pkhs36.7hy4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-psuv9f.16spr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-psuv9f.16spr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-4v3z1e.7zoyx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-4v3z1e.7zoyx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-5yamk1.42lzx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-5yamk1.42lzx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-pammdc.p824.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-pammdc.p824.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-k5coi6.j09yn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-k5coi6.j09yn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-9dfx45.zyjga.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-9dfx45.zyjga.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cbufl.v2capm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cbufl.v2capm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1po3pj2.dw1q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1po3pj2.dw1q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-f3watv.2ut5h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-f3watv.2ut5h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ku69fr.ccg8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ku69fr.ccg8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-57xsrk.g95ej.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-57xsrk.g95ej.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-16bns77.iyd9g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-16bns77.iyd9g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-p254td.2qvhc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-p254td.2qvhc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-atdoeh.9m0g6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-atdoeh.9m0g6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-m6c3tz.k719.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-m6c3tz.k719.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-zxzz6a.84e7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-zxzz6a.84e7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1p46fj9.a4fv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1p46fj9.a4fv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-13xi2ed.as0h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-13xi2ed.as0h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ndvjm8.smbe.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ndvjm8.smbe.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fktqdh.jm8t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fktqdh.jm8t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-n5q5xa.pt3jp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-n5q5xa.pt3jp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1x0npd1.cizk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1x0npd1.cizk.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp

Files

\Users\Admin\AppData\Local\Temp\a9dc2ca7-5023-465f-8f1b-de82c74c40e4.tmp.node

MD5 8982448cb4f28b82876befe6e8af25d1
SHA1 4d3b2fb5b42fc27c1ac9363003abc16ada188581
SHA256 78734316565f73b735bc3acb4c8bc6b41fe886ca20ee81e620dbea1e23e1fb38
SHA512 3edef33d5cd40f3432aeae603e725f0aacd6e7e387cc6723eac8d3030c3c78e43539a5e6e63c75a4acfd24e9c9fc8913d204ba6523be01ca31cca9a181a49a4b

memory/2644-5-0x0000000000060000-0x0000000000061000-memory.dmp

memory/2644-38-0x0000000077DD0000-0x0000000077DD1000-memory.dmp

\Users\Admin\AppData\Local\Temp\3fefb00a-7199-4ff3-a098-556ae83f30b0.tmp.node

MD5 30af610789f7032760077d9c1197d0f3
SHA1 b57027046f9c7b3d4cda0aef5c8baa334b6fc339
SHA256 64d0ead558c2ad1676574a0603111bf683286ea151daa2733c64739764de4722
SHA512 457dfb6de5b0ea065a8736447c3d63eb70161dffb1a4b5e2e0f9cdc579c5422cf305ffa48f90a847c5d98cf7888cb7022494c4e280ba7fe49c1e3035a81ca0a4

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

C:\Users\Admin\AppData\Local\Temp\screenCapture\CSCED626FAAEC4349CE8D48CC1198A6820.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES86AD.tmp

MD5 f387b9f24ebec14c2e96bec2ebbdc6e0
SHA1 c24ea0fd40a502bad969ad8f6eb9e6508fe96300
SHA256 710094f940ac81215c2b3cc8cdf4829703bfa63d599620844396adad89e9564d
SHA512 8d994bb1a8f9217e044b32f342f510924eb55657618c936bca9e682fe732e13607da145f16f46471a4f81882b7ce7dc95fd26f730df53814353b7c9dbcff9e4a

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 e9c3f8d68ea1582e54d1dffc2c5408ac
SHA1 18e463c1c02af09175423a8e5b91f0b8b9010f63
SHA256 eed14a62aafc15c627dd0c56f9c551648be5d136edc914f812ef6a66eb6f726f
SHA512 72051e902253bd6e46fc18f3d45d8744f4f8a43a216d32d27e7ac9a838c017c659cd656ac32c0eb699ec0df00bfdac0972ffa637501224219040c7b30cee17cb

C:\Users\Admin\AppData\Local\Temp\RES8640.tmp

MD5 51d258cd08750e75f16a4f1fb791fa99
SHA1 3de2eb432b554d513fed67beb220469c7da80aab
SHA256 35d7a7b33f2f7dd505d44a33ffa34d117556e265f9ccfb4befcc607a9db9726c
SHA512 2994829148da7bd411a802b7fca882465c8d554bb02a4b5a7d6c61a73695a7a5b66064ab076b12239f2196d925a21a7facc31a3f7eb1056f1ed704b069051a38

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 de84e425e0f0d034882d28b68298cae7
SHA1 af1f3d3667da76c48a559d127413c73eb75e1e5c
SHA256 6715506baa734be2f2b70c73a73800d0a05f49bdfe5181297d21594054ce5f0c
SHA512 8b9839f345092e387c6770bbc9e8d65cdf9cfa5c7d71a31c340500c7965798753635443da3f5d8b5d0c6f54b7a20fd03e300ab7720523d212ffe17425d4819ed

C:\Users\Admin\AppData\Local\Temp\RES865F.tmp

MD5 196e90a6e9968e34e34582233144d063
SHA1 05cdcb3838c39b3a457789f6ce8192b8f7651e24
SHA256 c5b078f163f211a3a79054c31b1f46bcbf5bedc468a9fbbeae8c4905fb0d27fd
SHA512 5ff5ea281889ca800f4118374e93672a0253a378fcf4c55099810a1b88f2f28fbf10298919239fd125413bac02001f6aff12e8ec4ea79762b33741d558655343

C:\Users\Admin\AppData\Local\Temp\RES86AE.tmp

MD5 6b2b032747dba1bd01d3ce04b97baf48
SHA1 fdda947a5ba3a94f8e2cef0d07d54a9d4df4061d
SHA256 6241b149c191545585ce18bf6ff6933e19657e8966a34cde78c0064976245270
SHA512 333768c444fe8d2cb547ee9c9e83d52c59745997b214513f39bb2e4fa89df7f64749e5044c3b4ca1a968d28a4ee2ded8fd876b338b361dcaa464a612c81dc94d

