Analysis Overview
SHA256
79ae38d3832ab7d48543039eff6078538465eb83d8fbb124db2e319295ab5e68
Threat Level: Known bad
The file Node-js.exe was found to be: Known bad.
Malicious Activity Summary
Epsilon Stealer
Reads user/profile data of web browsers
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Looks up external IP address via web service
Adds Run key to start application
Enumerates physical storage devices
Unsigned PE
Program crash
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates processes with tasklist
Modifies Internet Explorer settings
Detects videocard installed
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 12:05
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral19
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win10v2004-20231215-en
Max time kernel
91s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win10v2004-20240226-en
Max time kernel
121s
Max time network
155s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Epsilon Stealer
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsBootManager = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsBootManager.exe" | C:\Windows\system32\reg.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=gpu-process --field-trial-handle=1648,11268517857202682625,14060108786690470399,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,11268517857202682625,14060108786690470399,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --mojo-platform-channel-handle=2080 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
C:\Windows\System32\Wbem\WMIC.exe
wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
C:\Windows\system32\cmd.exe
cmd /c chcp 65001
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11mgm3d.g9cz.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-3gae49.9t45r.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES753F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC505355FEFCDB4D6AB2A43534D708270.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11mgm3d.g9cz.jpg"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES75CC.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC744C3DDCD4C544518E7AC87140573CE4.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15d7wam.zu2aj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15d7wam.zu2aj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c0yfe1.vx5n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c0yfe1.vx5n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ckz9a.7zc4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ckz9a.7zc4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-zpkorb.fxmo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-zpkorb.fxmo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1geqkqe.lnej.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1geqkqe.lnej.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jmx90q.nr5p.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jmx90q.nr5p.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13409v6.54ra.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13409v6.54ra.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ur7wba.bt3r.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ur7wba.bt3r.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ayp28c.d4u1k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ayp28c.d4u1k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-8eddbj.8h8u7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-8eddbj.8h8u7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fnkkco.udugi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fnkkco.udugi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15v46sm.41avl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15v46sm.41avl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-12oxt1s.g0fg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-52aez.5m6kc3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-12oxt1s.g0fg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-52aez.5m6kc3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1td0m2p.rwzvg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1td0m2p.rwzvg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15y4c8p.hiwh.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-h9kccm.1mn6j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15y4c8p.hiwh.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-h9kccm.1mn6j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wspw3i.t3pk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-twgn5x.3siir.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wspw3i.t3pk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-twgn5x.3siir.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-nns49f.vwhp.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-hb7ria.sydpa.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-hb7ria.sydpa.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-nns49f.vwhp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-krpxdw.y1xdl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-krpxdw.y1xdl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-vp8u8e.zxxyl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-vp8u8e.zxxyl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xbe83n.kobv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xbe83n.kobv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-12h6c5f.hgn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-12h6c5f.hgn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u1jhob.yo13.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u1jhob.yo13.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ey82.6bk31.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ey82.6bk31.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-w860cg.eo7pp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-w860cg.eo7pp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-jmjogk.rh6sc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-jmjogk.rh6sc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p4wtzy.m9cek.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p4wtzy.m9cek.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fqx9hd.ttnn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fqx9hd.ttnn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rg1uyt.zy3g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rg1uyt.zy3g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-qt8n7i.34yjj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-qt8n7i.34yjj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-14p4i7i.ats8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-14p4i7i.ats8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-sck1m1.a6t2l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-sck1m1.a6t2l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-dycvbi.lmsc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-dycvbi.lmsc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18cs97c.gkmi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18cs97c.gkmi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-668pko.d2vdw.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-668pko.d2vdw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-9swaxi.direq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-9swaxi.direq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-3asdq6.4hyec.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-3asdq6.4hyec.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e3f0vt.gstl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e3f0vt.gstl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19ngp4o.t47l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19ngp4o.t47l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1oc9xg3.yih4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1oc9xg3.yih4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-igkcxr.y1k9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-igkcxr.y1k9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cp68a1.w9s4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cp68a1.w9s4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-135ioqp.6pzn.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-135ioqp.6pzn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cajjfe.5gd3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cajjfe.5gd3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-a83ocw.kyeq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-a83ocw.kyeq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-188m6gc.b68tl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-188m6gc.b68tl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1dnisk3.qu7rk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1dnisk3.qu7rk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d9yrll.8epui.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d9yrll.8epui.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13gfggr.p116.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13gfggr.p116.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k4pdd8.r6t7k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k4pdd8.r6t7k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fhxmg8.9y6bk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fhxmg8.9y6bk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16n60uh.b4xcg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16n60uh.b4xcg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18q6fxb.ozze.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18q6fxb.ozze.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ly3wj.5btj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16ly3wj.5btj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tu43os.sgp9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tu43os.sgp9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-xkixw9.c3mxl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-xkixw9.c3mxl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-tcrpx5.w020t.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-tcrpx5.w020t.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gospy3.5e5vt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gospy3.5e5vt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1puoxef.1k3e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1puoxef.1k3e.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mugz8u.orvy.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mugz8u.orvy.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jf2jrv.jx4d.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jf2jrv.jx4d.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ioxw2q.wja8.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ioxw2q.wja8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ot4w7.dmk8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11ot4w7.dmk8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13kchp1.5g0y.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13kchp1.5g0y.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-caym2z.60lde.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-caym2z.60lde.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-doehpk.33mue.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-doehpk.33mue.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-isdigu.ao38n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-isdigu.ao38n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ii7ae9.mawif.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ii7ae9.mawif.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-10isx6u.a6g6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-10isx6u.a6g6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nn6be8.t243.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nn6be8.t243.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-m6a7ue.hhv6b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-m6a7ue.hhv6b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ts3nxh.kx3n8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ts3nxh.kx3n8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fkl6pn.rgsn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fkl6pn.rgsn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-6asebt.hmn23.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-6asebt.hmn23.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f8whtc.owkz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f8whtc.owkz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-mbuk1p.zqyke.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-mbuk1p.zqyke.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-x7yx4v.vi9e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-x7yx4v.vi9e.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t96niy.uv5x.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t96niy.uv5x.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13rwf8o.lziz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13rwf8o.lziz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2dtpz.eoso.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2dtpz.eoso.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fb9gcv.c703b.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fb9gcv.c703b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-68vfpa.w57cb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-68vfpa.w57cb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cyn31g.jjspk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cyn31g.jjspk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fpvwhp.n7n9i.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fpvwhp.n7n9i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-skaehp.924cp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-skaehp.924cp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xqwhk.p5pu.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xqwhk.p5pu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1msl9nm.7tzb.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1msl9nm.7tzb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1b93k55.b0cr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1b93k55.b0cr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qpsju9.l5xe.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qpsju9.l5xe.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-scnvi5.edrk.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-scnvi5.edrk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-10s7hfm.ewil.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-10s7hfm.ewil.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d6q4rs.y9b2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d6q4rs.y9b2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fuwobj.dsw8.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1fuwobj.dsw8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qlhsyd.g71g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qlhsyd.g71g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18b6vey.m32v.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18b6vey.m32v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-qlxmpw.m3q8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-qlxmpw.m3q8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m5opic.m4xv.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m5opic.m4xv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-m35p50.t2v68.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-m35p50.t2v68.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c8u5bc.r67a.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1c8u5bc.r67a.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-bf55ef.ngazr.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-bf55ef.ngazr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-bp0j1a.v2omf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-bp0j1a.v2omf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sjjsuw.4sjjf.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sjjsuw.4sjjf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-hnjjej.6rh6b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-hnjjej.6rh6b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jqge9s.rdzc.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1jqge9s.rdzc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ex9f2e.f7ov.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ex9f2e.f7ov.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-l9kov.fk863l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-l9kov.fk863l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ppvtg4.6r0i.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ppvtg4.6r0i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yn82me.loig.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yn82me.loig.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ohdl9v.6n7j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ohdl9v.6n7j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11t4ehr.a23q.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11t4ehr.a23q.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p6i4v0.i23v.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p6i4v0.i23v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xf8x0.h1ex.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19xf8x0.h1ex.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-k06pgk.radg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-k06pgk.radg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-y62cdq.gsl9c.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-y62cdq.gsl9c.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-85df19.ro86m.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-85df19.ro86m.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-wqqwpt.y9rh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-wqqwpt.y9rh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-btp3t0.isdaa.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-btp3t0.isdaa.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1leucyt.xg2o.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1leucyt.xg2o.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ocplk8.dxun.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ocplk8.dxun.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-86awi1.p30j6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-86awi1.p30j6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1swq8uf.pzjv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1swq8uf.pzjv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p2d26q.3l14.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1p2d26q.3l14.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-iitlnz.grigl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-iitlnz.grigl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19i7dyu.o0sz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19i7dyu.o0sz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-17s92if.3rv1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-17s92if.3rv1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1kgi1uu.f82vk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1kgi1uu.f82vk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wgid6p.3vqp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wgid6p.3vqp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-scz54o.xfsr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-scz54o.xfsr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gli3q3.7wae.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gli3q3.7wae.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-wsis7w.2t6k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-wsis7w.2t6k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18kft1z.8udwl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18kft1z.8udwl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-158ri4l.cd1g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-158ri4l.cd1g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16du1qy.jjyy.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16du1qy.jjyy.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xz34rl.nvx3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xz34rl.nvx3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-i1cfgs.w4hpo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-i1cfgs.w4hpo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-5zrdci.bzil6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-5zrdci.bzil6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sm1t2x.jjuo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1sm1t2x.jjuo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-z3houf.gddg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-z3houf.gddg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1aknqlf.y3pi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1aknqlf.y3pi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1743pmu.jmqj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1743pmu.jmqj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cl91k8.b1bdk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cl91k8.b1bdk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-4xhs98.g33na.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-4xhs98.g33na.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-13ghy02.uyh6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-13ghy02.uyh6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2yhc2.hmax.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h2yhc2.hmax.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1skvqgk.gcmu.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1skvqgk.gcmu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-k5jqkf.cl3n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-k5jqkf.cl3n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-7nzzi0.itgj2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-7nzzi0.itgj2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16sk3o3.fv6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16sk3o3.fv6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18ye3bc.8lru.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18ye3bc.8lru.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bjqv53.reza.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bjqv53.reza.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-147i4ok.e6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-147i4ok.e6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-y9bb7m.mec6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-y9bb7m.mec6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n8gqrv.hhlc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n8gqrv.hhlc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-l8y4at.l1gz8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-l8y4at.l1gz8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u9bpin.aj7b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1u9bpin.aj7b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d2z50m.h0dz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d2z50m.h0dz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-jqu6gj.0rwv7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-jqu6gj.0rwv7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-9sh4mi.1rddg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-9sh4mi.1rddg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-bopeal.zbono.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-bopeal.zbono.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-s3ime1.5jpb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-s3ime1.5jpb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mgma7w.tkcc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mgma7w.tkcc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cn2m9e.g47p.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1cn2m9e.g47p.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-jydrhx.6arqo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-jydrhx.6arqo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-mg62r5.lq7o.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-mg62r5.lq7o.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-19sxnj9.6k1bf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-19sxnj9.6k1bf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xwx0rh.1lp5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1xwx0rh.1lp5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d36evx.21vl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1d36evx.21vl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-b64zif.mwz3i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-b64zif.mwz3i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t6mi1x.jlev.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t6mi1x.jlev.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1txfl9b.ee8i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1txfl9b.ee8i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wsw78.54zk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1wsw78.54zk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1lmjmm.gsnsn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1lmjmm.gsnsn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-saddqm.nr11.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-saddqm.nr11.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yvzj9b.lakv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1yvzj9b.lakv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n214t9.p0knl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1n214t9.p0knl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-12d4kec.veso.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-12d4kec.veso.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-o8hus4.kuuud.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-o8hus4.kuuud.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-r90ltr.cbv6f.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-r90ltr.cbv6f.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e9zr41.po0jh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e9zr41.po0jh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-q8oto.9qr6b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-q8oto.9qr6b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rd7t7s.x63v.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1rd7t7s.x63v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-dq7ank.ftg8e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-dq7ank.ftg8e.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1saoqjq.9n93.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1saoqjq.9n93.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1g89iae.ziuf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1g89iae.ziuf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-sdl4e4.ijntj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-sdl4e4.ijntj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-zmx2ut.5sk6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-zmx2ut.5sk6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-14y8pgs.hmo9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-14y8pgs.hmo9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-v8ex1j.tnlr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-v8ex1j.tnlr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-rmlypu.5mltr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-rmlypu.5mltr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ibujs3.3ifxm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ibujs3.3ifxm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gaq3w7.97vqq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gaq3w7.97vqq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gohp57.v9qtj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1gohp57.v9qtj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vpt4vb.uxs2g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vpt4vb.uxs2g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-tbqr0h.rse9i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-tbqr0h.rse9i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qps6ww.fibm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qps6ww.fibm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k3rkas.3pim.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1k3rkas.3pim.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-16qj61x.gc0bi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-16qj61x.gc0bi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bihmuv.4ba6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1bihmuv.4ba6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e948w9.avu3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1e948w9.avu3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-sz7mjx.mje2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-sz7mjx.mje2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-w1l6xp.4nma.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-w1l6xp.4nma.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f2yb7r.6gxi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1f2yb7r.6gxi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1uve92t.snpw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1uve92t.snpw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-pxpb8p.rdo5l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-pxpb8p.rdo5l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1im0bma.broy.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1im0bma.broy.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gan3uv.50hf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gan3uv.50hf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-gl3c7g.d7u95.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-gl3c7g.d7u95.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t4rj6g.ijd7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1t4rj6g.ijd7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-17wy0tb.hlrs.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-17wy0tb.hlrs.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-4fj3ef.05gb6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-4fj3ef.05gb6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nqpw26.uuik.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1nqpw26.uuik.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-egbcuy.hugb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-egbcuy.hugb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w6q69a.xr16.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w6q69a.xr16.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vljwx1.2r67.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1vljwx1.2r67.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1hd6w7h.kgh0j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1hd6w7h.kgh0j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-78k66s.rrs5f.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-78k66s.rrs5f.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ak23hd.lgfeo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ak23hd.lgfeo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-kfjhpa.1yrl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-kfjhpa.1yrl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-t0bp5b.a1rb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-t0bp5b.a1rb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-rwzzik.ebmw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-rwzzik.ebmw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1018gm4.mb6g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1018gm4.mb6g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-pnbt6b.cf96k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-pnbt6b.cf96k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-11m7rg5.9lww.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-11m7rg5.9lww.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m9n28k.z1wp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1m9n28k.z1wp.jpg"