C:\Users\Admin\AppData\Local\Temp\RES86AF.tmp

MD5 6b1640bdec0284b05a25329f107bf09b
SHA1 86bb38655acb9d5dccbe08f4d41ef8ded675db5d
SHA256 3218fc2e608e54f5e5d28b27b9b2035bc8250864d9ded75f012796d70e038076
SHA512 6a91d681f0c5b036c938ee417b92205850b1e7d3ec926ccb029841ec175bf0e2c61633a494d16065c8d03c5acb87d133aed20f3b734595ee620c18a3f218e423

memory/2540-186-0x0000000000F10000-0x0000000000F1A000-memory.dmp

memory/2748-202-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\202438-1184-py86ls.60cvg.jpg

MD5 b6fdf73a72b204bbd9e4cc7c1f0b3da5
SHA1 bfc07cd18697af9d2c1f8b896de719baccbbe443
SHA256 7968dda27479ee8b3cbc3abc7523e42234a6854782e49ee98ea1405d527b3495
SHA512 5de6eb47e38cae06160e59185f2ea5475b7991d919b1f27fdf37f1ad48d29f21d05a6b80d541613ef66ebbf0a82df04ef5f1f9c789d215b68f49dfaa11ea894e

memory/2580-203-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/3068-204-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2540-205-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2384-206-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1700-207-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2516-208-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/592-221-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/888-227-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/592-233-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1700-241-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1620-245-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1796-257-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1280-263-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1280-271-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1848-265-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1848-275-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2976-278-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2324-283-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2092-285-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2636-289-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2636-304-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2540-305-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1712-310-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/112-317-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/112-326-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/888-319-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1620-331-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2000-341-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2660-346-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1796-352-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2000-355-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1912-337-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1824-361-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1736-368-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/648-371-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1824-370-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2244-377-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2796-291-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2244-383-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/648-390-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1328-396-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1328-393-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1560-402-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1848-400-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1240-405-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/432-417-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1848-418-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1240-419-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/432-420-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1560-421-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2796-422-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2324-429-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1524-435-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2732-437-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2732-445-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1632-444-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2084-446-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/1736-449-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/112-454-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/112-460-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/2084-458-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

memory/3052-464-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win10v2004-20240226-en

Max time kernel

139s

Max time network

159s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

Signatures

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES96D1.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC887F58CC71C147899F32B7B7DFC0349D.TMP"

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC887F58CC71C147899F32B7B7DFC0349D.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES96D1.tmp

MD5 9eca00e2e8bcf3addfb338b33f45eb62
SHA1 eef50b9390906a982b45d40029192f6ab575a8a7
SHA256 542dcebe95633721d7d3845362539ad5414ca95e77849255c17875fce166269c
SHA512 04160ba6d1da7a5bc73a23c133dda67028d52a37bb136b9bf8fe29c9092e998407d067525bc0bba3c0e17dcd80bddf1df9f0bb277c4d2e6280d36838453716c9

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

MD5 96532e3fb8f05a5d441369bd7e47a557
SHA1 9a13fa21891c08e64e4d59e04c65a0eed3fabb99
SHA256 fb3ac619c189f59238145b285c871fbc17aa07d85b547a768cb637358d80507c
SHA512 ac36df3ad6de65657a72d42e9830e35434a9c89de3c2db12dcc52838a9e49f5660f0086596a6132e358297baf9fe99d120ebed2b2c67fb52bded91dc13e0144f

memory/364-9-0x0000000000FF0000-0x0000000000FFA000-memory.dmp

memory/364-11-0x00007FF9D1B60000-0x00007FF9D2621000-memory.dmp

memory/364-12-0x00007FF9D1B60000-0x00007FF9D2621000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win10v2004-20231215-en

Max time kernel

142s

Max time network

147s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4492 wrote to memory of 3492 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4492 wrote to memory of 3492 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4492 wrote to memory of 3492 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3492 -ip 3492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win10v2004-20240226-en

Max time kernel

156s

Max time network

169s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"

Signatures

Epsilon Stealer

stealer epsilon

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsBootManager = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsBootManager.exe" C:\Windows\system32\reg.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2012 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 2012 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 3036 wrote to memory of 4100 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3036 wrote to memory of 4100 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 4816 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Users\Admin\AppData\Local\Temp\Node-js.exe
PID 2012 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 2012 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 2012 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 2012 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 2012 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 2012 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 1472 wrote to memory of 4728 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1472 wrote to memory of 4728 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1656 wrote to memory of 3376 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1656 wrote to memory of 3376 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 5060 wrote to memory of 4740 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 5060 wrote to memory of 4740 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2012 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 2012 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 2724 wrote to memory of 4880 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2724 wrote to memory of 4880 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2012 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe
PID 2012 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\Node-js.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"

C:\Windows\System32\Wbem\WMIC.exe

wmic CsProduct Get UUID

C:\Users\Admin\AppData\Local\Temp\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=gpu-process --field-trial-handle=1640,15988592063297420386,14195150436517721813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,15988592063297420386,14195150436517721813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --mojo-platform-channel-handle=1960 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"

C:\Windows\System32\Wbem\WMIC.exe

wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"

C:\Windows\system32\cmd.exe

cmd /c chcp 65001

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-g7l8x7.gu7q4.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14tdgzx.l2t7l.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-gato2w.km8ek.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-19ha239.lf2f.jpg" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBC0C.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC97E0769C437E403BB6AC9E80CDA8CD26.TMP"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-a25pq3.6qec.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-gato2w.km8ek.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-g7l8x7.gu7q4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1byiezb.vq3pg.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wgz2t9.qzwph.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-a25pq3.6qec.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14tdgzx.l2t7l.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-19ha239.lf2f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1csyi24.yj0p.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-qua8ok.8lft.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14hpxha.fmzkj.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-utlxrx.jjl59.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-163eac3.lh59.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1csyi24.yj0p.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14hpxha.fmzkj.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-utlxrx.jjl59.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-163eac3.lh59.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-qua8ok.8lft.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1byiezb.vq3pg.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wgz2t9.qzwph.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fz2dmw.wc3o.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1264gnf.x4nw.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-88sit.5h5ne.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jebv6m.tvi9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1264gnf.x4nw.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fz2dmw.wc3o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1yn0ayc.uvyx.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1aqqo83.kamy.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-88sit.5h5ne.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jebv6m.tvi9.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1yn0ayc.uvyx.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1aqqo83.kamy.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wyazbx.rqmoj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wyazbx.rqmoj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-bdx0qc.zbwks.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-bdx0qc.zbwks.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-8od1ni.m3hes.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-8od1ni.m3hes.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1s1te3m.7s94.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-k4vkv7.11ye.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1s1te3m.7s94.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-k4vkv7.11ye.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1i2q7kq.9q88.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1i2q7kq.9q88.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14ilnht.wfpt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14ilnht.wfpt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14xohvr.tusu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14xohvr.tusu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p5sr7g.rws8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p5sr7g.rws8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-o74mya.nfosg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-o74mya.nfosg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-2m06x1.e8mi4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-2m06x1.e8mi4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ftluj3.p29iv.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ftluj3.p29iv.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rnkjvu.mbeb.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-w5i5iv.00uz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rnkjvu.mbeb.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-w5i5iv.00uz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-po8y3e.lsze.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-po8y3e.lsze.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-113qbfa.qwst.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-113qbfa.qwst.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-bat6g4.188n.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-t4l4ss.y3kc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-bat6g4.188n.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-t4l4ss.y3kc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-173lr5j.669qi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-173lr5j.669qi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-8344bi.35wpp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-8344bi.35wpp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-m9pgod.ejov.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-m9pgod.ejov.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-11kis9h.0fvb.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-11kis9h.0fvb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mtgefe.p3mx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mtgefe.p3mx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-wqv612.8lo1g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-wqv612.8lo1g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1vkhfvx.z1tt.jpg" "

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1vkhfvx.z1tt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-p90ptq.0fq7.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-12m1748.ctocg.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-viq4w4.dxg1s.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-p90ptq.0fq7.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-12m1748.ctocg.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-viq4w4.dxg1s.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-11v0hd2.j6ns.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-11v0hd2.j6ns.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1enm55r.z0ha.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1enm55r.z0ha.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1a6niuq.68ew.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1a6niuq.68ew.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-arlrot.db9dd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-arlrot.db9dd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-39xt9l.r7s4z.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-39xt9l.r7s4z.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1ym69cp.ce8s.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-prwpck.c0jnh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1ym69cp.ce8s.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-prwpck.c0jnh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-5ikhus.1g9zm.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-kjyl1n.4j96.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-5ikhus.1g9zm.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-kjyl1n.4j96.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18w5l2p.g265.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18w5l2p.g265.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ld234f.arf0p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ld234f.arf0p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-984sk9.w36ok.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-984sk9.w36ok.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rusa38.pehuc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rusa38.pehuc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1nx5o9y.n075.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1ord9lf.twyz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1nx5o9y.n075.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1ord9lf.twyz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18kp7bw.bit9.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-12gnpb6.il0n.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18kp7bw.bit9.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-12gnpb6.il0n.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1h7n224.zh4cf.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1738w2l.5q3o.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1h7n224.zh4cf.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1738w2l.5q3o.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-oexq7b.wy33c.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c7k41.raaq9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-oexq7b.wy33c.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c7k41.raaq9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-l0kz02.5lnu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-l0kz02.5lnu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-126s8em.mgvh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-126s8em.mgvh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-jwglxo.aqh2j.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-jwglxo.aqh2j.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-16liai8.8k2h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-16liai8.8k2h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-tf80h5.ffue.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-tf80h5.ffue.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-17dn5k0.pty4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-17dn5k0.pty4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fupaqi.h03c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fupaqi.h03c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rjpymk.zgg88.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rjpymk.zgg88.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-43zpnz.y6ehq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-43zpnz.y6ehq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-nbdoxg.4k4b.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-11roome.k7as.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-nbdoxg.4k4b.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-11roome.k7as.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-152m2z5.4mq0i.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1pr0why.64bkg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-152m2z5.4mq0i.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1pr0why.64bkg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-jeahpb.rsw28.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p7y7bk.idms.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-jeahpb.rsw28.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p7y7bk.idms.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1eeo196.szu6.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1407hf7.9j1m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1eeo196.szu6.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1407hf7.9j1m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wc02aw.imcc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wc02aw.imcc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-15a6lt2.96le.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-15a6lt2.96le.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1prpent.4wnb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1prpent.4wnb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14au2ev.tjrk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14au2ev.tjrk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bx2rpj.5hpo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bx2rpj.5hpo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wxssr0.y43dj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wxssr0.y43dj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bb5e65.k8is.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bb5e65.k8is.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-16s8o0i.ju8h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-16s8o0i.ju8h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-bvui45.sqc4q.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-bvui45.sqc4q.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1i09exh.rto.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1i09exh.rto.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-x0b563.00mqj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-x0b563.00mqj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18zam99.m5dz.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18zam99.m5dz.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c6ke7n.lkh6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c6ke7n.lkh6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1065m3g.szws.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1065m3g.szws.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1l43eth.cl0g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1l43eth.cl0g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ik3dp7.tj91e.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ik3dp7.tj91e.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-6psrvz.07ex9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-6psrvz.07ex9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18vn5rr.teoji.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18vn5rr.teoji.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1j6y9kv.rb9h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1j6y9kv.rb9h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-101pxam.hthk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-101pxam.hthk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1rvmw5f.g3yr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1rvmw5f.g3yr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-2g961r.28ci9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-2g961r.28ci9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-qc1opt.1nv0b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-qc1opt.1nv0b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-101ur3k.n2j4.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-101ur3k.n2j4.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wyaxjk.1g67h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wyaxjk.1g67h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rwpqgs.y7z9m.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rwpqgs.y7z9m.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1g1hw7k.700v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1g1hw7k.700v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-13l1fok.dkwk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-13l1fok.dkwk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-xdk9ln.vaa.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-xdk9ln.vaa.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-164p2gz.fo4v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-164p2gz.fo4v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1991foa.33z3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1991foa.33z3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-97q0j0.wqs3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-97q0j0.wqs3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gid85b.rzfh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gid85b.rzfh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-17parr8.wml7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-17parr8.wml7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18wzk77.931y.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18wzk77.931y.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-9vnscg.yqbnn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-9vnscg.yqbnn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c86nvk.bwl2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c86nvk.bwl2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-9envj4.chdsw.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-9envj4.chdsw.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ok1x2i.f6s1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ok1x2i.f6s1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rgb9dk.6n25g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rgb9dk.6n25g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mvbnq5.pu7k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mvbnq5.pu7k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-d2ukhg.y6vo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-d2ukhg.y6vo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1edu55q.8kqd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1edu55q.8kqd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-m2qgtn.akaqb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-m2qgtn.akaqb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-k1ogo5.g3jpj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-k1ogo5.g3jpj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-nc763s.e7ruh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-nc763s.e7ruh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-kttl0v.ej5k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-kttl0v.ej5k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1iy52gj.1nnd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1iy52gj.1nnd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-159en90.ctjg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-159en90.ctjg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-5hgbcz.xuz1t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-5hgbcz.xuz1t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-umynkj.7cmm.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-umynkj.7cmm.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1s1vj1z.x7n9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1s1vj1z.x7n9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-htbwcy.1tgj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-htbwcy.1tgj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-93qmfh.9mw3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-93qmfh.9mw3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-nda1d6.imn5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-nda1d6.imn5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ih22jx.rletp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ih22jx.rletp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1g88bs.6ifka.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1g88bs.6ifka.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-h90d10.1mtt7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-h90d10.1mtt7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-6zaf5x.g1bpi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-6zaf5x.g1bpi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wtw05b.52tp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wtw05b.52tp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1k3ozfb.358h.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1k3ozfb.358h.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-er1u6n.2lrjh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-er1u6n.2lrjh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1vu1jbr.rnkag.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1vu1jbr.rnkag.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-15rscs0.q2dx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-15rscs0.q2dx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-yqeukg.ore0k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-yqeukg.ore0k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-fsicvb.ki4v.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-fsicvb.ki4v.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ph7mt9.6qta.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ph7mt9.6qta.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1tr2gww.i2ew.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1tr2gww.i2ew.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-vavvkg.yj77.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-vavvkg.yj77.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fjbbyk.5pdo.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fjbbyk.5pdo.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-3oekjt.chbue.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-3oekjt.chbue.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-17c25w2.n3zij.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-17c25w2.n3zij.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1biz8mt.af5bk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1biz8mt.af5bk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-c3eant.i8kfq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-c3eant.i8kfq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-doetzb.1hx98.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-doetzb.1hx98.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1u6dqll.q4i7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1u6dqll.q4i7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-masqhs.5sg5i.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-masqhs.5sg5i.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-r6oxj3.ak63p.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-r6oxj3.ak63p.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-n17lc6.b7iu.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-n17lc6.b7iu.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-mkkc7c.91oyh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-mkkc7c.91oyh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bltpw4.kp8cj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bltpw4.kp8cj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-fsd3lx.ck747.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-fsd3lx.ck747.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rwbpio.zklgp.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rwbpio.zklgp.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-4f773c.8ahgb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-4f773c.8ahgb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-5o3k73.5z2tl.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-5o3k73.5z2tl.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-10xwjsu.h7y0l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-10xwjsu.h7y0l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ar1mk0.wbiec.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ar1mk0.wbiec.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-fv49bq.dsb3.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-fv49bq.dsb3.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-5nrk7s.wvw7c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-5nrk7s.wvw7c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-17pkc4i.j204.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-17pkc4i.j204.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mg43hz.kete.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mg43hz.kete.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-gkz9wq.uqkpi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-gkz9wq.uqkpi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-h4e562.mqtx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-h4e562.mqtx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jb1shv.9tf9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jb1shv.9tf9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-16jj7bc.ebq8.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-16jj7bc.ebq8.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-gyb93b.8jkks.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-gyb93b.8jkks.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-816bn6.g32r9.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-816bn6.g32r9.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kct2hi.xfy5.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kct2hi.xfy5.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-soxlya.26jq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-soxlya.26jq.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-5vav77.nkobq.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-5vav77.nkobq.jpg"