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=gpu-process --field-trial-handle=1648,11268517857202682625,14060108786690470399,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADoAAAIAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qq3l2o.10fm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qq3l2o.10fm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ye7lw8.sw6gh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ye7lw8.sw6gh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1j6335r.eljc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1j6335r.eljc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h1pslh.3jj6f.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1h1pslh.3jj6f.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1s9i7ul.ssd0h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1s9i7ul.ssd0h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-7abjpi.vx9di.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-7abjpi.vx9di.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tn86xv.kha7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1tn86xv.kha7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-15l14nb.35ee.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-15l14nb.35ee.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18g8khf.ze03.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18g8khf.ze03.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-aix2ch.173b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-aix2ch.173b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-160t8h2.bi5cl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-160t8h2.bi5cl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-dej18m.n2nte.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-dej18m.n2nte.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1op54vw.zvqml.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1op54vw.zvqml.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-ushp1l.x0pv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-ushp1l.x0pv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mho4b2.x5m1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1mho4b2.x5m1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-8r0954.hkrc4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-8r0954.hkrc4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1o4acz0.u8ec.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1o4acz0.u8ec.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-e0504r.qfh7m.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-e0504r.qfh7m.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-90d40m.cv6pv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-90d40m.cv6pv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1pp8m8p.qkj5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1pp8m8p.qkj5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-p9p00b.ew09.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-p9p00b.ew09.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-fys60q.jxknb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-fys60q.jxknb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w33ods.yei9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1w33ods.yei9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1458v5l.ov4z.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1458v5l.ov4z.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-18x3155.fiq5i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-18x3155.fiq5i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-8st5cu.rykaj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-8st5cu.rykaj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1r5lnss.m682.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1r5lnss.m682.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1y2olqa.b3c3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1y2olqa.b3c3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-10zvdx1.jpmn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-10zvdx1.jpmn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-r48ugh.t7bw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-r48ugh.t7bw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-luxfmd.9lac.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-luxfmd.9lac.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qcv4bk.ko5s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1qcv4bk.ko5s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-td1w28.ar1xs.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-td1w28.ar1xs.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-vy248l.lixgr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-vy248l.lixgr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-5rzyfx.9yagj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-5rzyfx.9yagj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-v9jk8f.qhw7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-v9jk8f.qhw7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ha51zd.yp59.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-1ha51zd.yp59.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-190tn3a.tu08.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-190tn3a.tu08.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2932-xzzfhu.lrr1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2932-xzzfhu.lrr1.jpg"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | whoevenareyou.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 119.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 188.114.96.2:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\chrome_100_percent.pak
| MD5 | 0fd0a948532d8c353c7227ae69ed7800 |
| SHA1 | c6679bfb70a212b6bc570cbdf3685946f8f9464c |
| SHA256 | 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf |
| SHA512 | 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\chrome_200_percent.pak
| MD5 | 1014a2ee8ee705c5a1a56cda9a8e72ee |
| SHA1 | 5492561fb293955f30e95a5f3413a14bca512c30 |
| SHA256 | ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57 |
| SHA512 | ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\ffmpeg.dll
| MD5 | 7dc7b2fb25544a613deaa08b05805d75 |
| SHA1 | 2cb49bd3427534dbfe00c8929317346c2232a024 |
| SHA256 | 11c431e680b512e215ea11b64489c865c29aef4c116afae99941712015260d07 |
| SHA512 | 21c7bcf25a97012c23a58fbe896c5396e889cefd3370735d0d26d0e71eb7bde4b794ccfc56c75bbcf423e1380e3dc5943ac966ae96a57b98860bbbadc8b72996 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\LICENSES.chromium.html
| MD5 | 27206d29e7a2d80ee16f7f02ee89fb0f |
| SHA1 | 3cf857751158907166f87ed03f74b40621e883ef |
| SHA256 | 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab |
| SHA512 | 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\libGLESv2.dll
| MD5 | 368a951df457bbe926e384e452e2c42b |
| SHA1 | 3e8f89c4ccbc406824502f6cc0966e74ca8808a2 |
| SHA256 | 47514cc1d5e169ac196113e795040d5d4f32bc382a1b05b0c9e429c428c7c3df |
| SHA512 | 799bf188e4128ed0e7291183a0070b71601dcc65a393f40f3e25d7c72f637cc820bd06affa1d109e056ef9c2cf20ab218af13da194dd1d183983bf9878df79fd |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\libEGL.dll
| MD5 | 221921bf5e21a84382fe89d21b744356 |
| SHA1 | 1b72a53fd663e73c3950d8b1c6140db3cdb6f78a |
| SHA256 | 175cd7579b98522229ff530789f351c5e052bc28691e75da2b696bea926100a4 |
| SHA512 | 05d8b1b6c87a95be3c2f42268cc1dcb44db3595d86d45be31211486ee9355f05846d5d4964cd426de6772636348a0a1dd33716a2b2731ca02c451f3bf72fdbfd |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\icudtl.dat
| MD5 | 224ba45e00bbbb237b34f0facbb550bf |
| SHA1 | 1b0f81da88149d9c610a8edf55f8f12a87ca67de |
| SHA256 | 8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc |
| SHA512 | c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\Node-js.exe
| MD5 | 06295a324f405a3c7082f1fbadc35f1e |
| SHA1 | 513108b3aeb2ad8491c6dd1ad74d4711bc85b2f8 |
| SHA256 | 80770adbb4d1c5d6736eb80e2aa0246965a76ea99517f0e1a77c16d0f0fc4957 |
| SHA512 | 41205e55908be61c0bd81fe904710b88dfb1e37d06b1c48d5b66b16f4c52ce2101991f158da3fa228e9b5511cc30563fdf6329c75a4c49554ce294c5ca0d48c7 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources.pak
| MD5 | f616d69f6e582582930d06c5c18f0f70 |
| SHA1 | fde8e2653f2a5317492105bcabeb3565faaf74de |
| SHA256 | bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855 |
| SHA512 | 492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 89f5b9dc2c1eccfce7c3681b8066125f |
| SHA1 | 273175d93ae554da7f63a6475426a6515d0c8cd1 |
| SHA256 | 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91 |
| SHA512 | 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\snapshot_blob.bin
| MD5 | dbe18c25f68d40444ea576a68e78a12e |
| SHA1 | 44453e3fa8400cbe6bb674adaaad4ea09dab0e14 |
| SHA256 | c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c |
| SHA512 | 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\vk_swiftshader.dll
| MD5 | 679bbc7de5f8fccc8f68d1fc5d5d3156 |
| SHA1 | 5dbe2043d1108f273c7f84d31183c01cb3e12624 |
| SHA256 | 5ab2d9f61fc256b398b80a6223aa187041525b0891c36a9fe64bdc6e37c0bc55 |
| SHA512 | 12b8d60d5debfc5c7281eb2a3b296d13c8a0254286f81321640dbc526ab00435a719691e755df5706b00a79d06f825b19968ba699ac72031a69dfabbdc95ff63 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\vulkan-1.dll
| MD5 | 16cd9deb27a902f758d72f5fe3bfa94a |
| SHA1 | b5209cf5493b1c7f93ee4cafea5586ae7ca3aa93 |
| SHA256 | a2c6fc4251700f4e5129d5363df8c69a43dff6d46dad61d76b9e75209eeab11a |
| SHA512 | 82a31cb2a93bd1fe317ef7a7d15b61ad02dfd636629f1e156e6b0ae81218218a1184d83512f0b549b1baae32c7845b7265b5b69094bb12c90cd2bb61a1a34570 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\cs.pak
| MD5 | 6310a8e1c7e8ca3a1611d78b4d67845b |
| SHA1 | fa8cff4ec0b1cf3aca65e6745d9f31154dc48115 |
| SHA256 | 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e |
| SHA512 | 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ca.pak
| MD5 | 5c5c2e574c8d51a61d9e58547d89b0df |
| SHA1 | 268d6a348c22616432191ae55bb8c34e039feac7 |
| SHA256 | 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73 |
| SHA512 | e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fa.pak
| MD5 | 00bc7a02631c7de396537ee08deeec7c |
| SHA1 | 063c897b59cd70955cee3ca27d8743a0989f0a86 |
| SHA256 | 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec |
| SHA512 | cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\et.pak
| MD5 | 7c8be63adae41cfa46a1a614de18e842 |
| SHA1 | eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4 |
| SHA256 | 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be |
| SHA512 | 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\es.pak
| MD5 | 2c8b6b9b30b62618c65237943c030e6a |
| SHA1 | 887717930c8d070f0ba965c8a215478653d3845f |
| SHA256 | 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4 |
| SHA512 | b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\lt.pak
| MD5 | 6e6993270327064cad2ff0784f20585a |
| SHA1 | 924a2ce4fffee99f29cbee875cd5abab2e814888 |
| SHA256 | 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434 |
| SHA512 | f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ko.pak
| MD5 | 95239fdef6e852df2d2e9d52dd99b622 |
| SHA1 | 360be5e62ac4573ee1a6bfa7effbe245c039862d |
| SHA256 | f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae |
| SHA512 | 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\kn.pak
| MD5 | acab21f3fafc58f1f42016f33d032158 |
| SHA1 | 682f11e3c282724093179c85a7df7d0992495cd4 |
| SHA256 | 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f |
| SHA512 | d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ja.pak
| MD5 | f8dcd5f1433d83464b44265449de812c |
| SHA1 | 47763205f105e19cadafdeb1cdec6f45001f2c58 |
| SHA256 | f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b |
| SHA512 | 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\it.pak
| MD5 | 812115ccf85cb84b2ea167a16e16587b |
| SHA1 | 317e50a1c4c7d8c46554822b43a81a0d8237dfd6 |
| SHA256 | 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37 |
| SHA512 | 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\id.pak
| MD5 | d0517c1bf9a89e06ed2b510b9408e578 |
| SHA1 | 71494250010ed09b55f3879488d4566808a8398b |
| SHA256 | 19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3 |
| SHA512 | 20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\hu.pak
| MD5 | 14d81146ec6e0ddf4b14fa7b2df372c3 |
| SHA1 | 9c77f0f0c959f2cb21e283b352176596a77992fd |
| SHA256 | 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568 |
| SHA512 | 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\hr.pak
| MD5 | 7bee03725ba9ace3cb2aaf64cf0c26a2 |
| SHA1 | 076f0ce744bad1cf242325d5b2378b501e069d38 |
| SHA256 | e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941 |
| SHA512 | 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\hi.pak
| MD5 | 361f04e0a4176ac478b7b7674779388c |
| SHA1 | 68b4e7a9a31e0f9450c856d073b8d03613ae9816 |
| SHA256 | 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c |
| SHA512 | 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\he.pak
| MD5 | 70de839caf5f0caeccc5a2b7dd438583 |
| SHA1 | aa4b932b2313bca859568d62e8c12f9249d7bb81 |
| SHA256 | 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479 |
| SHA512 | 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\gu.pak
| MD5 | 2e015f0ad58e22b8eaf60e4d727aa3a0 |
| SHA1 | dba0b894f32ad6507ea6a41917c0631f06f2c03e |
| SHA256 | 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c |
| SHA512 | 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fr.pak
| MD5 | 9442fbfc2b150479f4836706313e42c2 |
| SHA1 | 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f |
| SHA256 | 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87 |
| SHA512 | 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fil.pak
| MD5 | 919d0bae6d964906176cec8530c019ba |
| SHA1 | ab41e78a91314608ffa0cec927b4e001b3833e4a |
| SHA256 | 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa |
| SHA512 | 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\fi.pak
| MD5 | 4215d02d92e1be2e182197a0bb87ef29 |
| SHA1 | 005cc2d1ed5039fc34fc14270344ebc938760554 |
| SHA256 | 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb |
| SHA512 | b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\es-419.pak
| MD5 | 7b45d7be08eed5dfee3d12f0b7e6111d |
| SHA1 | e14d2e0861d42bc31ea778237f77fd71c5dd32c8 |
| SHA256 | 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c |
| SHA512 | dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\en-US.pak
| MD5 | 214e2b52108bbde227209a00664d30a5 |
| SHA1 | e2ac97090a3935c8aa7aa466e87b67216284b150 |
| SHA256 | 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab |
| SHA512 | 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\en-GB.pak
| MD5 | dabd9d0434e128d6ae3feec3b2c2801e |
| SHA1 | d7a25ac86c15f5d4a3b3d4b713a5302c5b385498 |
| SHA256 | dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835 |
| SHA512 | 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\el.pak
| MD5 | 9d654962e91275c7538dabdb450a2f03 |
| SHA1 | 3121a84f1035d7b44e4597ebe4857137b7172da6 |
| SHA256 | 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27 |
| SHA512 | 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\de.pak
| MD5 | b48f5b846d1b32f8426255e8a03b4d20 |
| SHA1 | 77272097e67ba495d73e3d82e3100237a1664fcc |
| SHA256 | 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745 |
| SHA512 | 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\da.pak
| MD5 | 42628b87e74b0a3a7cbce510f2ef674f |
| SHA1 | c9fc502eac895690f4bd0bd3cd47b72819bfc342 |
| SHA256 | 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5 |
| SHA512 | ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\bn.pak
| MD5 | 5670d1c74a07e5e9bb3853307ea2cfd7 |
| SHA1 | 7cd7568d2bd4c64b8685bf17e3289afe923468b2 |
| SHA256 | 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a |
| SHA512 | 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\bg.pak
| MD5 | 7005e72419774fc1d78ba0718fca1b47 |
| SHA1 | bedcb1e0897a1a47a878bb820735d8e373a4b4f1 |
| SHA256 | 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d |
| SHA512 | 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ar.pak
| MD5 | 5209516dee9d9ce64854b70da199108c |
| SHA1 | 5797e37da5909e47e03d323abf884b573adf0840 |
| SHA256 | 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246 |
| SHA512 | 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\am.pak
| MD5 | 985be89267e0d559bffd4b66380e5e53 |
| SHA1 | fa33e9bbfff5a89dcc26f52634561e27c1cf0e05 |
| SHA256 | bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b |
| SHA512 | 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\lv.pak
| MD5 | e21a8a96d9f17e1f9e3ede2cb66eea9b |
| SHA1 | e3f456b5d238ce2095e7a51a4250fe26c361bfdc |
| SHA256 | 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090 |
| SHA512 | f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\mr.pak
| MD5 | abcc39abc488cdbf73e44f53d74b15af |
| SHA1 | 982f12328342eddbacfbe45be577d839568c96e0 |
| SHA256 | 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54 |
| SHA512 | 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ml.pak
| MD5 | 7dabd95b96d90662432026c0a9ae1c22 |
| SHA1 | 49eb49428d642bd906aed9b0b69870a843326efd |
| SHA256 | 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5 |
| SHA512 | 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ms.pak
| MD5 | 53e8b7262db4c5b04ba5b39c07eddb32 |
| SHA1 | 9cb8946966547630cee42de04eb8604e6bb5af86 |
| SHA256 | 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a |
| SHA512 | c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\nb.pak
| MD5 | bc1983b1c86badb361fe07031a93fa48 |
| SHA1 | 5bd14d7d7a335dd6457377fc0eaed07a56c369e6 |
| SHA256 | 229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d |
| SHA512 | fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\nl.pak
| MD5 | f1210067dc72e8c82444b2ad9a3f7897 |
| SHA1 | 3cf8c6fcb93a5f79fe6190aa0551d673887125da |
| SHA256 | d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9 |
| SHA512 | 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\pl.pak
| MD5 | 31200d5726b3d1cfbe9ac3bc7138a389 |
| SHA1 | e82f0300046e7cc9ffa13223c11cbb94d62c0dc6 |
| SHA256 | 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3 |
| SHA512 | 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\pt-BR.pak
| MD5 | 7f150a17a11d43e395f571dd23951d88 |
| SHA1 | f8b8d6f89f63d92f04156f2b44b36b6045fd3723 |
| SHA256 | 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9 |
| SHA512 | de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\pt-PT.pak
| MD5 | 553594ab0e163c6375ebe75524095dec |
| SHA1 | 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5 |
| SHA256 | bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df |
| SHA512 | 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sk.pak
| MD5 | 9ce4e3abe9d948f6a89759d0ab188dba |
| SHA1 | 447e5c8803d0284c69ffb990ac0060adf93f4d25 |
| SHA256 | 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2 |
| SHA512 | 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ru.pak
| MD5 | 12836eeb93367830b3b88b404449a3e7 |
| SHA1 | 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c |
| SHA256 | f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf |
| SHA512 | 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ro.pak
| MD5 | 06a36fa95702b38e749568037634828e |
| SHA1 | 9c584a9b7a0446fbc44bf5fecab71ab1312a592f |
| SHA256 | 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b |
| SHA512 | 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sl.pak
| MD5 | 7a75fa0fd3ddd471cdf9b15d3b3860ca |
| SHA1 | f07e3e136768501e69e76529011003bd45fcc0a4 |
| SHA256 | d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959 |
| SHA512 | e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sr.pak
| MD5 | b2555a29076995ccf01580f0f1b2f766 |
| SHA1 | 284ed665f078620afdd6c7d074a6f9e26dbef1dd |
| SHA256 | 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0 |
| SHA512 | a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sw.pak
| MD5 | 0dad65bd01e92ec4001c8377a3f6900a |
| SHA1 | 91353a816b6b1d0aa5bf5342b8f2bd430da57286 |
| SHA256 | 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892 |
| SHA512 | 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\sv.pak
| MD5 | 03154d7a3c69ec91714c799b86267a1d |
| SHA1 | 8671e9672002c58581488416f2320005140adedf |
| SHA256 | 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b |
| SHA512 | 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\ta.pak
| MD5 | 7503d3994d48911a38370095f5c83ec8 |
| SHA1 | a98917d5de0cc237d226ad64792fc9840bec0a0a |
| SHA256 | 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33 |
| SHA512 | d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\te.pak
| MD5 | b5e9289d02b4963d292bbb4210e9ab5d |
| SHA1 | 48382ab36b77cbec280833f587450270b5080a85 |
| SHA256 | 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9 |
| SHA512 | eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\th.pak
| MD5 | 687a80e1cb637003c3e5f05d3f4b89b4 |
| SHA1 | 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6 |
| SHA256 | daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654 |
| SHA512 | 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\vi.pak
| MD5 | a01c81f3bd56d52c205ce6742dfe52c7 |
| SHA1 | 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25 |
| SHA256 | 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f |
| SHA512 | e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\uk.pak
| MD5 | 6f2f1b073ccef426c7eb49362123f2d0 |
| SHA1 | 048921ad0cba17256e9838257d9f47969cdf6172 |
| SHA256 | 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f |
| SHA512 | cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\tr.pak
| MD5 | a38eea92c514716b8ab019ab792bf541 |
| SHA1 | cae203c3ed63807d4f2d89333540556b5e92e161 |
| SHA256 | 54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd |
| SHA512 | 835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\zh-CN.pak
| MD5 | 376ef5a6f076a9757f58d7b10526eb73 |
| SHA1 | 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e |
| SHA256 | f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6 |
| SHA512 | e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\locales\zh-TW.pak
| MD5 | 3d230011248333ed6cee72f667c8df45 |
| SHA1 | 4114f307a31516bb6309fa9fc2572722b8d93d24 |
| SHA256 | b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1 |
| SHA512 | 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar
| MD5 | f6c6ad773f93816165c624116e9d3419 |
| SHA1 | c360da20299d5c3cc048b7779e7649ac4aa5326f |
| SHA256 | a6424c4b281f19eb973d47083ad641ef45b534daea729215c8dbf5f89faa8d89 |
| SHA512 | 01667b291a6bc1dd735efaf03ab0b0a6b0f00a698e15be905a0101620e8cdaf77d5afbf69b5c11baf5ba4d39b476ec5417ed35b815284f0fa8f198b890fb5b89 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest
| MD5 | 8951565428aa6644f1505edb592ab38f |
| SHA1 | 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2 |
| SHA256 | 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83 |
| SHA512 | 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
| MD5 | d226502c9bf2ae0a7f029bd7930be88e |
| SHA1 | 6be773fb30c7693b338f7c911b253e4f430c2f9b |
| SHA256 | 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f |
| SHA512 | 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat
| MD5 | da0f40d84d72ae3e9324ad9a040a2e58 |
| SHA1 | 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f |
| SHA256 | 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b |
| SHA512 | 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | e7dd19ed46c7a21d0101d1a5cc0fe39b |
| SHA1 | 89a51cd7d4c7a6f3dca571b24bce726568292ea1 |
| SHA256 | d8d1b787de2e2dae70ebb21dadf734dd11ceac03f9a873c911f4b2e2477b745c |
| SHA512 | 921f276efa055eb4136572e889e7741bd3fd776065f70495d6ede7d1cdf0cc933c67f9eec82bd5a5d30f77ec8bfce83f46d00e65ba1488ff95ee38004567105c |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | f6fc51755690e7ae2380d7606c0303bf |
| SHA1 | aa98430be7f0591b054b52db556d032c5e8dae3b |
| SHA256 | 7747ba44a1caa758106d3a2a67438933cca7e7ede2d564c2fa7be2b11b206506 |
| SHA512 | 7974b4f1c64d512d0769e8d991b30a28697d561dd0e20927835059459a6f14d3ee5b04a7454e744481f10b1281a5b6b3091adb3212b59527528a35e05c57fa78 |
C:\Users\Admin\AppData\Local\Temp\nsf3BA2.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\78199c5c-5a15-4a3b-9c67-c74c5d6f2539.tmp.node
| MD5 | 8982448cb4f28b82876befe6e8af25d1 |
| SHA1 | 4d3b2fb5b42fc27c1ac9363003abc16ada188581 |
| SHA256 | 78734316565f73b735bc3acb4c8bc6b41fe886ca20ee81e620dbea1e23e1fb38 |
| SHA512 | 3edef33d5cd40f3432aeae603e725f0aacd6e7e387cc6723eac8d3030c3c78e43539a5e6e63c75a4acfd24e9c9fc8913d204ba6523be01ca31cca9a181a49a4b |
memory/1472-568-0x00007FF9E3FD0000-0x00007FF9E3FD1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fab691c6-b8f9-471f-b9a9-8d4ee0da5607.tmp.node
| MD5 | 30af610789f7032760077d9c1197d0f3 |
| SHA1 | b57027046f9c7b3d4cda0aef5c8baa334b6fc339 |
| SHA256 | 64d0ead558c2ad1676574a0603111bf683286ea151daa2733c64739764de4722 |
| SHA512 | 457dfb6de5b0ea065a8736447c3d63eb70161dffb1a4b5e2e0f9cdc579c5422cf305ffa48f90a847c5d98cf7888cb7022494c4e280ba7fe49c1e3035a81ca0a4 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt
| MD5 | dec2be4f1ec3592cea668aa279e7cc9b |
| SHA1 | 327cf8ab0c895e10674e00ea7f437784bb11d718 |
| SHA256 | 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc |
| SHA512 | 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt
| MD5 | 810ae82f863a5ffae14d3b3944252a4e |
| SHA1 | 5393e27113753191436b14f0cafa8acabcfe6b2a |
| SHA256 | 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c |
| SHA512 | 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112 |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC505355FEFCDB4D6AB2A43534D708270.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
C:\Users\Admin\AppData\Local\Temp\RES753F.tmp
| MD5 | edba54bccba7cab28cabe04b5778c5af |
| SHA1 | 3227e37d93b8b4e49bee2d88db6c78129f1b6d51 |
| SHA256 | fbefed34f207224e7bd701b01479fcefb84a14802a45484c50fb31927df40ace |
| SHA512 | 4fed08396fbd37f04b991937bcc76cbb8a42f37b8755efdf17a39c6e709b684b742e45bde65173466da609d3ead30b1f6ff3fd41b076ca0cc1a5ca24bad5206a |
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
| MD5 | 3f7beb165cfd632bbf67257850340b95 |
| SHA1 | 16bb38f80886327e4cb594a3457e55a270a407a5 |
| SHA256 | 47faed1e273b06078dbf48c95d97276f73147e9353f17f4e248cda81c8527dfc |
| SHA512 | 98d516bd25bc7c613770a4de73434e4b82eb3cbe27370f3da92d30cab4982075943eb2dcff43575ff0c23c3c4997f7b7407474345cee21b768382090c96b765c |
memory/3120-660-0x0000000000A90000-0x0000000000A9A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RES75CC.tmp
| MD5 | 83bc4086608a2242aa664ec383810902 |
| SHA1 | 972eebf0284c5ce8a02a45a14d80cfb1708a382b |
| SHA256 | 6a6ba0c5403172677646673382001db3eeb3dee258d5e54138ce76a8723d48db |
| SHA512 | 7e0ed5293c24786fb1c9ac8b96068a3143a71b15f36c1aaed056242479dfc7dc5006ba669fb70f67f7e76d219934a81b9487caeccae162ee6b11c726bf9cd10f |
memory/3120-666-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\202438-2932-11mgm3d.g9cz.jpg
| MD5 | 49b2e129e5dcb0f589c703e186fdc579 |
| SHA1 | 56dbe4783e34243b57813358cdd4018af190d911 |
| SHA256 | 997769368730f7ffc2f54e12cebf2efcbbb4d7c5c41df62a40634323aba2ab4a |
| SHA512 | 8a55b55b7f3b2170bb8ea3b76af60961e4e8ce94ebd946f64d4dd8fcc53750b18be86ba9b522a27801532a35dfa9bd8274ac2e5e7940f3c2091ae640db387914 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log
| MD5 | f3ac7a0e31b9af1b495241eff29915ad |
| SHA1 | 286fe23eba741cd3fca3f3e9a919021946655392 |
| SHA256 | f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a |
| SHA512 | b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210 |
memory/3700-675-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/888-680-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3700-679-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/888-685-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2616-693-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2620-696-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3860-701-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4572-710-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4572-707-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2228-716-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3668-724-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2684-729-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3120-732-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2452-737-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/1472-741-0x000002B512010000-0x000002B5120BD000-memory.dmp
memory/4844-749-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3508-750-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2616-754-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/1344-759-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/996-760-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2620-761-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4572-762-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3860-763-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4572-768-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4300-775-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4368-774-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2228-781-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4740-782-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3668-783-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2684-780-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4740-787-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4676-790-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3536-795-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4676-797-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2452-798-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/1228-799-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/1228-803-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4844-805-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3728-809-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4692-812-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/1344-816-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2336-817-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3668-822-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3668-821-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/768-824-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/768-827-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4368-829-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2340-833-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3228-835-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2452-839-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/2452-842-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3536-846-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4316-847-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4552-849-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4552-852-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3728-854-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/1356-858-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/1796-862-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4692-859-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/4156-867-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3668-868-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/1544-869-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/1544-872-0x00007FF9C3CE0000-0x00007FF9C47A1000-memory.dmp
memory/3020-1796-0x0000023360DF0000-0x0000023360DF1000-memory.dmp
memory/3020-1798-0x0000023360DF0000-0x0000023360DF1000-memory.dmp
memory/3020-1797-0x0000023360DF0000-0x0000023360DF1000-memory.dmp
memory/3020-1803-0x0000023360DF0000-0x0000023360DF1000-memory.dmp
memory/3020-1802-0x0000023360DF0000-0x0000023360DF1000-memory.dmp
memory/3020-1805-0x0000023360DF0000-0x0000023360DF1000-memory.dmp
memory/3020-1804-0x0000023360DF0000-0x0000023360DF1000-memory.dmp
memory/3020-1807-0x0000023360DF0000-0x0000023360DF1000-memory.dmp
memory/3020-1806-0x0000023360DF0000-0x0000023360DF1000-memory.dmp
memory/3020-1808-0x0000023360DF0000-0x0000023360DF1000-memory.dmp
Analysis: behavioral12
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win7-20240319-en
Max time kernel
122s
Max time network
134s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
162s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3936 --field-trial-handle=2232,i,11267738607351977302,107266978269557304,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| DE | 216.58.206.42:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 42.206.58.216.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20240215-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| NL | 52.111.243.29:443 | tcp | |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
161s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 72.246.173.187:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20240221-en
Max time kernel
118s
Max time network
126s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 224
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20240319-en
Max time kernel
29s
Max time network
160s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=gpu-process --field-trial-handle=1128,12790241130063352255,4611309582561463643,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\2eloBCt58RQ6KVXbxhLYn8bOGJe\Node-js.exe" --type=gpu-process --field-trial-handle=1128,12790241130063352255,4611309582561463643,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1200 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
C:\Windows\System32\Wbem\WMIC.exe
wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
C:\Windows\system32\cmd.exe
cmd /c chcp 65001
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1nsgefp.11jr.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-fuyfpt.9dbp.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hqyxy8.rrb4.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-kqjasl.9xcqd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-19gifde.qba2.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1imhzz0.f3l.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-f1m00z.e1cdw.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1j4nbl5.oqu6.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-145dy2p.gq26g.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ngmtj5.lw6t.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ghery0.pbv1.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1tqv1g0.8d2q.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1wbin9s.to06.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-i61cc8.esks.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1kxpmut.wem9.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1aisms8.rs5rk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ivoyu7.n3p4.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "7123041801751793660-807559248469464351060127821509691080-1271640710840630956"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1q9r5dx.3i4n.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1iggk3o.ruts.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-e0zodq.b4a94.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-t8j58g.60t1.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ml2nfa.flw8j.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-pn61mx.nav9e.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1c6j7lu.cbhfg.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-184wdlq.py69.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-8h62qh.gjfc.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1w13rhm.eh83i.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ueimz.22dib.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES417.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC6537DB1643F47B59A6B21FCBCE03D50.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES416.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC54D72BF2E614AC293559C353DF66B56.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES419.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC4959CC1197194516A614D36F525432D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-7q8fdd.moj3y.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1dhlp3z.9zwp.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-owyhxr.w2qb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xh8f3y.srfy.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-uhljml.ko9yc.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hlj832.d0wa.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1nueos7.svoz.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES426.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC922C3FE169CD415CB7FEA05FE43990EA.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES483.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC91D7BD9987441968435D341E33D5D2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES418.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC807148D6ED654492AA9E2435AE9F4F7.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES436.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5DBCD18A5D44DC3AB159283F0EBF02B.TMP"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hqyxy8.rrb4.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-145dy2p.gq26g.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xh8f3y.srfy.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-uhljml.ko9yc.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hlj832.d0wa.jpg"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES485.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCEE6756CA40A84DB792FAA492E7773E.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES484.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCD610A43B259C452BA0A4B8905E25B378.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES438.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC87F749F919204024A740D1486D48AE62.TMP"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1nueos7.svoz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1uf7gfo.r7xz.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES435.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5AF1006382294CBCA3835CE7291C5BF7.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES41A.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF346E41537E04C9680A3CE4D941A8A54.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES712.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF7359BD787C94F5493E323230341596.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES534.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF4916966466542CD8747FB696E9018E.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB76.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF895896643D842D0A95C3B548C962D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES52F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC799E2862DC8C4EAD889044FABD7E15C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES533.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC2E1796C0DC294282B69187332E27D43.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6F3.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC7F929C0DB6634AFB9971A7328E85F564.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES532.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5EEAA7A9E0B540FC8349E0259AC89453.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES530.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC3B03164C46C94D63BE6E34D1319FCA1.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES536.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC19D070C6B74745B4A9A16A3BA41E4C52.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES535.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC23C3E144DD5643C9B6D9254BF2B4F49.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES531.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC2B2EFEB267804F8892E131168746376C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCFC.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC97FA8B6D314ED19759BF43D4B5DEE6.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEFE.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCB7C6B3E319D44D1C9C2E36C5F8F887C4.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES439.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC3A40259858F40328FA991AAD66A361.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7DD.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC1BA0A6CBC1A448E9A569A41BD061F6E5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES437.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC10AECCE285BF4F8E99C1312C2DF6B99.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES657.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC66FD3D6521D445EBBF517FBD9BD7EC6F.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA4D.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCEF2D9CD93DB247CC939B995C4D60CEB8.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1249.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC64FC0E2CA18F4F12A445C6AFADEEC79C.TMP"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1uf7gfo.r7xz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1v27p9.zcmp1.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-hjw3ou.4mp4h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1v27p9.zcmp1.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-hjw3ou.4mp4h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jav8qm.gty9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jav8qm.gty9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-8bggcs.xp36.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-8bggcs.xp36.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-19b0buc.zbji.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-19b0buc.zbji.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-4xctwf.wdac5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-4xctwf.wdac5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1wjbzd.o0332.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1wjbzd.o0332.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1myrp1k.78nc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1myrp1k.78nc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-dnlzuv.vgl0c.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-dnlzuv.vgl0c.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5tfrhf.jdqdi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5tfrhf.jdqdi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ox3n5l.4cba.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-ox3n5l.4cba.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1dn1y4g.miete.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-pjlnxr.fmpyk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-192g1p6.63ei.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1q3xtfo.agjqf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ztiu4a.cdne.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1odsmq7.qk6e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-pjlnxr.fmpyk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1dn1y4g.miete.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-ztiu4a.cdne.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1q3xtfo.agjqf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1apztnm.sj6s.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-n5pjye.37ck.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1odsmq7.qk6e.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-192g1p6.63ei.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1apztnm.sj6s.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-n5pjye.37ck.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-azz05.3pzm98.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-azz05.3pzm98.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-mwym0y.xr3k.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y5niov.odj5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-g23ui8.d8hfp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-mwym0y.xr3k.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y5niov.odj5.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-g23ui8.d8hfp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-96gfrd.cm61h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-96gfrd.cm61h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-6mjjmn.5sgbw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-6mjjmn.5sgbw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-2m7fy8.7jo0b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-2m7fy8.7jo0b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-14o8g0p.73wh.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y8jsge.ppl2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-14o8g0p.73wh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-dvtlfg.h1rq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y8jsge.ppl2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qjcsil.kq8c.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-dvtlfg.h1rq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1l0kpx9.6hhb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1a3m3o5.fw6x.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1a3m3o5.fw6x.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1l0kpx9.6hhb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1lm7lmy.z226.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qjcsil.kq8c.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-13m8ssv.kipd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-9m1m88.kvf1k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1lm7lmy.z226.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-13m8ssv.kipd.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-9m1m88.kvf1k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-3czz9d.vny73.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-no5gjc.xbce.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y6ede4.hj5t.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rmwuxm.yi4g.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-p8unr.e4z8sf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-3czz9d.vny73.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1y6ede4.hj5t.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-no5gjc.xbce.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-kqru57.7wgb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-pvk2ej.1zq1.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1q2o9sh.fvy9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-p8unr.e4z8sf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rmwuxm.yi4g.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-kqru57.7wgb.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-pvk2ej.1zq1.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1q2o9sh.fvy9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1pjqe2n.ba4a.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-946gcm.dmg1p.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1pjqe2n.ba4a.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-epqm4x.09ep.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-n6mvt9.q0se.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jiebfi.6fqb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1g64ths.6ydd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1mg97bi.hxn8k.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ckk7t4.rixu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-u42ko7.r56m.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1lqblt0.ot8eh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-946gcm.dmg1p.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-epqm4x.09ep.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jiebfi.6fqb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-smqke0.arco.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-18wpjce.ys59.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1kjmxi3.9g0ff.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-n6mvt9.q0se.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1g64ths.6ydd.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1mg97bi.hxn8k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1iuwaxs.azu4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-u42ko7.r56m.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-ckk7t4.rixu.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1lqblt0.ot8eh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-qne95p.vss3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-18wpjce.ys59.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-aisnyv.ww4fo.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jc45nl.lzkg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1kjmxi3.9g0ff.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1iuwaxs.azu4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rqd98v.e021.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-smqke0.arco.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-qne95p.vss3.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-aisnyv.ww4fo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1clk6xo.yk3r.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-2x2phd.4yhnb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rqd98v.e021.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jc45nl.lzkg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1clk6xo.yk3r.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vh5h2m.5gyhi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-2x2phd.4yhnb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-jucjul.fqfmd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qnd223.y4qc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vh5h2m.5gyhi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-tq75wb.uw52g.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-n7yf1v.qlwzf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qnd223.y4qc.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-tq75wb.uw52g.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-jucjul.fqfmd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1gntsln.qsmf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-n7yf1v.qlwzf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ymatk2.zsv1k.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-a6zb2o.wboje.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1gntsln.qsmf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ymatk2.zsv1k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-19e1tro.devk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-a6zb2o.wboje.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-atbk1w.n3mh8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-19e1tro.devk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ktuvmc.hk07.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-atbk1w.n3mh8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-i88jmg.7c6n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ktuvmc.hk07.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-i88jmg.7c6n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1li6ykl.9wcih.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-yg0hra.o7r9h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1li6ykl.9wcih.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5in51e.1sg67.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-yg0hra.o7r9h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ajriqc.ikpth.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-ajriqc.ikpth.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5in51e.1sg67.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1a2s8q0.xefa.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1a2s8q0.xefa.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-3v78d8.yv4in.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-3v78d8.yv4in.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xpaor.1jbcv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xpaor.1jbcv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jfcty2.ojc8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1jfcty2.ojc8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-138av89.plt3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-138av89.plt3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-vnvgj6.h171.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-vnvgj6.h171.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1u7twdg.p13nk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1u7twdg.p13nk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-cif0pw.ckzjr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-cif0pw.ckzjr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ig7tow.48j4k.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-yyydyn.93ijj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ig7tow.48j4k.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-yyydyn.93ijj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-qnv1dh.dhl5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-qnv1dh.dhl5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-i6k1xc.6743.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-kvfro6.agyi8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-kvfro6.agyi8.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-i6k1xc.6743.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1k4p0n6.vtt7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1k4p0n6.vtt7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-c9e257.jv3iw.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-xmyzb3.k8sm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-c9e257.jv3iw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qreve7.g9qa.