C:\Users\Admin\AppData\Local\Temp\Node-js.exe

"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=gpu-process --field-trial-handle=1640,15988592063297420386,14195150436517721813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADoAAAIAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jwdzlj.g0kx.jpg" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hn5we3.1mrzj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jwdzlj.g0kx.jpg"

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hn5we3.1mrzj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1it1gnw.a5bt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1it1gnw.a5bt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-okhygp.qzyxk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-okhygp.qzyxk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-lfgnfl.dxtmc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-lfgnfl.dxtmc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-13a06k1.fvb1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-13a06k1.fvb1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-16zhrjp.osoag.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-16zhrjp.osoag.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-gjp8wq.i88k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-gjp8wq.i88k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jr31sk.95mzg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jr31sk.95mzg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1r5ol5u.ufls.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1r5ol5u.ufls.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mijgtw.c4nx.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mijgtw.c4nx.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-181envk.yw22f.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-181envk.yw22f.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1t4hbny.twes.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1t4hbny.twes.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gxeoba.md5w.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gxeoba.md5w.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18j2fhl.33qi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18j2fhl.33qi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-udkw6g.jpm7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-udkw6g.jpm7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kkb7da.pr4t.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kkb7da.pr4t.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1nl5d5t.svj2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1nl5d5t.svj2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1974ghs.xzfi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1974ghs.xzfi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-k2rxix.zuru.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-k2rxix.zuru.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1h26krw.1eql.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1h26krw.1eql.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14g9uv.ulzmt.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14g9uv.ulzmt.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hoe9dh.ime2.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hoe9dh.ime2.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gzy12t.yp87.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gzy12t.yp87.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-4x2qcg.lvd9b.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-4x2qcg.lvd9b.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-13ya8r.k3jqfi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-13ya8r.k3jqfi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1931u1t.fxeb.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1931u1t.fxeb.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-4571pb.unrj.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-4571pb.unrj.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bcnuh9.ge46l.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bcnuh9.ge46l.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1aipkw8.v0nfg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1aipkw8.v0nfg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-17a9yjn.0d15g.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-17a9yjn.0d15g.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-b53q5k.3zdad.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-b53q5k.3zdad.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-15a1yde.rqh1.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-15a1yde.rqh1.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-3vkrj7.7o71c.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-3vkrj7.7o71c.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1csoy26.rq3gk.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1csoy26.rq3gk.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1st7yc8.e8d6.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1st7yc8.e8d6.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hn1amn.76p4k.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hn1amn.76p4k.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gmg7bj.2gqi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gmg7bj.2gqi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1qjj2j4.v1zg.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1qjj2j4.v1zg.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ammp6e.46c7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ammp6e.46c7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-lvltsk.zsoi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-lvltsk.zsoi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-mit6k4.gmmr.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-mit6k4.gmmr.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-3ioxlz.psu44.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-3ioxlz.psu44.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1efjbv5.i8lc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1efjbv5.i8lc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1iihipn.5wdc.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1iihipn.5wdc.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kul7t.2zgrhh.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kul7t.2zgrhh.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1tzq3bt.8xqd.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1tzq3bt.8xqd.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hox4r8.sfdf.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hox4r8.sfdf.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-2oq7v0.yghfn.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-2oq7v0.yghfn.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-19m1u55.lzu7.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-19m1u55.lzu7.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kzoq0y.c1te.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kzoq0y.c1te.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p7kcx8.8ssi.jpg" "

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p7kcx8.8ssi.jpg"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1x019sj.nic2.jpg" "

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 panelweb.equi-hosting.fr udp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 172.67.176.119:443 panelweb.equi-hosting.fr tcp
US 8.8.8.8:53 whoevenareyou.equi-hosting.fr udp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 119.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 54.40.21.104.in-addr.arpa udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 172.67.176.119:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp
US 104.21.40.54:443 whoevenareyou.equi-hosting.fr tcp

Files

C:\Users\Admin\AppData\Local\Temp\ee2d78e7-8cbb-45ab-8ca2-c0f42c0f3c40.tmp.node

MD5 8982448cb4f28b82876befe6e8af25d1
SHA1 4d3b2fb5b42fc27c1ac9363003abc16ada188581
SHA256 78734316565f73b735bc3acb4c8bc6b41fe886ca20ee81e620dbea1e23e1fb38
SHA512 3edef33d5cd40f3432aeae603e725f0aacd6e7e387cc6723eac8d3030c3c78e43539a5e6e63c75a4acfd24e9c9fc8913d204ba6523be01ca31cca9a181a49a4b

memory/2964-6-0x00007FFE76180000-0x00007FFE76181000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\03c91d8d-e645-4035-ac3f-04174885245b.tmp.node

MD5 30af610789f7032760077d9c1197d0f3
SHA1 b57027046f9c7b3d4cda0aef5c8baa334b6fc339
SHA256 64d0ead558c2ad1676574a0603111bf683286ea151daa2733c64739764de4722
SHA512 457dfb6de5b0ea065a8736447c3d63eb70161dffb1a4b5e2e0f9cdc579c5422cf305ffa48f90a847c5d98cf7888cb7022494c4e280ba7fe49c1e3035a81ca0a4

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

MD5 dec2be4f1ec3592cea668aa279e7cc9b
SHA1 327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA512 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

MD5 810ae82f863a5ffae14d3b3944252a4e
SHA1 5393e27113753191436b14f0cafa8acabcfe6b2a
SHA256 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA512 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC97E0769C437E403BB6AC9E80CDA8CD26.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RESBC0C.tmp

MD5 0543eee5312c838aa500c77ab7a88529
SHA1 588e5b8923a48010a8b823b626b82a2701d3b3c3
SHA256 8ff5a43e4a7547986d31471e11690fa79ff2c965c14bf4476503efcd19647d81
SHA512 a506850c3ba5a49b6d887a24fb32c45695a54198bd657cd6d3674d4ce8304f31173f63b4140ebf1502df9d69ea0b7f85833a6c665060a201afba01fc17e5439e

C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

MD5 33448cb484144d9077b9e9bc3ebe0014
SHA1 0321c7db7114bab8ed36dbcf150955745281150d
SHA256 a62224a21aa8c4b70b6d0862239f88102c98e78889e8e0c40a2f82d40ccae1da
SHA512 158e8a3998802bafa30318c4ebda99a3be236bcc609fe30000bd4ac68bf29acdb7a933cfd7491f93cde5ab79f7e81ee2c73231f68ec3fc7cecf63b070532593e

memory/4992-88-0x0000000000C80000-0x0000000000C8A000-memory.dmp

memory/1792-89-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/4992-90-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

MD5 f3ac7a0e31b9af1b495241eff29915ad
SHA1 286fe23eba741cd3fca3f3e9a919021946655392
SHA256 f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a
SHA512 b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210

memory/1792-98-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2080-99-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/4992-103-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/4060-104-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2080-107-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1192-102-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1192-115-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\202438-2012-14tdgzx.l2t7l.jpg

MD5 de3b4935325b649bacc1aa2995e25170
SHA1 76e476ce1ca6e76cb1886996ca2ed241644308c7
SHA256 1032512cd6c1684a653e4321ba85f632cc39bcffa1ec14ed051e4d09751dbe8e
SHA512 5deb88be1c4dad6b9f27fd7ce5fadeb13d04378c02d51c3a615a41fed730d3aaf3835b311bac474d3332c9cb5652fc5344a3b497c917471e3707b3becfea7b51

memory/4060-112-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2964-124-0x0000025C96CC0000-0x0000025C97015000-memory.dmp

memory/2740-134-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1520-135-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1932-136-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1932-163-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/5052-166-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/5052-178-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3576-175-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3576-162-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1520-160-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/4596-154-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3440-153-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2740-152-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1840-148-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1144-149-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2396-201-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2512-206-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/4900-214-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2736-215-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2660-213-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1632-207-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\202438-2012-1wyazbx.rqmoj.jpg