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-xmyzb3.k8sm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1kfhrj5.tjt4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1qreve7.g9qa.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1kfhrj5.tjt4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-r8orc.te6is.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-6tvq8z.jzkq8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-r8orc.te6is.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-16yn85e.vvx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-6tvq8z.jzkq8.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-16yn85e.vvx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-jipocp.5c81.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-jipocp.5c81.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vdc9jx.igy4.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-uxf8w.4gueb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vdc9jx.igy4.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-uxf8w.4gueb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1akv25p.f8jp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1akv25p.f8jp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rma8p0.dz1r.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1rma8p0.dz1r.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-jx1wjv.r2f9.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1toqkyl.hdqr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-jx1wjv.r2f9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-o0hofw.zsfx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1toqkyl.hdqr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-9f5kc8.ilvv7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-o0hofw.zsfx.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-9f5kc8.ilvv7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1yjccgj.k3ee.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-wyxdn7.8ukg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1gm0x9n.xe47.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1yjccgj.k3ee.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-wyxdn7.8ukg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1gm0x9n.xe47.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5zctku.idn9k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5zctku.idn9k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vuwvqy.14h4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vuwvqy.14h4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vfucyt.4re9.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-12fvqjf.5sg7.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-omcocj.g7r4i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vfucyt.4re9.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-12fvqjf.5sg7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-x0lsui.kpkq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-omcocj.g7r4i.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-x0lsui.kpkq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-r5t96.yhfp1j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-r5t96.yhfp1j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hf3nmy.i4fyi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1hf3nmy.i4fyi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1r8yiis.ls85j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1r8yiis.ls85j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-84p56l.fwq6s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-84p56l.fwq6s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-6knr10.go3qs.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-6knr10.go3qs.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1d1dm25.hl2s.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1wje4rl.2kep.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1d1dm25.hl2s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1u039lh.oxbs.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-12vfpri.zfw3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1u039lh.oxbs.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1wje4rl.2kep.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-12vfpri.zfw3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-161pq7h.vmmzl.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1thd69c.4m2b.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-195c7ub.hfiv.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1sxbqdr.kacy.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-qbqtw.tuo63.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5a6sj5.ome4h.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1f1hbv1.pymg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-13jbq6u.09a7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-195c7ub.hfiv.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-161pq7h.vmmzl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5a6sj5.ome4h.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-qbqtw.tuo63.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1thd69c.4m2b.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1sxbqdr.kacy.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-12hjtk7.h3tul.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-13jbq6u.09a7.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1f1hbv1.pymg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-j8q4qs.4yj2k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-12hjtk7.h3tul.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1sjc1n3.xha5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-j8q4qs.4yj2k.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1sjc1n3.xha5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vo0uyl.9hnz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vo0uyl.9hnz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-14ng5jo.yip8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-14ng5jo.yip8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1bdaz6g.pml5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xgf2px.tnfz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1bdaz6g.pml5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-kx9bnc.0u5ja.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xgf2px.tnfz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-omnu1g.zxfbg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-kx9bnc.0u5ja.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5s3wnj.xwdv3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-omnu1g.zxfbg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5s3wnj.xwdv3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-og8015.44sea.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1766202373200984314-1281255737-783682891199741456720273591819738198471566194504"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-6xwzho.mdaiq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-og8015.44sea.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-15izs8a.dt4zh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-6xwzho.mdaiq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-15izs8a.dt4zh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-wvyoz9.bsh8h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-wvyoz9.bsh8h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-pc3dyp.rwja.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-pc3dyp.rwja.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-pzxvxd.yq55s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-pzxvxd.yq55s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-bs895m.17uhp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-bs895m.17uhp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-15wkibm.lrre.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-15wkibm.lrre.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1doc07x.xi9h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1doc07x.xi9h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-mwh626.1klmq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-mwh626.1klmq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-ss8op9.hmu3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-ss8op9.hmu3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-iqbwfi.f256.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-iqbwfi.f256.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1uf0djr.ragk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1uf0djr.ragk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1fgrl7w.95z.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1fgrl7w.95z.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xtaa8s.hkby.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1xtaa8s.hkby.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1n5sg1c.oy2y.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1n5sg1c.oy2y.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ctcirn.ktby.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ctcirn.ktby.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1247qi0.fdyw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1247qi0.fdyw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-txq657.tx0eb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-txq657.tx0eb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vtr0ha.xoe2l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1vtr0ha.xoe2l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1l4v7ol.z1qs.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1l4v7ol.z1qs.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-dblbtg.7oshe.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-dblbtg.7oshe.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-27uuph.6ggv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-27uuph.6ggv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-12ebkak.8mrk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-12ebkak.8mrk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1cilljb.jy8w.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1cilljb.jy8w.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-jju0g6.m2pqg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-jju0g6.m2pqg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-63qrqz.n9c6d.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-63qrqz.n9c6d.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-gc6pxv.u3p4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-gc6pxv.u3p4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1dkyuyk.dd2u.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1dkyuyk.dd2u.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-165ji9s.h4qx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-165ji9s.h4qx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-6sg77f.axagh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-6sg77f.axagh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1grm3xg.g3t7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1grm3xg.g3t7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-cpo4d4.16h8i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-cpo4d4.16h8i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-q4suxo.ngalc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-q4suxo.ngalc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1edxz7x.t3w7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1edxz7x.t3w7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-14cxdkm.in51.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-14cxdkm.in51.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ou0lc0.n3jq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1ou0lc0.n3jq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-5fdqk4.j5h3u.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-5fdqk4.j5h3u.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1iynf32.apf9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1iynf32.apf9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-gqnnbo.llgwg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-gqnnbo.llgwg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-e3go7m.3ya4s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-e3go7m.3ya4s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-f9tm54.sncgd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-f9tm54.sncgd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-11592zl.ymec.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-11592zl.ymec.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-1k8tnn5.q936.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-1k8tnn5.q936.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-116e2s6.c3vfj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2400-116e2s6.c3vfj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2400-sjkytw.5s2bc.jpg" "
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | whoevenareyou.equi-hosting.fr | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
Files
\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\chrome_100_percent.pak
| MD5 | 0fd0a948532d8c353c7227ae69ed7800 |
| SHA1 | c6679bfb70a212b6bc570cbdf3685946f8f9464c |
| SHA256 | 69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf |
| SHA512 | 0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\chrome_200_percent.pak
| MD5 | 1014a2ee8ee705c5a1a56cda9a8e72ee |
| SHA1 | 5492561fb293955f30e95a5f3413a14bca512c30 |
| SHA256 | ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57 |
| SHA512 | ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\ffmpeg.dll
| MD5 | 7dc7b2fb25544a613deaa08b05805d75 |
| SHA1 | 2cb49bd3427534dbfe00c8929317346c2232a024 |
| SHA256 | 11c431e680b512e215ea11b64489c865c29aef4c116afae99941712015260d07 |
| SHA512 | 21c7bcf25a97012c23a58fbe896c5396e889cefd3370735d0d26d0e71eb7bde4b794ccfc56c75bbcf423e1380e3dc5943ac966ae96a57b98860bbbadc8b72996 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\icudtl.dat
| MD5 | 224ba45e00bbbb237b34f0facbb550bf |
| SHA1 | 1b0f81da88149d9c610a8edf55f8f12a87ca67de |
| SHA256 | 8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc |
| SHA512 | c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\libEGL.dll
| MD5 | 221921bf5e21a84382fe89d21b744356 |
| SHA1 | 1b72a53fd663e73c3950d8b1c6140db3cdb6f78a |
| SHA256 | 175cd7579b98522229ff530789f351c5e052bc28691e75da2b696bea926100a4 |
| SHA512 | 05d8b1b6c87a95be3c2f42268cc1dcb44db3595d86d45be31211486ee9355f05846d5d4964cd426de6772636348a0a1dd33716a2b2731ca02c451f3bf72fdbfd |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\libGLESv2.dll
| MD5 | 368a951df457bbe926e384e452e2c42b |
| SHA1 | 3e8f89c4ccbc406824502f6cc0966e74ca8808a2 |
| SHA256 | 47514cc1d5e169ac196113e795040d5d4f32bc382a1b05b0c9e429c428c7c3df |
| SHA512 | 799bf188e4128ed0e7291183a0070b71601dcc65a393f40f3e25d7c72f637cc820bd06affa1d109e056ef9c2cf20ab218af13da194dd1d183983bf9878df79fd |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\LICENSES.chromium.html
| MD5 | 27206d29e7a2d80ee16f7f02ee89fb0f |
| SHA1 | 3cf857751158907166f87ed03f74b40621e883ef |
| SHA256 | 2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab |
| SHA512 | 390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\Node-js.exe
| MD5 | 06295a324f405a3c7082f1fbadc35f1e |
| SHA1 | 513108b3aeb2ad8491c6dd1ad74d4711bc85b2f8 |
| SHA256 | 80770adbb4d1c5d6736eb80e2aa0246965a76ea99517f0e1a77c16d0f0fc4957 |
| SHA512 | 41205e55908be61c0bd81fe904710b88dfb1e37d06b1c48d5b66b16f4c52ce2101991f158da3fa228e9b5511cc30563fdf6329c75a4c49554ce294c5ca0d48c7 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\snapshot_blob.bin
| MD5 | dbe18c25f68d40444ea576a68e78a12e |
| SHA1 | 44453e3fa8400cbe6bb674adaaad4ea09dab0e14 |
| SHA256 | c7c0d878697264269ca58861187e18d083aaf3f7f50bf4f6179fc080507bfa8c |
| SHA512 | 7ad4fd83f8337f263e128f8ee498d58b9dc89b876156157fda7636e4efa84691d6a9ff35c40d5482c9da98f8cc7b2eb87428a2a2690359ad6dacdf506d2e1f6f |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources.pak
| MD5 | f616d69f6e582582930d06c5c18f0f70 |
| SHA1 | fde8e2653f2a5317492105bcabeb3565faaf74de |
| SHA256 | bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855 |
| SHA512 | 492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 89f5b9dc2c1eccfce7c3681b8066125f |
| SHA1 | 273175d93ae554da7f63a6475426a6515d0c8cd1 |
| SHA256 | 7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91 |
| SHA512 | 469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\vk_swiftshader.dll
| MD5 | 679bbc7de5f8fccc8f68d1fc5d5d3156 |
| SHA1 | 5dbe2043d1108f273c7f84d31183c01cb3e12624 |
| SHA256 | 5ab2d9f61fc256b398b80a6223aa187041525b0891c36a9fe64bdc6e37c0bc55 |
| SHA512 | 12b8d60d5debfc5c7281eb2a3b296d13c8a0254286f81321640dbc526ab00435a719691e755df5706b00a79d06f825b19968ba699ac72031a69dfabbdc95ff63 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\vulkan-1.dll
| MD5 | 16cd9deb27a902f758d72f5fe3bfa94a |
| SHA1 | b5209cf5493b1c7f93ee4cafea5586ae7ca3aa93 |
| SHA256 | a2c6fc4251700f4e5129d5363df8c69a43dff6d46dad61d76b9e75209eeab11a |
| SHA512 | 82a31cb2a93bd1fe317ef7a7d15b61ad02dfd636629f1e156e6b0ae81218218a1184d83512f0b549b1baae32c7845b7265b5b69094bb12c90cd2bb61a1a34570 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\am.pak
| MD5 | 985be89267e0d559bffd4b66380e5e53 |
| SHA1 | fa33e9bbfff5a89dcc26f52634561e27c1cf0e05 |
| SHA256 | bd1a60f7fd63da2230509211f858866ed782767f580b8ce4740ad2060d3c5d9b |
| SHA512 | 7cb99ea1d92f810dd6f882669b2803b5cc87a9f34e70964d402f14cb7771a9d02f4c7493518b5c388f49887c8311e3b02fce7ff3770a724fa9a0a2e776f2c3c6 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ar.pak
| MD5 | 5209516dee9d9ce64854b70da199108c |
| SHA1 | 5797e37da5909e47e03d323abf884b573adf0840 |
| SHA256 | 8407ba456e51177358e6ce1e82c33e5e279eaeb553ee38db9f0994ec57c2e246 |
| SHA512 | 0585c14bda7800acd3242794eef7c9466f57217a059feefb0bf715e2cae9d228a5172fa9046ea19d19cdc388dcde2348a0a90caa26a1baeee612006495b56524 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\bg.pak
| MD5 | 7005e72419774fc1d78ba0718fca1b47 |
| SHA1 | bedcb1e0897a1a47a878bb820735d8e373a4b4f1 |
| SHA256 | 2b93afb50cd154464b7b40c8d0015db09b69f3341f0bd75d190c033c4ec4c72d |
| SHA512 | 7a098ef7e4297d832acf356367faedb78bcf33b68e2d0255eed0c1852cec744d24fe594812f2c3a393b4fa75e83a080803d38176bf7534604362a7287242e9f0 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ca.pak
| MD5 | 5c5c2e574c8d51a61d9e58547d89b0df |
| SHA1 | 268d6a348c22616432191ae55bb8c34e039feac7 |
| SHA256 | 4d96243f37cb8fff76fa55cb71667f010cb002ed8ee6741a216c89e6aca3fd73 |
| SHA512 | e1d8af4f6d1b66064b71d7f66391a896ed62ba379d5a7c1a2f667716a46e255588a098af529358ae6904831aed2c085c8ce6536736111ebf9427869ca5cc8627 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\bn.pak
| MD5 | 5670d1c74a07e5e9bb3853307ea2cfd7 |
| SHA1 | 7cd7568d2bd4c64b8685bf17e3289afe923468b2 |
| SHA256 | 706681208f6e0c2508c55ac7fb8bf510a133cd66f6977c3da3439526269a1c0a |
| SHA512 | 27c5f596548a52d0d62a749324a744121f2448b29f8eeb908afe487b7084c95e6e39b80326480e9253b997ca22f557f33e450fe155ccdbb2b601d0991389b47c |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\da.pak
| MD5 | 42628b87e74b0a3a7cbce510f2ef674f |
| SHA1 | c9fc502eac895690f4bd0bd3cd47b72819bfc342 |
| SHA256 | 450184b07e707cc80f7f7b331cd7d95aeb10c22e6936fb50d438de24c9dc3ba5 |
| SHA512 | ad60a366e4ea7050aef7cb6cd7c0d99fb9f37f7ff88f93a13fbdb21eb1c53cbc33cb28c284a14d7a44da0ceeef1fe9e693be0716ec268c6da0a674db00194a25 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\cs.pak
| MD5 | 6310a8e1c7e8ca3a1611d78b4d67845b |
| SHA1 | fa8cff4ec0b1cf3aca65e6745d9f31154dc48115 |
| SHA256 | 10c892b0722d117b4c3c55776f8fe4b2ef1631dde91d23a9f7ef44f7acf0c60e |
| SHA512 | 900d9eeef7305134d677f90c3c9d50f631c8cae0cc0fc56a3f03984a28c7b7af429276150efbecb769d5aebb04ea5fe3b0645922710891901cccb2e32b01b813 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\de.pak
| MD5 | b48f5b846d1b32f8426255e8a03b4d20 |
| SHA1 | 77272097e67ba495d73e3d82e3100237a1664fcc |
| SHA256 | 28e394fd4dfcb0ee3ad947a8e276af7ec1501f30e820ba42270d2d7f03ebf745 |
| SHA512 | 07e9af3153e60e05678db92e4654169e9c743bffb5aeda0725bd3b11dfba9021551697149771bb3aadac4fafaca50c88a352f55d32bd6c5fc8867c44f660196f |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\el.pak
| MD5 | 9d654962e91275c7538dabdb450a2f03 |
| SHA1 | 3121a84f1035d7b44e4597ebe4857137b7172da6 |
| SHA256 | 9ea03f3937d9312af696d6c0a3071fa8c0ddb1b6259272cc0d9be2e09ddc3d27 |
| SHA512 | 0a2e2bc0fbb587f210ebd74013c4c99a57a9df088ba4c6d6bf670b085a45b825cc6800fa2f554d2c640669803350dddb53122369a6f54f80ec92b928f84ec35a |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\en-GB.pak
| MD5 | dabd9d0434e128d6ae3feec3b2c2801e |
| SHA1 | d7a25ac86c15f5d4a3b3d4b713a5302c5b385498 |
| SHA256 | dc908ecd302ce83d9dc091b15011497eb7de87999c4e5b895b6e85e24cb7c835 |
| SHA512 | 831f74fc1a3af5db1f23a1107133a090709693e829de90f2c8727258cefa1eadf1f42087134494e1a026db044e9e63cabda4ebefb425cc2010aaf196da0a3959 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\en-US.pak
| MD5 | 214e2b52108bbde227209a00664d30a5 |
| SHA1 | e2ac97090a3935c8aa7aa466e87b67216284b150 |
| SHA256 | 1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab |
| SHA512 | 9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\es-419.pak
| MD5 | 7b45d7be08eed5dfee3d12f0b7e6111d |
| SHA1 | e14d2e0861d42bc31ea778237f77fd71c5dd32c8 |
| SHA256 | 263fc4b258041034d040bb3d27758239153d5a5faf85ab4217da608e7c2a4f2c |
| SHA512 | dfa361344cfab28e91dbf772123e043cca16b6d86cafffcaf8d71686ac9cc3dea832525b934c60fd1f110e9bf224a9b5f496924a443f742a7487d008f1ad7869 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\es.pak
| MD5 | 2c8b6b9b30b62618c65237943c030e6a |
| SHA1 | 887717930c8d070f0ba965c8a215478653d3845f |
| SHA256 | 4e1a07ac84554563488094169d2f68e29cf3b78c28c57e9e7eec233a742440d4 |
| SHA512 | b0792d483adb7e51a2b219e44f08bb49e419cc7a17943b1f2e57316c907f16cb80151cae1d5f117eced002a56752908d90392a479accfd6d8c6f13a2b79a1b23 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\et.pak
| MD5 | 7c8be63adae41cfa46a1a614de18e842 |
| SHA1 | eb11a953ddfe42dcbb5a4aeea0a40b6b18f596b4 |
| SHA256 | 0e3af6b70bfb8f28542caf5d6ac7086b248e31ca5d31621d417154964cfae3be |
| SHA512 | 4f5c6b976d9ac82002259e75c5afbe211be096f238882b912a97a9fa4ecf7103cc164e7475ebeb4b33794999668744aaa5465c059acccf5c467391fdbc386761 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\fa.pak
| MD5 | 00bc7a02631c7de396537ee08deeec7c |
| SHA1 | 063c897b59cd70955cee3ca27d8743a0989f0a86 |
| SHA256 | 93eb27e9a20061666f36d93d2271547fce61191894dada922dde3bd71819cdec |
| SHA512 | cebcb30a0aefc0acd5f672e7b18cddbc446997f17911ee2a1468141ed4fea7c7d5e7db7b613275a4fde8261204a72fe485f5a8289238c8ed842182f8839e34f2 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\fi.pak
| MD5 | 4215d02d92e1be2e182197a0bb87ef29 |
| SHA1 | 005cc2d1ed5039fc34fc14270344ebc938760554 |
| SHA256 | 22b97c139d11b485b2c9ebd8d86708d38bb9f7044d7171c846f516ca9bbb27fb |
| SHA512 | b0b71716b8d7867392825980e65d3a60c84f302dcf0b6ed7cf1ea0d8b605d1a82accee03c3e639851feb1273cbd327c14d82e497d6b70977272992bb227d21c5 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\fil.pak
| MD5 | 919d0bae6d964906176cec8530c019ba |
| SHA1 | ab41e78a91314608ffa0cec927b4e001b3833e4a |
| SHA256 | 851650876e64fbe8404a15d79984b8983a8f1b04b0f918ec3d700aec09c0c4aa |
| SHA512 | 1e816ea6117511e49648ef5a110420b4f264c1dd85baa7381173529a17a97440cb6a646a89697bdbcee4cda0ad6849f9b3391eeae0083412a8bbd42a76409a01 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\fr.pak
| MD5 | 9442fbfc2b150479f4836706313e42c2 |
| SHA1 | 4600ffc3e1bb3bcb1b3a2b40aa23e97fdcd1bf4f |
| SHA256 | 01d05239fecb14ff5e20e2a25f16238bbca41665770f4e5214c22b47da3a5c87 |
| SHA512 | 4965fb48ff272615f4374183e631d54596aaadc651d729a38f3d03304cc41c927bde8562f2c6d2068f96c09a772a6f5f3a00d0eac7dce433c555252b2b50b559 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\gu.pak
| MD5 | 2e015f0ad58e22b8eaf60e4d727aa3a0 |
| SHA1 | dba0b894f32ad6507ea6a41917c0631f06f2c03e |
| SHA256 | 168c12e17d1a41d8c4913e0be19097bad272c38ffb7876514d6e98f448109b5c |
| SHA512 | 3aa797fecaa53f8dd71b6952d0d04af06e0003683fb5b77234d183d0aeed9350470aebeceeaf42cdd4b50a2e7caf09a96df6802b1d6b829ab4bba41dbaec6503 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\he.pak
| MD5 | 70de839caf5f0caeccc5a2b7dd438583 |
| SHA1 | aa4b932b2313bca859568d62e8c12f9249d7bb81 |
| SHA256 | 66ce4cfeb8328cf1b44ae76ee77c16e59c6a6550b64937931d5a05f161fd8479 |
| SHA512 | 73620dd618971c3301535a1dbc2fd58cc81cd3b2dc3d90a388dfa01fa5516304dcdbc5b362ef7e899310afe28f3d5e3b0695263c82339443ab2d29df03253348 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\hr.pak
| MD5 | 7bee03725ba9ace3cb2aaf64cf0c26a2 |
| SHA1 | 076f0ce744bad1cf242325d5b2378b501e069d38 |
| SHA256 | e16a6391049e4d851a50ebfe3b7af3cc5346dfd28e305f22eafb6d5e6b360941 |
| SHA512 | 1a27e5159225604513bbbb5f4165ce7cb52cca22d0c6f32b6c2a74c4809d00bdc3a38112ea9bba0c09038960f9113146996f8801e764237164816a654e813510 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\hi.pak
| MD5 | 361f04e0a4176ac478b7b7674779388c |
| SHA1 | 68b4e7a9a31e0f9450c856d073b8d03613ae9816 |
| SHA256 | 95f89c3429c3692f7239551565c584faac04d8ae71fbe5b359892e7538fbd35c |
| SHA512 | 7dcdbd9e3f9ad940c3140325527d37dc5ef90c7dcf460395928d48fb2742fd5fd7b60dd64fbb7ba523d46cd658bd5bd85d492bac0a65a8d1634789b6d27ca119 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\hu.pak
| MD5 | 14d81146ec6e0ddf4b14fa7b2df372c3 |
| SHA1 | 9c77f0f0c959f2cb21e283b352176596a77992fd |
| SHA256 | 588cb3f8f455616281fe991d5d060a9bd1567dd439dcd5e76149ec88031ba568 |
| SHA512 | 9fcbfd48fec75f0eae99d78a7750b9444a77cc49aac8604fce7952cb42c021ce625cd2449897eefc4aa31056c7611b4db014306dca3e51cb173ba7ea6f0f5756 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\id.pak
| MD5 | d0517c1bf9a89e06ed2b510b9408e578 |
| SHA1 | 71494250010ed09b55f3879488d4566808a8398b |
| SHA256 | 19a6aa1cd288ae30461ac43cebd31b50919b2d949d586f877bbb1cda96a9f3a3 |
| SHA512 | 20b5465633ceb58cb28207885d83dbd30409b29b051fa9ff5a188550241f6f220ba8fb5d4bdb6abcb54dab34d1cffec5ddd783471e8d32b31d3a6d7730f0edcd |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\it.pak
| MD5 | 812115ccf85cb84b2ea167a16e16587b |
| SHA1 | 317e50a1c4c7d8c46554822b43a81a0d8237dfd6 |
| SHA256 | 52c78a10a5ec39bc046b594f4d89a311a26c6a29e475824dc3fb1a1ba4ac9f37 |
| SHA512 | 5fd4b625910bf06055eb8fed311284b1347f85c769f8c3e7a57d4d7d73e20576e873dd2f579b8aaf494ad4ee4885b6850060d4893d2ce43e82872161c93f3982 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\kn.pak
| MD5 | acab21f3fafc58f1f42016f33d032158 |
| SHA1 | 682f11e3c282724093179c85a7df7d0992495cd4 |
| SHA256 | 8031157fc7ee856546fb3551e1f54e36899656447c2bf3c6d48e69bf57137b7f |
| SHA512 | d96dfbcd561b10848e874d1b93a8f3326f2bcf4e06389facc0352edfb4a5b4ffae688d19b2eff6b0b8f125f1a1b449cae18352a61014986d5b3b354fc1bf6c64 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ja.pak
| MD5 | f8dcd5f1433d83464b44265449de812c |
| SHA1 | 47763205f105e19cadafdeb1cdec6f45001f2c58 |
| SHA256 | f932ba21d0857c5c92dd3d24e49f3fcc4f9423fe1e2180fe26f9c0bf669c8c3b |
| SHA512 | 76b8c4154f7de55e0ad958cd122ec650f3289bf4f92c03e45e6e03b6467d09387115d5894f19c1b108869a2ee02ce2d476cb2c943191e0fc42ad0183478a7eb8 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ko.pak
| MD5 | 95239fdef6e852df2d2e9d52dd99b622 |
| SHA1 | 360be5e62ac4573ee1a6bfa7effbe245c039862d |
| SHA256 | f77338aa0fe86f36cae03bd13c488bdd320c3abda336c8f464ee2b8a0b17e7ae |
| SHA512 | 0b09790b0fc21bb838ed6fcbfe2bb7dc41a7ab8d424a5057fc3bfb701be2b414e4a8f55980cdf4be116679c21116d24349d7b058f134fb959c7a040946594b0d |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\lt.pak
| MD5 | 6e6993270327064cad2ff0784f20585a |
| SHA1 | 924a2ce4fffee99f29cbee875cd5abab2e814888 |
| SHA256 | 848c219486a434ef18edde0f16be9bec475e2d7626e9d8064acf25d793fde434 |
| SHA512 | f6a21975836a64a9dbeb76005c63a19d450a3e9d1c9381fc7da23cb8a96a3e33da204ebb4a192e608154dc71e13c555fcf97e0fd262681f2fec54fe0f8ac6dec |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\lv.pak
| MD5 | e21a8a96d9f17e1f9e3ede2cb66eea9b |
| SHA1 | e3f456b5d238ce2095e7a51a4250fe26c361bfdc |
| SHA256 | 1da6722966d120bbc418c66068bb22b12911d11be94232786bed1a8ae5ce5090 |
| SHA512 | f0b4fedb0bced810a63e00321ee17ddc20b340e9ad458d6cd8598e4f6f0c26307421c0417def39add0e9df3991a910f67f54e8bd93fe7770e47e83e675c46f40 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ml.pak
| MD5 | 7dabd95b96d90662432026c0a9ae1c22 |
| SHA1 | 49eb49428d642bd906aed9b0b69870a843326efd |
| SHA256 | 50e5033485a6d2bcbdfc7eecd7ac26fe790a84642d9ff2c1e77fe976b18bf9a5 |
| SHA512 | 6a51f19543cd2e963bc83bb8a7753ccc3dc5a835f1e242338713dc01346f8716cef9c3304a618e7fd3db2224da6d0678959ff87007891ff4ead216ab452993cf |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\mr.pak