MD5 05d18d3fcd567b5ea2a8c999d12da170
SHA1 9b99ddc8417d427cbbaa548a6a050e9964056b1e
SHA256 a1fb36000f9ad0e1ebd930b57df641a21730a844aea60fd6c3d3a40b33daeceb
SHA512 a912c8bd9e705733de2ce462ec05ff4396e89eb5dd3352a409f87c9df511df3e16940f42ce3406ee655e692bf5ff280a40c02274146f97576dececc984f051ce

memory/2972-235-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/4264-237-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3884-242-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3884-245-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2744-251-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2744-254-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2972-217-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3772-210-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/808-266-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3276-273-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1860-276-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2920-275-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1840-280-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/4456-281-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3780-277-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2548-286-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3380-293-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3380-297-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1520-296-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2548-292-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/4456-291-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1520-307-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2676-321-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3840-328-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1228-329-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/452-325-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1228-331-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2948-330-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2728-324-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1904-323-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/5036-322-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/3840-320-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/1864-306-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp

memory/2964-536-0x0000025C96CC0000-0x0000025C97015000-memory.dmp

memory/2736-720-0x00007FFE76180000-0x00007FFE764D5000-memory.dmp

memory/4836-1014-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp

memory/4836-1013-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp

memory/4836-1010-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp

memory/4836-1021-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp

memory/4836-1022-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp

memory/4836-1024-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp

memory/4836-1029-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp

memory/4836-1031-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp

memory/4836-1033-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp

memory/4836-1026-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp

memory/2964-1117-0x0000025C96CC0000-0x0000025C97015000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20240221-en

Max time kernel

121s

Max time network

128s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win7-20240221-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f11261ad89da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000ad35ca625be7f2b2a6acbd8faf1ac8c418682d7b75e791fa1a5aa32f32d9d3f7000000000e8000000002000020000000f007a2eaa5a3f3c0067edee33a21af76b00e3ad9f3e5b92455b6c9a1485b3be120000000dc49a33cd1c140bfcb55dcdb7194dd67dc3131a16dd1af1823cd6318ae8a95a540000000954e6a4ee782e026a43f3d54d23031ae41dab6daf9d8a273ace26bcfef94c9bbd18ebe6090811eb437d35bb0ce5e57eb8603f52f5398436a6cf3360570083cd1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B990591-F5A0-11EE-AFF6-E61A8C993A67} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418739907" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000f9bb547b358787d6970b60ea8b92c617e7f0714904e2b955305baf8b5a0e3e94000000000e80000000020000200000007d8a8447403804490fb7ef70510bb55288026a0fd290516b8eb7f9d334038e2f9000000063255b03c17b3fe15749723f1795ea54068bd184c25a95da22fa5049ed37cc0b127e72e400ec9ed6e4ac1c3c59bf4d54db4dfc87fe0a1d3936f390329db45af0efa5b683fce27517d01c6115a850dc5c264efc7eabe63697e3a999a0af2f830b66dc2fa05dacc0090ba580c9997852379b1352cf93495b35e12c1bd87621892b54ff9de6111f7d3ef6965913eb4ecbb94000000047cded87f65609cf9dbe43b267eba4f74bc764280859c907cfc726be9bd7117e99e02b7f18c81fe4b6213d93b033d197d14e70e60a8b69603d280358d186e277 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabE716.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\CabE832.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8263204afd609f5d9cf1d21957ffdbe5
SHA1 00d349ae9f7f1c12577d0229abefbb7ebec4cb03
SHA256 66cdafeb4f455101e2f500937367b2d59540ddf20ee7a50f1520a5b6203c85c9
SHA512 98e833926fb151e42353c7fa75f3a09c9561d154508b6fa2f865e579774fcc9f26563a2e89c6ad955f35f2bdd9397e2e8d6dfc1abedc91799a72bcc9e62d4c69

C:\Users\Admin\AppData\Local\Temp\TarE866.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f23982277fd1e87579cfe2d9e8a3aeab
SHA1 247c2139c0f0a11f07ba8ea9aed31123a7ff3391
SHA256 bf4abc55c3e1e112c5366c23fbb43e9ff250c1515e3a3c0ad8a0942c9a861bd1
SHA512 40dec6d203c06f9f517ea74cd50031f80b7f2555660656b40ccef3411cfd53b13f3fe3748cb85a6c9d0077e2533beef205e4f4c0c1c2d0b2d9588f456414d608

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52c798bb098f190c7e64abf2503832bd
SHA1 b8f0e60e007335d7425b221d479c935814845b7d
SHA256 a47530b075f194ee35b32dc841f15c75a36f80a23ae8d664d09e14d4648914df
SHA512 d30accda637442af72fb88f2325245f2557ead6bf69b3072dc06dc083d1e9920e4369df30898ee38f6767117d9696b20434daff11bbaabc303f7c690443005bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bc661805de9018e347eba06c022c480
SHA1 f61c348739024a20b3dc88c40b5d1af94cfc6aaa
SHA256 2503adbface2b7e3cb25cbd3ae11a672786109e01ea933b386cb221f7f120a7b
SHA512 69e24e58d63f9cd93e6b17e85f998ed05f86977a1cfa73e6641b0ed3fe5f6a26aa68220e83e7bdd755c0d997cf48068f0bd5a339085725ff82fa7e78034a773c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 298d3dea29dc461dade60ac941bb090f
SHA1 ace632e45ca979a388eb0d9ba3cdf62e2114d37d
SHA256 be2bbb6f37c27c6a8256eccb9795ea092edbc22af4e9784155e32ca2e5e7579d
SHA512 12613c46e40537876c0eaf5ef2257a36da8752221d60d9b0534525c329343c2a52d253bbb07192b2c825157f8349cdcfef7f95401f2e7e6323d9058d481406d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bb6885447e80eba80cde8e0a9a70adf
SHA1 dd055f5ffb88b8195d51d8077169a62d3cbbb41a
SHA256 759c545d3efa11e946dcf8d7eb55a6f2dcc31521d142e87076599b9cfed31b85
SHA512 57a0821c4d8b73020d41f46113b1263292f610e20c6b0907737ec621b76d32b9c303177a0e2517ce60fef6b02a9471a45fbd29803a4f43e03e8499a9c64ad261

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d3bdc7e62cb2cd3e97aca900914e36c
SHA1 f5c678fd8b1f39fcc38ba068c057cece5a42bca4
SHA256 5f450941728efc270f4a6555d091dd9ff5c6f5566c30669285f55c84db940e55
SHA512 2cd9f6c93cf46b64dcfc8f31c959d07c5b1743a0c50767fe4deea89ef5cd5b26bb9298cf06cf50b41ce45d74d20da8c90a163d96bd54a92c39d19f0b7b840b4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16d276779c532db502bd1e4cf659cee0
SHA1 4c5b38c35384b7fe31238fc609caf38ef5341ced
SHA256 2348f04e623f1f376e493205de3f3ebebba3a7e51456de973ff9fc14b904ff85
SHA512 3c96c9cd9906d35b708c3f165b5b717d2ebe5a5c437f896b1d74e017475d9cc86b33932eedf1dbb1cd05bbd4241ae9f73fa287549ddd0a803997d3c1df58fd72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9df248d3ead5731f321a2eaaf5682bd
SHA1 51bf85d10081f693d35f336bf99af756996e2eac
SHA256 c64b993c2e647c1307bf557836735c4cc6090e923a1f4a5e7a76268e1b2db43a
SHA512 1fee78c48e78afde194cfdcebb4f66ffd1dbd925c614f181a9ae647c76d4d6422050a7b15148011990a69ad09c53eb5f2a3ed81b3d4d0ef11751d515ba6ad837

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 722f6ef0c656feee78869253659a1b05
SHA1 4ea43271d7f826d4934183f05c85ae4aa1d6fe15
SHA256 96f6ff19969218375739a833ff66013aa43f68ea29c45d4176bb09ed4dc777ae
SHA512 36123ba76360370a9a9ae8fa9e9152e4681ad854c6b0f0a236e29011458d35aed6c990567849933189244a873ccfd31d7de7d50d8c08a21b69e9684c8ec5698c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 667113888746866f88cd58380a2932fc
SHA1 5eff54498db4ba11eac6eab1a3b6e3a856f6726c
SHA256 65379566ecfa35ee5f2e0e12f8999290e59764ad95401a81b9473872e4abdeb6
SHA512 a3fc2d3a5ad04a84b1645d49124a6855aa25aa27fd0b32df17e332351d07e3476e3c8cc3cc2ca39888d22ebf37658099e917572c13d60ad9cde0164476ced299

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 536ddf53c3d4a2ad1d3ae7b9910aa308
SHA1 cf8e781f65f86f6a2fda2d5c841f215d2a51f576
SHA256 c71c4d56a389998477b09683940e8452f2dbc7748cbfe716de797c7ee5ec465c
SHA512 dc01f6fb6be74088edd3d02fb836a8bcf55cb105c13aa1bd80be8c75f9c2850db665c2caaf51d10485aee40ba82c10ad54c49e2da0a3372f88f92e9d17bbe958

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c90a77a95a61cd1ea0b37f0db47fa81d
SHA1 cdf1c30eec6503c4898e67e2c5a02c7437a04cee
SHA256 68c0844d20553e89e6f308d56c352c11f3de53f5383ba46f414ede7d0147044e
SHA512 d9ea24ab0d046a63557d1e34443ff01677b0728920c3cf267e86af3ecd6927e8b3b9d541aa06613fb87ae49f04a23ec0036730dc3af4e96275a97ec6157708df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a799e0c9a2fd3299771bfbfe5065fbca
SHA1 ae2fa948b0bb787e7cb0e9035dfe1b19b28d0415
SHA256 b33ed6a5736bbb2f1543583b9ada0425d798acc95aa12bbf86bf645a6a3db548
SHA512 dc9c7c4a8dffe46eccac0edccba9f97010a59db5bb1a117a693fea937d47c18c30bad7610344377be517e13330f8be53a59fe9ada6874d9ce3aa1ef1c3f04b1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b1d0430168a4a7fe3492664f1b5891a
SHA1 eb9af0fdb89559da8d9d3a7147829798024fc39f
SHA256 fab28e077a5fec4f340a31d468c241d162e4aecb190797fc965d0d7496b02e6c
SHA512 9ac044059f6148f3fd0cd18fdc2d1ba38649351127476662a0f0e5f753adb42b409bca88dc95cbd87839a415870cddc792821b5426f967e4fc3c0d0f945158f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29130adff8f2f0727441ec9bd677a0a0
SHA1 5fe8b14ba6c4268118e5a4cd8245777683b54822
SHA256 61b9bfcc2b18b93c99518a6c2ded7ebc3ab178e3f506663564a3f496246e2141
SHA512 489bf185262010fe61d6bb74c1f16cd3ecd86a5fa073ecdeafb8209d4d73fd28541701d366f68c1e6f7189b5f2f02ea3dcd9bc64967e2713ef587c3c0f6ede0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2392a7647fb685b803c3907dcaef291
SHA1 e30b3451df3e9c23655947ef7d4d0589c72f5d2a
SHA256 d9889f57c4acf1247ec6d4998cf255d7d4c488b985413a626780864a8ebed31b
SHA512 d97c56eea99cef8e949f6a4336a34c1505ee50929acf9d1b5be9a550693c5d9a010a191719e0033115d2d9f2170ab36189a65afe09748802cd532b53a4669c8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23ad7801f16a2094fcee8cf741e10cf0
SHA1 9052ec7a2f154732ed914db22da6fbcb3632300a
SHA256 f3f9362bc92a7c45fa366e9ed14fc72396c255dab453d263c8ec2eb9123772d0
SHA512 a33dcc20899a4b30cbd5e19cc92935395c522e347e2e1795d277fa7c4f7c8096a3f02b14f9e60c4be427d312b0590fd48fab462a15adc2d59d794d7bdf50116b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e1ef417fced7f6dc280a7605ae0c3b5
SHA1 c5a1e958ffcc4d05a665b0bb9bb7a3c0205e7f70
SHA256 47e44254f70b296e725277772d6d8c5ea408ce84e6e5c60926acffebd898c926
SHA512 ff0d333353c89e04449b2b6aea3f9b6317d3353fbf893f677268e30603628927dec00f07a1051e44871525ce67a9caa36e0a8c04255d3ab3fb7ae7758442af0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58dc807019108532e09f4d98d31b5911
SHA1 d5d04af9c563d98ce9f949506bf12c12c8eff900
SHA256 2debdc5856801cc0d2ae06f09c3778bfa309efd682db8e187177e6b646960dae
SHA512 58395d834e8ac0ea9724f68cbdfda9310473fdba56ef6525df4416b4ff7016b0f9921e5aa80974a64f2ea90afd842089c4ce44ab0fa3c403f5fcc23732426e80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 717580fd296f55e2d59267e97b0178c7
SHA1 8a8d64db3e5df16ad004cf893bf2b78db55077d6
SHA256 c81292cfe3f9f724eec54c22e5af00df3ecbf50f9a714e0f972c714a739d334f
SHA512 a8e3867b81b581549dc12521f26234932a502bfabcb5addc0ba770116689543a673edcc345b9b58a443e84fdbf76901a7edf0b30ba4a714ed33043970b14d0c5