| MD5 | abcc39abc488cdbf73e44f53d74b15af |
| SHA1 | 982f12328342eddbacfbe45be577d839568c96e0 |
| SHA256 | 5e19425a057db47aaa1bbcada3406f916f80b230b1cdf2b224bd37b1074d3d54 |
| SHA512 | 7cdc4b00a33079c4724912b715614ab691395c45004aa7c2c265139e47af6785aa3309d9b8541387f56fbccba8043baca9925189133fc64265d385e5625b1f89 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ms.pak
| MD5 | 53e8b7262db4c5b04ba5b39c07eddb32 |
| SHA1 | 9cb8946966547630cee42de04eb8604e6bb5af86 |
| SHA256 | 45750905e13f94936534dcec30ced984001cbbba4f6fd4db0d31d2f470acdb2a |
| SHA512 | c71e2bd191c5ec6194e02f1c08aae008c57b292405e4c291832bdfeda656a5cb4a547f606d87d3f618afcf731b4d6730f22c0e99093f312a0a004e5d9fec7d11 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\nb.pak
| MD5 | bc1983b1c86badb361fe07031a93fa48 |
| SHA1 | 5bd14d7d7a335dd6457377fc0eaed07a56c369e6 |
| SHA256 | 229d8e46784f401eff51e12b10db88f4aa6ed62bc01271f830013b653807103d |
| SHA512 | fc9fce048283f24b0eb8b37a4fa5f3223e927cd68568817e5561d9ef4224a35d899b5e0b8b311b57cd50922970c6cbaabd070377d704f65fb061463ffed6a765 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\nl.pak
| MD5 | f1210067dc72e8c82444b2ad9a3f7897 |
| SHA1 | 3cf8c6fcb93a5f79fe6190aa0551d673887125da |
| SHA256 | d26f3e7f39231a9acd60285989ab5bda54039611ba2ae04ca5f79bc3195d4aa9 |
| SHA512 | 9339a285fc7db00b9a755d09a17b224ec15e3eddcfa60c5efbcebe556aff277cb6daa23a346a50bd1fdcf274a172c985fd74dcd362d635738f1734ffb466c00d |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\pl.pak
| MD5 | 31200d5726b3d1cfbe9ac3bc7138a389 |
| SHA1 | e82f0300046e7cc9ffa13223c11cbb94d62c0dc6 |
| SHA256 | 74c96e5308732e4ce800de37cf677d16ba05385b2af1c087819095c49b4074e3 |
| SHA512 | 8ad600725c9eb97a73293b63bf15a853d2e12bb6cec638a6e0f4060610486d3eb9e9bd5c10e607e569e6b631ae09b8d9df46cebc8bb962cec3adc0d63dc2f48f |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\pt-BR.pak
| MD5 | 7f150a17a11d43e395f571dd23951d88 |
| SHA1 | f8b8d6f89f63d92f04156f2b44b36b6045fd3723 |
| SHA256 | 72e1d3120d5f52f8485eeb2f0be4298d5af4d6f62a4d14e7d6ae2b635d89c0d9 |
| SHA512 | de39bb0dd9c8f948a67b9397789989aa900fa90249854181993cebea00717d45ba29ce56eb48b996b396e2b2236b580509a4ba127a190ed10d9ac3b91011ee2f |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\pt-PT.pak
| MD5 | 553594ab0e163c6375ebe75524095dec |
| SHA1 | 199a9e040d884a443e0ac6a2c7ed3fe914dc3fa5 |
| SHA256 | bf2cccdd3fa33d8c3b0fd145dda1d7f10d60645f0108e19f6220b43ce01d05df |
| SHA512 | 30cdb1401884bb87438d221834f70b384744babc474bccffefdb031808505b24adab34c039240b6cc8fa2a330613ccd32ffe1c28191c18c5ef402e86037a7ec0 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ro.pak
| MD5 | 06a36fa95702b38e749568037634828e |
| SHA1 | 9c584a9b7a0446fbc44bf5fecab71ab1312a592f |
| SHA256 | 833f661f135311ce8187cbc487c55178872430c678148d4084893cc7bb95823b |
| SHA512 | 33d24d85a4f4582676558ab049a6c1cabd482666c2847e941dd388b80b2ec62ce27175cd0e3ec176d1236a32e714e85138d3e6da291172e62d18acf3e3603076 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ru.pak
| MD5 | 12836eeb93367830b3b88b404449a3e7 |
| SHA1 | 2e2f66213fcb0ce5dc170753b8c11f9d96917d1c |
| SHA256 | f815b9cde0449c05949a9003f08254801cdcc8d9e5209d01af3136009b0c0caf |
| SHA512 | 7f71bd8ba800029495279c199aa99b96f075ca95055d512486c27a4bb1728c7312eeeeba09cf23259e7d6539f1c76467ac98e75b482de764375dd639e95333a8 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\sk.pak
| MD5 | 9ce4e3abe9d948f6a89759d0ab188dba |
| SHA1 | 447e5c8803d0284c69ffb990ac0060adf93f4d25 |
| SHA256 | 5638f5285ae0c68e3a9eb09d6adb6d2eb3f9e087cc149c4a247fb9765a8ff6e2 |
| SHA512 | 78970073eee16097113f8f009abb43d9317cf3096640077cf9efb8139c92aeacba8ddab5dd948ff285732356625f3167d5c35701ff37b250fce251baa39569e0 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\sl.pak
| MD5 | 7a75fa0fd3ddd471cdf9b15d3b3860ca |
| SHA1 | f07e3e136768501e69e76529011003bd45fcc0a4 |
| SHA256 | d34eeb1ff37cb90bf8c427b955f4349fbdc5eee4879141058d8d7bc76185a959 |
| SHA512 | e3f181728e9d925a826d3eeb275ad3f1aafd3aa98072977b515e05671bc4703aabf7dbac2e031201fe016d0024440d4d1d8c238b3f20c5f52b21e13dfcd5f620 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\sr.pak
| MD5 | b2555a29076995ccf01580f0f1b2f766 |
| SHA1 | 284ed665f078620afdd6c7d074a6f9e26dbef1dd |
| SHA256 | 6eab9ba7e66ed290369b2f5d7b1efe7ef38fea2063f7c939e983008ec2692bd0 |
| SHA512 | a36e20bab44400828f6769c178f6340a5f7ec8dcff72a0eb513c9efc257a715027e9d562a4ae3e68d8112d40f9ed8401c165ad205b1e9c4325077e5d1df04feb |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\sv.pak
| MD5 | 03154d7a3c69ec91714c799b86267a1d |
| SHA1 | 8671e9672002c58581488416f2320005140adedf |
| SHA256 | 3fba4e60d606c0f466df1cd2736ff51d7f882505fb21880a396deec06cdd945b |
| SHA512 | 0ac0d61f593f47597880d327d8dccbc00e8e5eddeb8beb8945628b7e91cb0b2496bbb68ff7f11e677cec479f41a4e8c4d2fd66301d5f6e5245dbde49b39eb4d9 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\sw.pak
| MD5 | 0dad65bd01e92ec4001c8377a3f6900a |
| SHA1 | 91353a816b6b1d0aa5bf5342b8f2bd430da57286 |
| SHA256 | 702d3d102308bd1e50698578e09ecac7fe33d625afac04db88905f83baf10892 |
| SHA512 | 98a9c3dcb03627e8e7cf7edbb41078d9c53e9787f28208fe3640805fdcc2bc751b5cdda00c2d796d6c947e26f7c3a401fc5506ee8648346f28227442ca831949 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\ta.pak
| MD5 | 7503d3994d48911a38370095f5c83ec8 |
| SHA1 | a98917d5de0cc237d226ad64792fc9840bec0a0a |
| SHA256 | 5eecb28f30fc5c08b5878ebec2ee565a73c91ea0198ed85a622a0d7c58a3ad33 |
| SHA512 | d0d3e085cfd8f8f1ca776597d209c5d3dcbfb81297ec79201def4dc395526954103da7e8e8b3a4335490b3fadf1063f29d552843eac0933a9f1ab050c8eb2ab0 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\te.pak
| MD5 | b5e9289d02b4963d292bbb4210e9ab5d |
| SHA1 | 48382ab36b77cbec280833f587450270b5080a85 |
| SHA256 | 6cba41edf887a8a2d84c2c1c696c562ad63ce8a105ef8574a1a27b294a211dc9 |
| SHA512 | eaf3889b21cc73ba3913448ef10765611e91325ddc781216769b4f8c4486897aa8429dcfe511b7505a17877012063ebd41fb4645102448fdbbed834d001f0912 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\th.pak
| MD5 | 687a80e1cb637003c3e5f05d3f4b89b4 |
| SHA1 | 1dfdc6cfa02fd1671cf39094ad4b93109bef48f6 |
| SHA256 | daabec4c467127faab67c690f9dd11beb0e2c432434a20f2f79318816ecc7654 |
| SHA512 | 30fc3cbfe3daf369f9baf7fa4c287f62fdd6ef3b6363cf2dd88e45667313cc00317b1a52f77e904381ee4be1f7f5c2f73c2a6467c116a1210b36f8287beee99d |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\tr.pak
| MD5 | a38eea92c514716b8ab019ab792bf541 |
| SHA1 | cae203c3ed63807d4f2d89333540556b5e92e161 |
| SHA256 | 54bc687a851cb3227cc3a937b229009c0af8fb25a1900b7fe71f6e6d58111ffd |
| SHA512 | 835e47d550097ea4ae3717c0cc5023ba14bfa7524ed5cf361e21011976afbcae1410061e46089e25bca467c63d9b0208cd18ba1ec606da02c5b430fb1aba409d |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\uk.pak
| MD5 | 6f2f1b073ccef426c7eb49362123f2d0 |
| SHA1 | 048921ad0cba17256e9838257d9f47969cdf6172 |
| SHA256 | 57d93d9ed2974f7f0995e63f4c7af361c05a8ec3e9e25b796328d3e0b2a5545f |
| SHA512 | cc0e5a7098eb0b590f4d4a6ffa531250af9a2c6c6c25765f572f3130b7bb7d669f2737d7d8b70de48293ec1ff9c5dc5dac94058f3d8e431a7c24a5795906e5b0 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\vi.pak
| MD5 | a01c81f3bd56d52c205ce6742dfe52c7 |
| SHA1 | 3d325a2885ca11cdf69d17d66fe5048bb0c8bf25 |
| SHA256 | 8a44b3afd24cf18ff88ca06a33ed8accf548692b457b013e20f49ac5045aa96f |
| SHA512 | e348d9b1fd0df16f711a76de1daccf8425529787e5160c61207aff903ca3389f0c56b185283452d0af36ead503322b93b02deb28b9f72ed85d157adcaeedc503 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\zh-CN.pak
| MD5 | 376ef5a6f076a9757f58d7b10526eb73 |
| SHA1 | 9b5d3f5084990d67c8a8541cd8d7fd15ec424e0e |
| SHA256 | f720baddbffa45c3a0852de11c5049ec95a3b841db45c91362064c80e7d6aaa6 |
| SHA512 | e089213cac8ead755c938069a1f00cf2a8467db8f809b50a6933eff9825a9f1cfd775186c8b5c9b1f598813c9eee654036b47b6814ba1f58d7e447a87511b21c |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\locales\zh-TW.pak
| MD5 | 3d230011248333ed6cee72f667c8df45 |
| SHA1 | 4114f307a31516bb6309fa9fc2572722b8d93d24 |
| SHA256 | b1a56725808412e48a499a534ccfd7e02c361f007a5b1cf063a11d6a308cc9e1 |
| SHA512 | 442f56c0df77cfdd730b89b9c1e086f17665aae0c222a7ffda418bcddd18f9ab96236fe7cc558ab9f87c31a50d78d50157b1e2d3b4c175b6c8ac85e053157f9c |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources\app.asar
| MD5 | f6c6ad773f93816165c624116e9d3419 |
| SHA1 | c360da20299d5c3cc048b7779e7649ac4aa5326f |
| SHA256 | a6424c4b281f19eb973d47083ad641ef45b534daea729215c8dbf5f89faa8d89 |
| SHA512 | 01667b291a6bc1dd735efaf03ab0b0a6b0f00a698e15be905a0101620e8cdaf77d5afbf69b5c11baf5ba4d39b476ec5417ed35b815284f0fa8f198b890fb5b89 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest
| MD5 | 8951565428aa6644f1505edb592ab38f |
| SHA1 | 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2 |
| SHA256 | 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83 |
| SHA512 | 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
| MD5 | d226502c9bf2ae0a7f029bd7930be88e |
| SHA1 | 6be773fb30c7693b338f7c911b253e4f430c2f9b |
| SHA256 | 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f |
| SHA512 | 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat
| MD5 | da0f40d84d72ae3e9324ad9a040a2e58 |
| SHA1 | 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f |
| SHA256 | 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b |
| SHA512 | 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | e7dd19ed46c7a21d0101d1a5cc0fe39b |
| SHA1 | 89a51cd7d4c7a6f3dca571b24bce726568292ea1 |
| SHA256 | d8d1b787de2e2dae70ebb21dadf734dd11ceac03f9a873c911f4b2e2477b745c |
| SHA512 | 921f276efa055eb4136572e889e7741bd3fd776065f70495d6ede7d1cdf0cc933c67f9eec82bd5a5d30f77ec8bfce83f46d00e65ba1488ff95ee38004567105c |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | f6fc51755690e7ae2380d7606c0303bf |
| SHA1 | aa98430be7f0591b054b52db556d032c5e8dae3b |
| SHA256 | 7747ba44a1caa758106d3a2a67438933cca7e7ede2d564c2fa7be2b11b206506 |
| SHA512 | 7974b4f1c64d512d0769e8d991b30a28697d561dd0e20927835059459a6f14d3ee5b04a7454e744481f10b1281a5b6b3091adb3212b59527528a35e05c57fa78 |
C:\Users\Admin\AppData\Local\Temp\nsd4CBA.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\b68192e1-03d9-4104-aab7-85b22fd2bc3e.tmp.node
| MD5 | 8982448cb4f28b82876befe6e8af25d1 |
| SHA1 | 4d3b2fb5b42fc27c1ac9363003abc16ada188581 |
| SHA256 | 78734316565f73b735bc3acb4c8bc6b41fe886ca20ee81e620dbea1e23e1fb38 |
| SHA512 | 3edef33d5cd40f3432aeae603e725f0aacd6e7e387cc6723eac8d3030c3c78e43539a5e6e63c75a4acfd24e9c9fc8913d204ba6523be01ca31cca9a181a49a4b |
memory/2092-570-0x0000000000060000-0x0000000000061000-memory.dmp
memory/2092-604-0x0000000077720000-0x0000000077721000-memory.dmp
\Users\Admin\AppData\Local\Temp\56f5c6bd-6cbf-4d1b-90e0-3f988c8c64ec.tmp.node
| MD5 | 30af610789f7032760077d9c1197d0f3 |
| SHA1 | b57027046f9c7b3d4cda0aef5c8baa334b6fc339 |
| SHA256 | 64d0ead558c2ad1676574a0603111bf683286ea151daa2733c64739764de4722 |
| SHA512 | 457dfb6de5b0ea065a8736447c3d63eb70161dffb1a4b5e2e0f9cdc579c5422cf305ffa48f90a847c5d98cf7888cb7022494c4e280ba7fe49c1e3035a81ca0a4 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt
| MD5 | dec2be4f1ec3592cea668aa279e7cc9b |
| SHA1 | 327cf8ab0c895e10674e00ea7f437784bb11d718 |
| SHA256 | 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc |
| SHA512 | 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Cookies\Google Chrome_6lxhv8bu.default-release.txt
| MD5 | 34fc9231ffc47fbc0467da57069ab062 |
| SHA1 | 150735ca67297ef0c51b6ab5637dbea011040eda |
| SHA256 | 668b13b9be41f23d5c901b3e439d2169f44a6fe9f1edc4fc74a32725cf89cf34 |
| SHA512 | b69babb5f295dc6a73a24e5632aedcc017a210fc4226620ba8b04fc77ff923f67b87919d0517256b4a10f0f04bc42e849ac122efc50d4286c8b436d754b81a3d |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt
| MD5 | 810ae82f863a5ffae14d3b3944252a4e |
| SHA1 | 5393e27113753191436b14f0cafa8acabcfe6b2a |
| SHA256 | 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c |
| SHA512 | 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112 |
C:\Users\Admin\AppData\Local\Temp\screenCapture\CSCEE6756CA40A84DB792FAA492E7773E.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
C:\Users\Admin\AppData\Local\Temp\RES416.tmp
| MD5 | 0eea8060aba5a2e760d3047c7c7d7572 |
| SHA1 | eab5d5578dea828adddd39c6d5337bc47f440ff1 |
| SHA256 | 63c221f177b4ed44d954273349d640e9e60e449805bbea42e56d9c2b0cb0f025 |
| SHA512 | 5dcc8d6063482cff7107d0d3fa281ef432ce8b3c8b209429022962822a1eb94cc452d3510395485bbd861d29c6386ab106129988dcde8b43a70e1551e31c9eec |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
| MD5 | 7d7c9699cc45499ecffc2b8660de35dc |
| SHA1 | 475cdb5568084165875fad487fd3d20608c6b101 |
| SHA256 | aaf1a5542830b8b00b8beb4b6cd8d3e9c06fcc329baaaa985bb7dd5420be552b |
| SHA512 | 04aaf3609a99ea26cd8abc687afd2f1bff7cab75469827337de3a32f4f22dbf43270209d47f4d1413c22ff7c54ce76bfaccd98ea13cf91ceafe0a134fa606c4f |
C:\Users\Admin\AppData\Local\Temp\RES417.tmp
| MD5 | e51d91dd4cd2e4e43cfd5e0f2786b1d5 |
| SHA1 | 26296d1068ecf374b60bc1b26764cbbf57a77a13 |
| SHA256 | f835af1bfa88577e9b1b60d9937cc91f81c33c77347050a558f9c3c13a3cbe99 |
| SHA512 | 2050c4e94613c146a72558af8601895d957c1af1a8bb59060f2ef86c4e9f412c002d342da577d2cea937066ffb5ca06b62ec12b54781bf002d408c5d652b8773 |
C:\Users\Admin\AppData\Local\Temp\RES419.tmp
| MD5 | 70341246c4d3c6b62bc297844cf20ac6 |
| SHA1 | 4be19c046d62b377ddaf140ca8c79ee06ee48905 |
| SHA256 | 640cc24d17b95f39bec5a9d3bd3fda8ecf9066f3cf6a9b1babb62c2facea91d1 |
| SHA512 | 86338affef78cbbec5685133e1486e09cae82239dd507165e6f78f42f1fffb6ddd6079450595ae5e0f6c642c3d1dfbcdfff803199d1ef96d11c497cd0a1ed042 |
memory/2724-835-0x0000000000FD0000-0x0000000000FDA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\202438-2400-1jav8qm.gty9.jpg
| MD5 | da380d89f5a32d6a6410a8093adde6df |
| SHA1 | 44c25970ac92c2cde871a887d619b976f2ed0688 |
| SHA256 | b6846e6cfffeafc3de54ab6013bb8527a3fd852ae93f6690ee946c71e2c7a0bb |
| SHA512 | 4ac5bec08a36cebe799343e40298747a4e7052feeec0ab74ceb84e812c381fb6bc05b46434366553a6548e45a96c037bcff1e94c0d700850c4f790cf83af8009 |
memory/1804-913-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2624-914-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2948-915-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2524-917-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2988-918-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1500-927-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2724-920-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2356-926-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/3068-925-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2740-919-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2532-922-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2560-924-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2228-923-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2456-929-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2404-949-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2956-955-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2432-959-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2404-962-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2956-963-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1632-969-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1928-972-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2672-975-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2588-978-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2128-985-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1804-986-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2660-989-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/944-993-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1632-995-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1928-997-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1600-1005-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1308-1008-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2588-1011-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2672-1020-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2128-1022-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/944-1035-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1308-1046-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2576-1049-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1600-1052-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1940-1060-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2160-1065-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2484-1069-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/296-1080-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/680-1116-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1924-1122-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2044-1142-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2088-1145-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1480-1146-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2976-1149-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2336-1150-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1880-1151-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2324-1152-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1728-1169-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2652-1170-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/1384-1225-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2000-1228-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2092-1226-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2096-1232-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2672-1236-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/3364-1247-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2796-1268-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/3180-1282-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/2644-1285-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
memory/3244-1288-0x000007FEF45F0000-0x000007FEF4FDC000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20240221-en
Max time kernel
153s
Max time network
164s
Command Line
Signatures
Epsilon Stealer
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsBootManager = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsBootManager.exe" | C:\Windows\system32\reg.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=gpu-process --field-trial-handle=1068,3550203540164706208,1417463853522039480,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 /prefetch:2
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=gpu-process --field-trial-handle=1068,3550203540164706208,1417463853522039480,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
C:\Windows\System32\Wbem\WMIC.exe
wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
C:\Windows\system32\cmd.exe
cmd /c chcp 65001
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1068,3550203540164706208,1417463853522039480,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --mojo-platform-channel-handle=1552 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-py86ls.60cvg.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-86j721.26r8q.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mb5nhi.q17fj.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-b1bkya.85tpi.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nv2urs.r81fr.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-l6v6v0.711sa.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8640.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5E211B12189341A0B557367A1E654F2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES865F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC871F6EDB20CC4F219AEA6E4A9EEABE.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES86AD.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCED626FAAEC4349CE8D48CC1198A6820.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES86AE.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC7BD249F546549E58BD6DB4FF03ACBDF.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES86AF.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCB32967F6E35C4C9D8134DBF7CFC9734F.TMP"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-b1bkya.85tpi.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-86j721.26r8q.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-l6v6v0.711sa.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-py86ls.60cvg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-kz6izo.j806q.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-kz6izo.j806q.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-qfhdpu.18ft.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-qfhdpu.18ft.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1kskgc1.u402.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1kskgc1.u402.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-8xmvs8.ili2n.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1v2t9ob.inin.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1v2t9ob.inin.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-8xmvs8.ili2n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lydjwj.cvoe.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-kvy2mt.p1gc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lydjwj.cvoe.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1wc2huk.mp41.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bbor3k.05hc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-kvy2mt.p1gc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-vvql3x.91dnm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-gafv7q.q937v.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ee4xrw.lmdak.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bbor3k.05hc.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-vvql3x.91dnm.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1wc2huk.mp41.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-gafv7q.q937v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sz4o97.1uyy.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ee4xrw.lmdak.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-13qeaoy.06gpg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sz4o97.1uyy.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nmo9k1.fje3a.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1390660288701929901-11120293981074595357305790223-776837148895447545-820031191"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-13qeaoy.06gpg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-yswbpr.wpq4q.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-131buq2.xdbuf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-nmo9k1.fje3a.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mfapfr.lz70i.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hilg3n.0eiet.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-131buq2.xdbuf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-yswbpr.wpq4q.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-e7nf7i.2l3k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mfapfr.lz70i.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hilg3n.0eiet.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-x3uad3.ks1m9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-e7nf7i.2l3k.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-x3uad3.ks1m9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sm0ymy.eyxe.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sm0ymy.eyxe.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-jp4k37.w7b2l.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1vy7cty.jtmm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-jp4k37.w7b2l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mdkhe.zil2k.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ke5w1l.0m0a.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1d6q8sg.9wzr.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-l7pjl9.3zoq.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-148746198818507658891898604110181438266712215694231496782642892673052-1003217195"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ke5w1l.0m0a.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-l7pjl9.3zoq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1d6q8sg.9wzr.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1vy7cty.jtmm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-e6il5p.c6r8k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mdkhe.zil2k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-elq0t.6wemaw.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-50loox.y14l7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-e6il5p.c6r8k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-19us4fh.9duvg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-50loox.y14l7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-sq0cyq.nk37.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-elq0t.6wemaw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-19us4fh.9duvg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1r0gbwk.qm5kk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-sq0cyq.nk37.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1r0gbwk.qm5kk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-zfi6t3.cnbn.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1d63gik.8egwj.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1915970101-926863811-912031410413356617-1211453020-31825253860025108121061283"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1d63gik.8egwj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cbeh8m.t7upj.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2287985647411462771576588833248765081-678710452870895755123305918-540496857"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-zfi6t3.cnbn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-53xzj3.gyl8j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cbeh8m.t7upj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1co6sdf.rv4i.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cmxpnp.kv0ml.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1138645684-11746978009661092961081448571-2015875496-12288875841941277986414171339"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-53xzj3.gyl8j.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1co6sdf.rv4i.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cmxpnp.kv0ml.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-thfwt1.s0uvh.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-835899565-164628960220768153991456804346-820918856-1041741829-9682774571271552959"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-7z2vn8.evo3t.jpg" "
C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /F /T /R