Analysis: behavioral8

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win10v2004-20240226-en

Max time kernel

145s

Max time network

155s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1912 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa47b46f8,0x7fffa47b4708,0x7fffa47b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1eb86108cb8f5a956fdf48efbd5d06fe
SHA1 7b2b299f753798e4891df2d9cbf30f94b39ef924
SHA256 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512 e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

\??\pipe\LOCAL\crashpad_1912_VXFFVHYUNKSILNOB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f35bb0615bb9816f562b83304e456294
SHA1 1049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA256 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512 db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0432eaece6e400331810770ea0f8fb68
SHA1 e54a72a772a24c41ac9fda05e06c3754ca80afea
SHA256 fa8cfd1917ea8a5b310cd8d24ae6d4a38f829a1604f8343141fe609931d28ef1
SHA512 979f3930fd00e1e752866516c405360634a70675823403f0fe12eb40d1c3277ac17935bf3b7345c4b8b57d011ba8428c7cc73b888612f5a405e74fda349314d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 192126fc59786728b9f22afbe1f04b7b
SHA1 ec2174d16ac2c78b5fd6eb7fd414db7a5c8d821f
SHA256 f51237785bc87db80ab3beb02ec24e402f70facc355f5ca8e7ab762e5d291e84
SHA512 4c9cea4d0bf4c7db4cb446b7586fa40df463f93b5e80ee7b106adf49c820e8aac5e0506c140de0aa455c723ebdfe5ba7e6417ec7a241229dfe281438a7090b29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e03fe1ba1a7c26f1c1e4468a8d95568d
SHA1 40da821bed68769eb67ccb80bfe2abf6b07a1aae
SHA256 e0bf5747bfc6792573f897a4f0022030add35f25802b49a0aa43b938dfe8ee5c
SHA512 1cba5df662e8ba03831b5a08f6703984aa880e3eef86aae2472a51c6229776566575791e227e9185d8f22ef4d87a9ff5b9cda0a2a38a30f38eec5aa912c711ef

Analysis: behavioral22

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win7-20240221-en

Max time kernel

123s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20231129-en

Max time kernel

118s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

160s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20240221-en

Max time kernel

120s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 220

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

161s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20240221-en

Max time kernel

120s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2380 wrote to memory of 2008 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2380 wrote to memory of 2008 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2380 wrote to memory of 2008 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2380 -s 88

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win10v2004-20240226-en

Max time kernel

146s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win7-20240221-en

Max time kernel

122s

Max time network

133s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2492 wrote to memory of 1940 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2492 wrote to memory of 1940 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2492 wrote to memory of 1940 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2492 -s 92

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win7-20240221-en

Max time kernel

118s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20240221-en

Max time kernel

122s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:09

Platform

win10v2004-20240319-en

Max time kernel

139s

Max time network

154s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=744 --field-trial-handle=2256,i,16750283575152780128,2524258836761969159,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
GB 13.105.221.16:443 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 195.98.74.40.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20240220-en

Max time kernel

118s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

148s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1944 wrote to memory of 4476 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1944 wrote to memory of 4476 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1944 wrote to memory of 4476 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4476 -ip 4476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win7-20240220-en

Max time kernel

120s

Max time network

125s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2292 wrote to memory of 1228 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2292 wrote to memory of 1228 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2292 wrote to memory of 1228 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 2292 wrote to memory of 1228 N/A C:\Windows\system32\cmd.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 1228 wrote to memory of 1296 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1228 wrote to memory of 1296 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1228 wrote to memory of 1296 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1228 wrote to memory of 1296 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2292 wrote to memory of 3012 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
PID 2292 wrote to memory of 3012 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
PID 2292 wrote to memory of 3012 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1D12.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSCA52054C96B4A4A44A14A92861825FAF3.TMP"

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

screenCapture_1.3.2.exe

Network

N/A

Files

\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSCA52054C96B4A4A44A14A92861825FAF3.TMP

MD5 a6f2d21624678f54a2abed46e9f3ab17
SHA1 a2a6f07684c79719007d434cbd1cd2164565734a
SHA256 ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA512 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

C:\Users\Admin\AppData\Local\Temp\RES1D12.tmp

MD5 feb3210e3365380763e2addf877c8c55
SHA1 4324ec12171829bba6458f2b12ccd4cf66d23ec7
SHA256 6c146971cf4e631415c1b3bd067f967ebe6194f9a623212ad814128bee5a9ab4
SHA512 e28bd4ca6edf8e7afbcf6c9749bef07d284019df7c6e61f9c4ff4048e626ff3073dbb9770ec9e908494ad8bb076b1f08a788c2edc04fba1355db7bc4beee937d

C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

MD5 1a182ccbfff3be024d3f71f8c0bc2484
SHA1 b0a9e509fa0d7bbcaf07415841a6b4cdd68f982c
SHA256 c798a0a136c304741c6b0dd207dd44f92decd31743f3da7c68ddf2ad8e323b6b
SHA512 73ade6e9160dbf5562c1d156831c5440d402e945ef554d4c22fec8ba33e0cd8fac7b11c7f68d161da752c1255587e8b4cbcc6cf22b0f86af1b6946361371ba1c

memory/3012-8-0x0000000000380000-0x000000000038A000-memory.dmp

memory/3012-9-0x000007FEF5150000-0x000007FEF5B3C000-memory.dmp

memory/3012-10-0x000007FEF5150000-0x000007FEF5B3C000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-04-08 12:04

Reported

2024-04-08 12:08

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

157s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 146.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
IE 52.111.236.23:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A