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-thfwt1.s0uvh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-btooft.s3yyf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-btooft.s3yyf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-7z2vn8.evo3t.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-3rrpfc.fq57k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-3rrpfc.fq57k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ot2cc9.cq3r.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ot2cc9.cq3r.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-10q68iu.uqej.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nxgiz6.28in.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-10q68iu.uqej.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nxgiz6.28in.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-13qvpoa.8svl.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1y5dljd.4kil.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-13qvpoa.8svl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1y5dljd.4kil.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-u5yd6n.pi66.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nj3d2d.n3ft.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-u5yd6n.pi66.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-nj3d2d.n3ft.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1g37ex7.qmkk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1g37ex7.qmkk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cux08z.coekr.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ty9mgt.51q6g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cux08z.coekr.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ty9mgt.51q6g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-sncd3a.u1o6q.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-sncd3a.u1o6q.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-103v5zy.4qtc.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1342689862-892618792789651934-87194425194823854915907408151170289222-1501014583"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-103v5zy.4qtc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-4zcoh6.6gpze.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "272767144-9919328621086838078-620614762-11571115759254417-9003082991247864701"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-4zcoh6.6gpze.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-10ko201.1qxm.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-821216625-127421257510740361672058508003-1223577960-1833849867404516550-159376406"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-10ko201.1qxm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-pe4fis.b89j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-pe4fis.b89j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-d9yk8g.313ga.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15903933318147790701397869580-1396237230-581025646-4079790851817766641-266517051"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-d9yk8g.313ga.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1veifwu.fcf2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1veifwu.fcf2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-qlpb0m.o4ci.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19001946901320869306-22017333619494108291062236521-1932315489-15514909461017032846"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-qlpb0m.o4ci.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1oz9cku.kxxn.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "96220166020935856441950580243-497532681-21224376331955177114194236365-1574425745"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1oz9cku.kxxn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rh4h4y.rzmx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rh4h4y.rzmx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-7fj4gc.laepw.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1094909754-11216129611699515501864267994-1910768820-973400534-19736536521296258419"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-7fj4gc.laepw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-15ur9w2.nzg3.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-88299912612088293081486043863-302921605-1964358713-20115163241698717329-1857286793"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-15ur9w2.nzg3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1c9dikk.zsu7.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-722485005-1802656232-1575017864712180026-1846131317508984664-221480749965573906"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1c9dikk.zsu7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1a1d6wu.pue9l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1a1d6wu.pue9l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mw3um1.iyzy.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mw3um1.iyzy.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-18uu6ch.1wq9.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-3294971941241939696302025681-1901118427506161051462337151628584151666659738"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-18uu6ch.1wq9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cdsfqw.2zh6.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-790608816-18721156504654741341269223065-945171304484221474-1920255775-1671006200"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cdsfqw.2zh6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-fm9x80.01kib.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1073475545-423539806121205795214718005961324272297-125473912-444408593-1435910746"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-fm9x80.01kib.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1pgw2hk.9vez.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1pgw2hk.9vez.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-q8q2yf.ojrxg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-q8q2yf.ojrxg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-fjfpfb.7y8ae.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-fjfpfb.7y8ae.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ep4ext.9ly2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ep4ext.9ly2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1t10ix6.uasc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1t10ix6.uasc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-10hz4qn.rgy9.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1436379277-6833393581802314671050966155-18212480631833022043-234768866-2083577235"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-10hz4qn.rgy9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ue5yby.8pwh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ue5yby.8pwh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-5gd4an.tvmio.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-5gd4an.tvmio.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-fqh85l.omhq8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-fqh85l.omhq8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ahnqce.mkvt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ahnqce.mkvt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-8515oh.d60ra.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-8515oh.d60ra.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1brxvl6.bh7e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1brxvl6.bh7e.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-edodty.f6aw5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-edodty.f6aw5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-19oriwn.kyaq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-19oriwn.kyaq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mwstjb.c8j5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1mwstjb.c8j5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-16uusvj.64sx.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-395112252-553869214-19239881943409372718151863971247180479-1977324615-1173495686"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-16uusvj.64sx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1652fje.buj3h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1652fje.buj3h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-troxxq.qrogn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-troxxq.qrogn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cvlkti.iyoqp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cvlkti.iyoqp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-6pptx7.4snes.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-6pptx7.4snes.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1jghz38.gpye.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1920554351268590743-156386384-246256415-16756909591980151720-2248233381150478974"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1jghz38.gpye.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-150g80p.899mj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-150g80p.899mj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-6ne748.owdbv.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1f5lhf.b8n6oh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-6ne748.owdbv.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1f5lhf.b8n6oh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1u8qynt.og4i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1u8qynt.og4i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-larccv.rsesq.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1634319692-1947296818-620784034-1256473535-655247559-1168279871499330279-912954788"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-larccv.rsesq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rpyopc.pcmx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rpyopc.pcmx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-11vdxz7.7gl9f.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-220254894-962159915508562145-1887347571-1718106185-1046197813346179661007999333"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-11vdxz7.7gl9f.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-2ej3yj.vltst.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-2ej3yj.vltst.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hh5471.ccm3i.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "192603024915017650491795304210-17244283311008553423100447155-1042555320287370149"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hh5471.ccm3i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-g5an15.s8pok.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-g5an15.s8pok.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-66dicm.47uar.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-66dicm.47uar.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-7b8qr1.bdiw8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-7b8qr1.bdiw8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1tfb8pc.o22bk.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-125822822715529728905690384526039689261093722630215622569-1656198465-1269131388"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1tfb8pc.o22bk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1o88bwy.25pu.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1o88bwy.25pu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fjoizb.7g2g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fjoizb.7g2g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1577sa2.c82t.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1577sa2.c82t.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-jq82h.j116xk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-jq82h.j116xk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sh6hvg.slna.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sh6hvg.slna.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-11azzkw.u4wd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-11azzkw.u4wd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-gi8u5n.v9fx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-gi8u5n.v9fx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1atqwk.hfyvj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1atqwk.hfyvj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-lzr1eq.424tm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-lzr1eq.424tm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h1y0h6.jrf7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h1y0h6.jrf7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1tlz3nd.08cm.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-185996109086214571516854240121799221389-1093383855993032542-17066936751807441971"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1tlz3nd.08cm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cz3h8c.00z5f.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cz3h8c.00z5f.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-i6dpmv.fc8af.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-i6dpmv.fc8af.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1t4jbik.xpv2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1t4jbik.xpv2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bkisqp.jwbw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bkisqp.jwbw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-18a34xp.ngqs.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-18a34xp.ngqs.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-i0zs2x.8d3lq.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-z5qpms.ou5gm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-i0zs2x.8d3lq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-z5qpms.ou5gm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-6e1sur.kn3y8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-6e1sur.kn3y8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ksrdqf.jl66s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ksrdqf.jl66s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nadssx.qxmg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nadssx.qxmg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1e2kifr.cuak.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1e2kifr.cuak.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-18lae83.uxcrf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-18lae83.uxcrf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fziwrk.85nkg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fziwrk.85nkg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-jf8wcc.t9s2r.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-jf8wcc.t9s2r.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-14uv6jh.86pnl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-14uv6jh.86pnl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1m47761.evms.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1m47761.evms.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-13c4k9s.vy8b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-13c4k9s.vy8b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-6ylll8.b6fzh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-6ylll8.b6fzh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-u835rl.h9rc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-u835rl.h9rc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hgmpw7.6qymc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hgmpw7.6qymc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-114xxgw.p2ry.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-114xxgw.p2ry.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-2moxut.lxnz3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-2moxut.lxnz3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-a8nvip.kzyqm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-a8nvip.kzyqm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-g24x0p.wiw7j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-g24x0p.wiw7j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-7oi2oe.azl3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-7oi2oe.azl3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-13p9owr.pb0y.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-13p9owr.pb0y.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-t2e0vt.y5nz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-t2e0vt.y5nz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ttk3dm.cp508.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ttk3dm.cp508.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1yjx1q4.z1s6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1yjx1q4.z1s6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-15sry88.6yol.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-15sry88.6yol.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-15r9dz2.7yli.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-15r9dz2.7yli.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ltgplp.y8ltq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ltgplp.y8ltq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-4dfe0f.8mcc1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-4dfe0f.8mcc1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-vvn9ew.1dwp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-vvn9ew.1dwp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-tyeg1y.mee1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-tyeg1y.mee1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lwivdl.123s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lwivdl.123s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hncyyy.qerek.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hncyyy.qerek.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ev2aba.gkaat.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ev2aba.gkaat.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-11ycx6u.i83g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-11ycx6u.i83g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1gm9vk2.zrpb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1gm9vk2.zrpb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1od2mze.rudv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1od2mze.rudv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-a0dzsx.h84va.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-a0dzsx.h84va.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1j6fipj.k26z.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1j6fipj.k26z.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nni3c9.emq8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nni3c9.emq8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-dyr32d.wv7wr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-dyr32d.wv7wr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-k5f3a1.exp6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-k5f3a1.exp6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cui8wm.k87h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1cui8wm.k87h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-wn1m3f.dkwx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-wn1m3f.dkwx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1gtbt2w.xhj9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1gtbt2w.xhj9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qeczfb.6tv3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qeczfb.6tv3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-71jxqo.p4c8b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-71jxqo.p4c8b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-twht0l.jahb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-twht0l.jahb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-r4h547.sfd7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-r4h547.sfd7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-12ndgcj.ldmel.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-12ndgcj.ldmel.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nog1hc.qhje.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-nog1hc.qhje.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-j09fli.83qln.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-j09fli.83qln.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1if5dbg.wx55.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1if5dbg.wx55.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-8a8ke3.yb03n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-8a8ke3.yb03n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1u5tto0.2zhz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1u5tto0.2zhz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-10bi6zn.lv2o.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-10bi6zn.lv2o.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-8jd0it.ndvlt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-8jd0it.ndvlt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sqcv6z.ui4jk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1sqcv6z.ui4jk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ijljl7.q0i9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ijljl7.q0i9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-bhjv2e.zz0w6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-bhjv2e.zz0w6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nw8g3d.v719.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nw8g3d.v719.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qdbepp.w6vt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qdbepp.w6vt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-fdfoch.wchol.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-fdfoch.wchol.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-g1sijh.xdpwl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-g1sijh.xdpwl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-iaepwf.o2hbd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-iaepwf.o2hbd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-red1di.3q4va.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-red1di.3q4va.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-2ws7rn.bbky6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-2ws7rn.bbky6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-3pkh58.86ae6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-3pkh58.86ae6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ctmrf6.nr3nj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ctmrf6.nr3nj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ff3tij.grjb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ff3tij.grjb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lffb1q.89p1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1lffb1q.89p1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-k3enhf.21npa.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-k3enhf.21npa.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-qn2ytq.4x8o.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-qn2ytq.4x8o.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cdfw96.vjabh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cdfw96.vjabh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fzn84w.yvoa.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fzn84w.yvoa.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-7u5gk8.k39q.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-7u5gk8.k39q.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-r9t7rf.62o4g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-r9t7rf.62o4g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h1448z.nz5y.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h1448z.nz5y.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-155nb0z.hrm5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-155nb0z.hrm5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-16rljkz.ontyl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-16rljkz.ontyl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-18kkcpq.nrjt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-18kkcpq.nrjt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-owxrd3.l2n9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-owxrd3.l2n9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ox9p3a.ys8i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ox9p3a.ys8i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-100u808.3g93.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-100u808.3g93.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qxpdv6.5o62g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1qxpdv6.5o62g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1jf51sa.gfkx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1jf51sa.gfkx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-lzrl5h.c0uyc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-lzrl5h.c0uyc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-rs6w2i.ozb8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-rs6w2i.ozb8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-rzdz8g.hv0wq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-rzdz8g.hv0wq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1wf76y5.rpz5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1wf76y5.rpz5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1v9eytd.bkt8h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1v9eytd.bkt8h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-zadrzs.qc94i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-zadrzs.qc94i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nerp2r.7sxrg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-nerp2r.7sxrg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-706hk5.m5rdb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-706hk5.m5rdb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-142aky1.3wuni.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-142aky1.3wuni.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1hyn06f.bm3x.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1hyn06f.bm3x.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-12aia41.8ixt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-12aia41.8ixt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hu9yq9.fg4l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hu9yq9.fg4l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-aewi5c.jhaap.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-aewi5c.jhaap.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1octojd.j16w.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1octojd.j16w.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-eixevl.ny8vl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-eixevl.ny8vl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-3ktu4j.fytlu.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-3ktu4j.fytlu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-imq22g.7eroc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-imq22g.7eroc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bvr2rr.mxuy.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1bvr2rr.mxuy.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-za1rtu.4xf4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-za1rtu.4xf4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ul2xdl.m6qp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1ul2xdl.m6qp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nexojy.zcvs.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nexojy.zcvs.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-15qwz1c.cya5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-15qwz1c.cya5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-4d8otc.tm9c7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-4d8otc.tm9c7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-3ib963.v7hb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-3ib963.v7hb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rsdo7i.z6vz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1rsdo7i.z6vz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1n1zyik.6lxr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1n1zyik.6lxr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-w9jwjv.yv8u.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-w9jwjv.yv8u.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-2snzva.3xl7s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-2snzva.3xl7s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-19m0xit.g8rnl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-19m0xit.g8rnl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ewow8o.kv0ps.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ewow8o.kv0ps.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-hr0qjh.96xhc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-hr0qjh.96xhc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h8d3l8.7b6di.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1h8d3l8.7b6di.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1p4zlq1.yrhr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1p4zlq1.yrhr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-11q6xmx.yfu1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-11q6xmx.yfu1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ndjdwg.8vtx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ndjdwg.8vtx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-du8tl1.asdtb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-du8tl1.asdtb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nmvihz.drcih.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1nmvihz.drcih.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1aho8le.0em7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1aho8le.0em7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-nq92ru.smti.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-nq92ru.smti.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-110d9tb.tgbo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-110d9tb.tgbo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-qo5ile.y5jcg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-qo5ile.y5jcg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1pkhs36.7hy4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1pkhs36.7hy4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-psuv9f.16spr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-psuv9f.16spr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-4v3z1e.7zoyx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-4v3z1e.7zoyx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-5yamk1.42lzx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-5yamk1.42lzx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-pammdc.p824.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-pammdc.p824.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-k5coi6.j09yn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-k5coi6.j09yn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-9dfx45.zyjga.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-9dfx45.zyjga.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-cbufl.v2capm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-cbufl.v2capm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1po3pj2.dw1q.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1po3pj2.dw1q.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-f3watv.2ut5h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-f3watv.2ut5h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ku69fr.ccg8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ku69fr.ccg8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-57xsrk.g95ej.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-57xsrk.g95ej.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-16bns77.iyd9g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-16bns77.iyd9g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-p254td.2qvhc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-p254td.2qvhc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-atdoeh.9m0g6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-atdoeh.9m0g6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-m6c3tz.k719.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-m6c3tz.k719.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-zxzz6a.84e7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-zxzz6a.84e7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1p46fj9.a4fv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1p46fj9.a4fv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-13xi2ed.as0h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-13xi2ed.as0h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-ndvjm8.smbe.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-ndvjm8.smbe.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fktqdh.jm8t.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1fktqdh.jm8t.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-n5q5xa.pt3jp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-n5q5xa.pt3jp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-1184-1x0npd1.cizk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-1184-1x0npd1.cizk.jpg"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | whoevenareyou.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | tcp | |
| US | 172.67.176.119:443 | tcp | |
| US | 172.67.176.119:443 | tcp | |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
Files
\Users\Admin\AppData\Local\Temp\a9dc2ca7-5023-465f-8f1b-de82c74c40e4.tmp.node
| MD5 | 8982448cb4f28b82876befe6e8af25d1 |
| SHA1 | 4d3b2fb5b42fc27c1ac9363003abc16ada188581 |
| SHA256 | 78734316565f73b735bc3acb4c8bc6b41fe886ca20ee81e620dbea1e23e1fb38 |
| SHA512 | 3edef33d5cd40f3432aeae603e725f0aacd6e7e387cc6723eac8d3030c3c78e43539a5e6e63c75a4acfd24e9c9fc8913d204ba6523be01ca31cca9a181a49a4b |
memory/2644-5-0x0000000000060000-0x0000000000061000-memory.dmp
memory/2644-38-0x0000000077DD0000-0x0000000077DD1000-memory.dmp
\Users\Admin\AppData\Local\Temp\3fefb00a-7199-4ff3-a098-556ae83f30b0.tmp.node
| MD5 | 30af610789f7032760077d9c1197d0f3 |
| SHA1 | b57027046f9c7b3d4cda0aef5c8baa334b6fc339 |
| SHA256 | 64d0ead558c2ad1676574a0603111bf683286ea151daa2733c64739764de4722 |
| SHA512 | 457dfb6de5b0ea065a8736447c3d63eb70161dffb1a4b5e2e0f9cdc579c5422cf305ffa48f90a847c5d98cf7888cb7022494c4e280ba7fe49c1e3035a81ca0a4 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt
| MD5 | dec2be4f1ec3592cea668aa279e7cc9b |
| SHA1 | 327cf8ab0c895e10674e00ea7f437784bb11d718 |
| SHA256 | 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc |
| SHA512 | 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt
| MD5 | 810ae82f863a5ffae14d3b3944252a4e |
| SHA1 | 5393e27113753191436b14f0cafa8acabcfe6b2a |
| SHA256 | 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c |
| SHA512 | 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112 |
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat
| MD5 | da0f40d84d72ae3e9324ad9a040a2e58 |
| SHA1 | 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f |
| SHA256 | 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b |
| SHA512 | 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9 |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\app.manifest
| MD5 | 8951565428aa6644f1505edb592ab38f |
| SHA1 | 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2 |
| SHA256 | 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83 |
| SHA512 | 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5 |
C:\Users\Admin\AppData\Local\Temp\screenCapture\CSCED626FAAEC4349CE8D48CC1198A6820.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
C:\Users\Admin\AppData\Local\Temp\RES86AD.tmp
| MD5 | f387b9f24ebec14c2e96bec2ebbdc6e0 |
| SHA1 | c24ea0fd40a502bad969ad8f6eb9e6508fe96300 |
| SHA256 | 710094f940ac81215c2b3cc8cdf4829703bfa63d599620844396adad89e9564d |
| SHA512 | 8d994bb1a8f9217e044b32f342f510924eb55657618c936bca9e682fe732e13607da145f16f46471a4f81882b7ce7dc95fd26f730df53814353b7c9dbcff9e4a |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
| MD5 | e9c3f8d68ea1582e54d1dffc2c5408ac |
| SHA1 | 18e463c1c02af09175423a8e5b91f0b8b9010f63 |
| SHA256 | eed14a62aafc15c627dd0c56f9c551648be5d136edc914f812ef6a66eb6f726f |
| SHA512 | 72051e902253bd6e46fc18f3d45d8744f4f8a43a216d32d27e7ac9a838c017c659cd656ac32c0eb699ec0df00bfdac0972ffa637501224219040c7b30cee17cb |
C:\Users\Admin\AppData\Local\Temp\RES8640.tmp
| MD5 | 51d258cd08750e75f16a4f1fb791fa99 |
| SHA1 | 3de2eb432b554d513fed67beb220469c7da80aab |
| SHA256 | 35d7a7b33f2f7dd505d44a33ffa34d117556e265f9ccfb4befcc607a9db9726c |
| SHA512 | 2994829148da7bd411a802b7fca882465c8d554bb02a4b5a7d6c61a73695a7a5b66064ab076b12239f2196d925a21a7facc31a3f7eb1056f1ed704b069051a38 |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
| MD5 | de84e425e0f0d034882d28b68298cae7 |
| SHA1 | af1f3d3667da76c48a559d127413c73eb75e1e5c |
| SHA256 | 6715506baa734be2f2b70c73a73800d0a05f49bdfe5181297d21594054ce5f0c |
| SHA512 | 8b9839f345092e387c6770bbc9e8d65cdf9cfa5c7d71a31c340500c7965798753635443da3f5d8b5d0c6f54b7a20fd03e300ab7720523d212ffe17425d4819ed |
C:\Users\Admin\AppData\Local\Temp\RES865F.tmp
| MD5 | 196e90a6e9968e34e34582233144d063 |
| SHA1 | 05cdcb3838c39b3a457789f6ce8192b8f7651e24 |
| SHA256 | c5b078f163f211a3a79054c31b1f46bcbf5bedc468a9fbbeae8c4905fb0d27fd |
| SHA512 | 5ff5ea281889ca800f4118374e93672a0253a378fcf4c55099810a1b88f2f28fbf10298919239fd125413bac02001f6aff12e8ec4ea79762b33741d558655343 |
C:\Users\Admin\AppData\Local\Temp\RES86AE.tmp
| MD5 | 6b2b032747dba1bd01d3ce04b97baf48 |
| SHA1 | fdda947a5ba3a94f8e2cef0d07d54a9d4df4061d |
| SHA256 | 6241b149c191545585ce18bf6ff6933e19657e8966a34cde78c0064976245270 |
| SHA512 | 333768c444fe8d2cb547ee9c9e83d52c59745997b214513f39bb2e4fa89df7f64749e5044c3b4ca1a968d28a4ee2ded8fd876b338b361dcaa464a612c81dc94d |
C:\Users\Admin\AppData\Local\Temp\RES86AF.tmp
| MD5 | 6b1640bdec0284b05a25329f107bf09b |
| SHA1 | 86bb38655acb9d5dccbe08f4d41ef8ded675db5d |
| SHA256 | 3218fc2e608e54f5e5d28b27b9b2035bc8250864d9ded75f012796d70e038076 |
| SHA512 | 6a91d681f0c5b036c938ee417b92205850b1e7d3ec926ccb029841ec175bf0e2c61633a494d16065c8d03c5acb87d133aed20f3b734595ee620c18a3f218e423 |
memory/2540-186-0x0000000000F10000-0x0000000000F1A000-memory.dmp
memory/2748-202-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\202438-1184-py86ls.60cvg.jpg
| MD5 | b6fdf73a72b204bbd9e4cc7c1f0b3da5 |
| SHA1 | bfc07cd18697af9d2c1f8b896de719baccbbe443 |
| SHA256 | 7968dda27479ee8b3cbc3abc7523e42234a6854782e49ee98ea1405d527b3495 |
| SHA512 | 5de6eb47e38cae06160e59185f2ea5475b7991d919b1f27fdf37f1ad48d29f21d05a6b80d541613ef66ebbf0a82df04ef5f1f9c789d215b68f49dfaa11ea894e |
memory/2580-203-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/3068-204-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2540-205-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2384-206-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1700-207-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2516-208-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/592-221-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/888-227-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/592-233-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1700-241-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1620-245-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1796-257-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1280-263-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1280-271-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1848-265-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1848-275-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2976-278-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2324-283-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2092-285-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2636-289-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2636-304-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2540-305-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1712-310-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/112-317-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/112-326-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/888-319-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1620-331-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2000-341-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2660-346-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1796-352-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2000-355-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1912-337-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1824-361-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1736-368-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/648-371-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1824-370-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2244-377-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2796-291-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2244-383-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/648-390-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1328-396-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1328-393-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1560-402-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1848-400-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1240-405-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/432-417-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1848-418-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1240-419-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/432-420-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1560-421-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2796-422-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2324-429-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1524-435-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2732-437-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2732-445-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1632-444-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2084-446-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/1736-449-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/112-454-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/112-460-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/2084-458-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
memory/3052-464-0x000007FEF2C20000-0x000007FEF360C000-memory.dmp
Analysis: behavioral21
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win10v2004-20240226-en
Max time kernel
139s
Max time network
159s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES96D1.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC887F58CC71C147899F32B7B7DFC0349D.TMP"
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
Files
\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC887F58CC71C147899F32B7B7DFC0349D.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
C:\Users\Admin\AppData\Local\Temp\RES96D1.tmp
| MD5 | 9eca00e2e8bcf3addfb338b33f45eb62 |
| SHA1 | eef50b9390906a982b45d40029192f6ab575a8a7 |
| SHA256 | 542dcebe95633721d7d3845362539ad5414ca95e77849255c17875fce166269c |
| SHA512 | 04160ba6d1da7a5bc73a23c133dda67028d52a37bb136b9bf8fe29c9092e998407d067525bc0bba3c0e17dcd80bddf1df9f0bb277c4d2e6280d36838453716c9 |
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
| MD5 | 96532e3fb8f05a5d441369bd7e47a557 |
| SHA1 | 9a13fa21891c08e64e4d59e04c65a0eed3fabb99 |
| SHA256 | fb3ac619c189f59238145b285c871fbc17aa07d85b547a768cb637358d80507c |
| SHA512 | ac36df3ad6de65657a72d42e9830e35434a9c89de3c2db12dcc52838a9e49f5660f0086596a6132e358297baf9fe99d120ebed2b2c67fb52bded91dc13e0144f |
memory/364-9-0x0000000000FF0000-0x0000000000FFA000-memory.dmp
memory/364-11-0x00007FF9D1B60000-0x00007FF9D2621000-memory.dmp
memory/364-12-0x00007FF9D1B60000-0x00007FF9D2621000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win10v2004-20231215-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4492 wrote to memory of 3492 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4492 wrote to memory of 3492 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4492 wrote to memory of 3492 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3492 -ip 3492
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win10v2004-20240226-en
Max time kernel
156s
Max time network
169s
Command Line
Signatures
Epsilon Stealer
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsBootManager = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsBootManager.exe" | C:\Windows\system32\reg.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Node-js.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=gpu-process --field-trial-handle=1640,15988592063297420386,14195150436517721813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,15988592063297420386,14195150436517721813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --mojo-platform-channel-handle=1960 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
C:\Windows\System32\Wbem\WMIC.exe
wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
C:\Windows\system32\cmd.exe
cmd /c chcp 65001
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-g7l8x7.gu7q4.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14tdgzx.l2t7l.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-gato2w.km8ek.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-19ha239.lf2f.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBC0C.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC97E0769C437E403BB6AC9E80CDA8CD26.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-a25pq3.6qec.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-gato2w.km8ek.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-g7l8x7.gu7q4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1byiezb.vq3pg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wgz2t9.qzwph.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-a25pq3.6qec.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14tdgzx.l2t7l.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-19ha239.lf2f.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1csyi24.yj0p.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-qua8ok.8lft.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14hpxha.fmzkj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-utlxrx.jjl59.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-163eac3.lh59.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1csyi24.yj0p.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14hpxha.fmzkj.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-utlxrx.jjl59.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-163eac3.lh59.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-qua8ok.8lft.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1byiezb.vq3pg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wgz2t9.qzwph.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fz2dmw.wc3o.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1264gnf.x4nw.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-88sit.5h5ne.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jebv6m.tvi9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1264gnf.x4nw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fz2dmw.wc3o.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1yn0ayc.uvyx.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1aqqo83.kamy.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-88sit.5h5ne.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jebv6m.tvi9.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1yn0ayc.uvyx.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1aqqo83.kamy.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wyazbx.rqmoj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wyazbx.rqmoj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-bdx0qc.zbwks.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-bdx0qc.zbwks.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-8od1ni.m3hes.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-8od1ni.m3hes.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1s1te3m.7s94.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-k4vkv7.11ye.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1s1te3m.7s94.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-k4vkv7.11ye.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1i2q7kq.9q88.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1i2q7kq.9q88.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14ilnht.wfpt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14ilnht.wfpt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14xohvr.tusu.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14xohvr.tusu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p5sr7g.rws8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p5sr7g.rws8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-o74mya.nfosg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-o74mya.nfosg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-2m06x1.e8mi4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-2m06x1.e8mi4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ftluj3.p29iv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ftluj3.p29iv.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rnkjvu.mbeb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-w5i5iv.00uz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rnkjvu.mbeb.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-w5i5iv.00uz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-po8y3e.lsze.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-po8y3e.lsze.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-113qbfa.qwst.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-113qbfa.qwst.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-bat6g4.188n.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-t4l4ss.y3kc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-bat6g4.188n.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-t4l4ss.y3kc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-173lr5j.669qi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-173lr5j.669qi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-8344bi.35wpp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-8344bi.35wpp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-m9pgod.ejov.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-m9pgod.ejov.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-11kis9h.0fvb.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-11kis9h.0fvb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mtgefe.p3mx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mtgefe.p3mx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-wqv612.8lo1g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-wqv612.8lo1g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1vkhfvx.z1tt.jpg" "
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1vkhfvx.z1tt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-p90ptq.0fq7.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-12m1748.ctocg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-viq4w4.dxg1s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-p90ptq.0fq7.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-12m1748.ctocg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-viq4w4.dxg1s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-11v0hd2.j6ns.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-11v0hd2.j6ns.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1enm55r.z0ha.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1enm55r.z0ha.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1a6niuq.68ew.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1a6niuq.68ew.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-arlrot.db9dd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-arlrot.db9dd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-39xt9l.r7s4z.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-39xt9l.r7s4z.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1ym69cp.ce8s.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-prwpck.c0jnh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1ym69cp.ce8s.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-prwpck.c0jnh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-5ikhus.1g9zm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-kjyl1n.4j96.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-5ikhus.1g9zm.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-kjyl1n.4j96.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18w5l2p.g265.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18w5l2p.g265.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ld234f.arf0p.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ld234f.arf0p.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-984sk9.w36ok.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-984sk9.w36ok.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rusa38.pehuc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rusa38.pehuc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1nx5o9y.n075.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1ord9lf.twyz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1nx5o9y.n075.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1ord9lf.twyz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18kp7bw.bit9.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-12gnpb6.il0n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18kp7bw.bit9.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-12gnpb6.il0n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1h7n224.zh4cf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1738w2l.5q3o.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1h7n224.zh4cf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1738w2l.5q3o.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-oexq7b.wy33c.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c7k41.raaq9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-oexq7b.wy33c.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c7k41.raaq9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-l0kz02.5lnu.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-l0kz02.5lnu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-126s8em.mgvh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-126s8em.mgvh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-jwglxo.aqh2j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-jwglxo.aqh2j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-16liai8.8k2h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-16liai8.8k2h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-tf80h5.ffue.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-tf80h5.ffue.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-17dn5k0.pty4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-17dn5k0.pty4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fupaqi.h03c.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fupaqi.h03c.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rjpymk.zgg88.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rjpymk.zgg88.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-43zpnz.y6ehq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-43zpnz.y6ehq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-nbdoxg.4k4b.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-11roome.k7as.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-nbdoxg.4k4b.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-11roome.k7as.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-152m2z5.4mq0i.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1pr0why.64bkg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-152m2z5.4mq0i.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1pr0why.64bkg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-jeahpb.rsw28.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p7y7bk.idms.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-jeahpb.rsw28.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p7y7bk.idms.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1eeo196.szu6.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1407hf7.9j1m.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1eeo196.szu6.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1407hf7.9j1m.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wc02aw.imcc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wc02aw.imcc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-15a6lt2.96le.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-15a6lt2.96le.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1prpent.4wnb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1prpent.4wnb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14au2ev.tjrk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14au2ev.tjrk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bx2rpj.5hpo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bx2rpj.5hpo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wxssr0.y43dj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wxssr0.y43dj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bb5e65.k8is.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bb5e65.k8is.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-16s8o0i.ju8h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-16s8o0i.ju8h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-bvui45.sqc4q.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-bvui45.sqc4q.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1i09exh.rto.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1i09exh.rto.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-x0b563.00mqj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-x0b563.00mqj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18zam99.m5dz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18zam99.m5dz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c6ke7n.lkh6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c6ke7n.lkh6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1065m3g.szws.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1065m3g.szws.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1l43eth.cl0g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1l43eth.cl0g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ik3dp7.tj91e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ik3dp7.tj91e.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-6psrvz.07ex9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-6psrvz.07ex9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18vn5rr.teoji.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18vn5rr.teoji.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1j6y9kv.rb9h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1j6y9kv.rb9h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-101pxam.hthk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-101pxam.hthk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1rvmw5f.g3yr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1rvmw5f.g3yr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-2g961r.28ci9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-2g961r.28ci9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-qc1opt.1nv0b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-qc1opt.1nv0b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-101ur3k.n2j4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-101ur3k.n2j4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wyaxjk.1g67h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wyaxjk.1g67h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rwpqgs.y7z9m.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rwpqgs.y7z9m.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1g1hw7k.700v.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1g1hw7k.700v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-13l1fok.dkwk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-13l1fok.dkwk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-xdk9ln.vaa.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-xdk9ln.vaa.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-164p2gz.fo4v.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-164p2gz.fo4v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1991foa.33z3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1991foa.33z3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-97q0j0.wqs3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-97q0j0.wqs3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gid85b.rzfh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gid85b.rzfh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-17parr8.wml7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-17parr8.wml7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18wzk77.931y.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18wzk77.931y.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-9vnscg.yqbnn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-9vnscg.yqbnn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c86nvk.bwl2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1c86nvk.bwl2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-9envj4.chdsw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-9envj4.chdsw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ok1x2i.f6s1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ok1x2i.f6s1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rgb9dk.6n25g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rgb9dk.6n25g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mvbnq5.pu7k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mvbnq5.pu7k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-d2ukhg.y6vo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-d2ukhg.y6vo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1edu55q.8kqd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1edu55q.8kqd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-m2qgtn.akaqb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-m2qgtn.akaqb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-k1ogo5.g3jpj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-k1ogo5.g3jpj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-nc763s.e7ruh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-nc763s.e7ruh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-kttl0v.ej5k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-kttl0v.ej5k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1iy52gj.1nnd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1iy52gj.1nnd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-159en90.ctjg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-159en90.ctjg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-5hgbcz.xuz1t.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-5hgbcz.xuz1t.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-umynkj.7cmm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-umynkj.7cmm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1s1vj1z.x7n9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1s1vj1z.x7n9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-htbwcy.1tgj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-htbwcy.1tgj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-93qmfh.9mw3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-93qmfh.9mw3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-nda1d6.imn5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-nda1d6.imn5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ih22jx.rletp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ih22jx.rletp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1g88bs.6ifka.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1g88bs.6ifka.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-h90d10.1mtt7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-h90d10.1mtt7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-6zaf5x.g1bpi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-6zaf5x.g1bpi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wtw05b.52tp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1wtw05b.52tp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1k3ozfb.358h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1k3ozfb.358h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-er1u6n.2lrjh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-er1u6n.2lrjh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1vu1jbr.rnkag.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1vu1jbr.rnkag.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-15rscs0.q2dx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-15rscs0.q2dx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-yqeukg.ore0k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-yqeukg.ore0k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-fsicvb.ki4v.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-fsicvb.ki4v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ph7mt9.6qta.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ph7mt9.6qta.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1tr2gww.i2ew.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1tr2gww.i2ew.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-vavvkg.yj77.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-vavvkg.yj77.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fjbbyk.5pdo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1fjbbyk.5pdo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-3oekjt.chbue.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-3oekjt.chbue.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-17c25w2.n3zij.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-17c25w2.n3zij.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1biz8mt.af5bk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1biz8mt.af5bk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-c3eant.i8kfq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-c3eant.i8kfq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-doetzb.1hx98.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-doetzb.1hx98.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1u6dqll.q4i7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1u6dqll.q4i7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-masqhs.5sg5i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-masqhs.5sg5i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-r6oxj3.ak63p.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-r6oxj3.ak63p.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-n17lc6.b7iu.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-n17lc6.b7iu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-mkkc7c.91oyh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-mkkc7c.91oyh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bltpw4.kp8cj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bltpw4.kp8cj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-fsd3lx.ck747.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-fsd3lx.ck747.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-rwbpio.zklgp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-rwbpio.zklgp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-4f773c.8ahgb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-4f773c.8ahgb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-5o3k73.5z2tl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-5o3k73.5z2tl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-10xwjsu.h7y0l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-10xwjsu.h7y0l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ar1mk0.wbiec.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ar1mk0.wbiec.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-fv49bq.dsb3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-fv49bq.dsb3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-5nrk7s.wvw7c.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-5nrk7s.wvw7c.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-17pkc4i.j204.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-17pkc4i.j204.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mg43hz.kete.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mg43hz.kete.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-gkz9wq.uqkpi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-gkz9wq.uqkpi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-h4e562.mqtx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-h4e562.mqtx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jb1shv.9tf9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jb1shv.9tf9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-16jj7bc.ebq8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-16jj7bc.ebq8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-gyb93b.8jkks.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-gyb93b.8jkks.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-816bn6.g32r9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-816bn6.g32r9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kct2hi.xfy5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kct2hi.xfy5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-soxlya.26jq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-soxlya.26jq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-5vav77.nkobq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-5vav77.nkobq.jpg"
C:\Users\Admin\AppData\Local\Temp\Node-js.exe
"C:\Users\Admin\AppData\Local\Temp\Node-js.exe" --type=gpu-process --field-trial-handle=1640,15988592063297420386,14195150436517721813,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Node-js" --gpu-preferences=UAAAAAAAAADoAAAIAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jwdzlj.g0kx.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hn5we3.1mrzj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jwdzlj.g0kx.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hn5we3.1mrzj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1it1gnw.a5bt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1it1gnw.a5bt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-okhygp.qzyxk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-okhygp.qzyxk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-lfgnfl.dxtmc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-lfgnfl.dxtmc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-13a06k1.fvb1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-13a06k1.fvb1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-16zhrjp.osoag.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-16zhrjp.osoag.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-gjp8wq.i88k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-gjp8wq.i88k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jr31sk.95mzg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1jr31sk.95mzg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1r5ol5u.ufls.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1r5ol5u.ufls.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mijgtw.c4nx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1mijgtw.c4nx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-181envk.yw22f.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-181envk.yw22f.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1t4hbny.twes.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1t4hbny.twes.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gxeoba.md5w.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gxeoba.md5w.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-18j2fhl.33qi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-18j2fhl.33qi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-udkw6g.jpm7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-udkw6g.jpm7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kkb7da.pr4t.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kkb7da.pr4t.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1nl5d5t.svj2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1nl5d5t.svj2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1974ghs.xzfi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1974ghs.xzfi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-k2rxix.zuru.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-k2rxix.zuru.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1h26krw.1eql.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1h26krw.1eql.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-14g9uv.ulzmt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-14g9uv.ulzmt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hoe9dh.ime2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hoe9dh.ime2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gzy12t.yp87.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gzy12t.yp87.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-4x2qcg.lvd9b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-4x2qcg.lvd9b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-13ya8r.k3jqfi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-13ya8r.k3jqfi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1931u1t.fxeb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1931u1t.fxeb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-4571pb.unrj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-4571pb.unrj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bcnuh9.ge46l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1bcnuh9.ge46l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1aipkw8.v0nfg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1aipkw8.v0nfg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-17a9yjn.0d15g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-17a9yjn.0d15g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-b53q5k.3zdad.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-b53q5k.3zdad.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-15a1yde.rqh1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-15a1yde.rqh1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-3vkrj7.7o71c.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-3vkrj7.7o71c.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1csoy26.rq3gk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1csoy26.rq3gk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1st7yc8.e8d6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1st7yc8.e8d6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hn1amn.76p4k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hn1amn.76p4k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gmg7bj.2gqi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1gmg7bj.2gqi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1qjj2j4.v1zg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1qjj2j4.v1zg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-ammp6e.46c7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-ammp6e.46c7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-lvltsk.zsoi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-lvltsk.zsoi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-mit6k4.gmmr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-mit6k4.gmmr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-3ioxlz.psu44.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-3ioxlz.psu44.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1efjbv5.i8lc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1efjbv5.i8lc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1iihipn.5wdc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1iihipn.5wdc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kul7t.2zgrhh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kul7t.2zgrhh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1tzq3bt.8xqd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1tzq3bt.8xqd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hox4r8.sfdf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1hox4r8.sfdf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-2oq7v0.yghfn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-2oq7v0.yghfn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-19m1u55.lzu7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-19m1u55.lzu7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kzoq0y.c1te.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1kzoq0y.c1te.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p7kcx8.8ssi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\202438-2012-1p7kcx8.8ssi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\202438-2012-1x019sj.nic2.jpg" "
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | whoevenareyou.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | 119.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.40.21.104.in-addr.arpa | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\ee2d78e7-8cbb-45ab-8ca2-c0f42c0f3c40.tmp.node
| MD5 | 8982448cb4f28b82876befe6e8af25d1 |
| SHA1 | 4d3b2fb5b42fc27c1ac9363003abc16ada188581 |
| SHA256 | 78734316565f73b735bc3acb4c8bc6b41fe886ca20ee81e620dbea1e23e1fb38 |
| SHA512 | 3edef33d5cd40f3432aeae603e725f0aacd6e7e387cc6723eac8d3030c3c78e43539a5e6e63c75a4acfd24e9c9fc8913d204ba6523be01ca31cca9a181a49a4b |
memory/2964-6-0x00007FFE76180000-0x00007FFE76181000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\03c91d8d-e645-4035-ac3f-04174885245b.tmp.node
| MD5 | 30af610789f7032760077d9c1197d0f3 |
| SHA1 | b57027046f9c7b3d4cda0aef5c8baa334b6fc339 |
| SHA256 | 64d0ead558c2ad1676574a0603111bf683286ea151daa2733c64739764de4722 |
| SHA512 | 457dfb6de5b0ea065a8736447c3d63eb70161dffb1a4b5e2e0f9cdc579c5422cf305ffa48f90a847c5d98cf7888cb7022494c4e280ba7fe49c1e3035a81ca0a4 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt
| MD5 | dec2be4f1ec3592cea668aa279e7cc9b |
| SHA1 | 327cf8ab0c895e10674e00ea7f437784bb11d718 |
| SHA256 | 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc |
| SHA512 | 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt
| MD5 | 810ae82f863a5ffae14d3b3944252a4e |
| SHA1 | 5393e27113753191436b14f0cafa8acabcfe6b2a |
| SHA256 | 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c |
| SHA512 | 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112 |
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat
| MD5 | da0f40d84d72ae3e9324ad9a040a2e58 |
| SHA1 | 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f |
| SHA256 | 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b |
| SHA512 | 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9 |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\app.manifest
| MD5 | 8951565428aa6644f1505edb592ab38f |
| SHA1 | 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2 |
| SHA256 | 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83 |
| SHA512 | 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5 |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC97E0769C437E403BB6AC9E80CDA8CD26.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
C:\Users\Admin\AppData\Local\Temp\RESBC0C.tmp
| MD5 | 0543eee5312c838aa500c77ab7a88529 |
| SHA1 | 588e5b8923a48010a8b823b626b82a2701d3b3c3 |
| SHA256 | 8ff5a43e4a7547986d31471e11690fa79ff2c965c14bf4476503efcd19647d81 |
| SHA512 | a506850c3ba5a49b6d887a24fb32c45695a54198bd657cd6d3674d4ce8304f31173f63b4140ebf1502df9d69ea0b7f85833a6c665060a201afba01fc17e5439e |
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
| MD5 | 33448cb484144d9077b9e9bc3ebe0014 |
| SHA1 | 0321c7db7114bab8ed36dbcf150955745281150d |
| SHA256 | a62224a21aa8c4b70b6d0862239f88102c98e78889e8e0c40a2f82d40ccae1da |
| SHA512 | 158e8a3998802bafa30318c4ebda99a3be236bcc609fe30000bd4ac68bf29acdb7a933cfd7491f93cde5ab79f7e81ee2c73231f68ec3fc7cecf63b070532593e |
memory/4992-88-0x0000000000C80000-0x0000000000C8A000-memory.dmp
memory/1792-89-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/4992-90-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log
| MD5 | f3ac7a0e31b9af1b495241eff29915ad |
| SHA1 | 286fe23eba741cd3fca3f3e9a919021946655392 |
| SHA256 | f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a |
| SHA512 | b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210 |
memory/1792-98-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2080-99-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/4992-103-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/4060-104-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2080-107-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1192-102-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1192-115-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\202438-2012-14tdgzx.l2t7l.jpg
| MD5 | de3b4935325b649bacc1aa2995e25170 |
| SHA1 | 76e476ce1ca6e76cb1886996ca2ed241644308c7 |
| SHA256 | 1032512cd6c1684a653e4321ba85f632cc39bcffa1ec14ed051e4d09751dbe8e |
| SHA512 | 5deb88be1c4dad6b9f27fd7ce5fadeb13d04378c02d51c3a615a41fed730d3aaf3835b311bac474d3332c9cb5652fc5344a3b497c917471e3707b3becfea7b51 |
memory/4060-112-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2964-124-0x0000025C96CC0000-0x0000025C97015000-memory.dmp
memory/2740-134-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1520-135-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1932-136-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1932-163-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/5052-166-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/5052-178-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3576-175-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3576-162-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1520-160-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/4596-154-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3440-153-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2740-152-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1840-148-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1144-149-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2396-201-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2512-206-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/4900-214-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2736-215-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2660-213-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1632-207-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\202438-2012-1wyazbx.rqmoj.jpg
| MD5 | 05d18d3fcd567b5ea2a8c999d12da170 |
| SHA1 | 9b99ddc8417d427cbbaa548a6a050e9964056b1e |
| SHA256 | a1fb36000f9ad0e1ebd930b57df641a21730a844aea60fd6c3d3a40b33daeceb |
| SHA512 | a912c8bd9e705733de2ce462ec05ff4396e89eb5dd3352a409f87c9df511df3e16940f42ce3406ee655e692bf5ff280a40c02274146f97576dececc984f051ce |
memory/2972-235-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/4264-237-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3884-242-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3884-245-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2744-251-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2744-254-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2972-217-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3772-210-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/808-266-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3276-273-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1860-276-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2920-275-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1840-280-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/4456-281-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3780-277-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2548-286-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3380-293-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3380-297-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1520-296-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2548-292-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/4456-291-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1520-307-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2676-321-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3840-328-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1228-329-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/452-325-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1228-331-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2948-330-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2728-324-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1904-323-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/5036-322-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/3840-320-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/1864-306-0x00007FFE569B0000-0x00007FFE57471000-memory.dmp
memory/2964-536-0x0000025C96CC0000-0x0000025C97015000-memory.dmp
memory/2736-720-0x00007FFE76180000-0x00007FFE764D5000-memory.dmp
memory/4836-1014-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp
memory/4836-1013-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp
memory/4836-1010-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp
memory/4836-1021-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp
memory/4836-1022-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp
memory/4836-1024-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp
memory/4836-1029-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp
memory/4836-1031-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp
memory/4836-1033-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp
memory/4836-1026-0x0000020DDFB90000-0x0000020DDFB91000-memory.dmp
memory/2964-1117-0x0000025C96CC0000-0x0000025C97015000-memory.dmp
Analysis: behavioral18
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20240221-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win7-20240221-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f11261ad89da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000ad35ca625be7f2b2a6acbd8faf1ac8c418682d7b75e791fa1a5aa32f32d9d3f7000000000e8000000002000020000000f007a2eaa5a3f3c0067edee33a21af76b00e3ad9f3e5b92455b6c9a1485b3be120000000dc49a33cd1c140bfcb55dcdb7194dd67dc3131a16dd1af1823cd6318ae8a95a540000000954e6a4ee782e026a43f3d54d23031ae41dab6daf9d8a273ace26bcfef94c9bbd18ebe6090811eb437d35bb0ce5e57eb8603f52f5398436a6cf3360570083cd1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B990591-F5A0-11EE-AFF6-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418739907" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000f9bb547b358787d6970b60ea8b92c617e7f0714904e2b955305baf8b5a0e3e94000000000e80000000020000200000007d8a8447403804490fb7ef70510bb55288026a0fd290516b8eb7f9d334038e2f9000000063255b03c17b3fe15749723f1795ea54068bd184c25a95da22fa5049ed37cc0b127e72e400ec9ed6e4ac1c3c59bf4d54db4dfc87fe0a1d3936f390329db45af0efa5b683fce27517d01c6115a850dc5c264efc7eabe63697e3a999a0af2f830b66dc2fa05dacc0090ba580c9997852379b1352cf93495b35e12c1bd87621892b54ff9de6111f7d3ef6965913eb4ecbb94000000047cded87f65609cf9dbe43b267eba4f74bc764280859c907cfc726be9bd7117e99e02b7f18c81fe4b6213d93b033d197d14e70e60a8b69603d280358d186e277 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2276 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE716.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\CabE832.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8263204afd609f5d9cf1d21957ffdbe5 |
| SHA1 | 00d349ae9f7f1c12577d0229abefbb7ebec4cb03 |
| SHA256 | 66cdafeb4f455101e2f500937367b2d59540ddf20ee7a50f1520a5b6203c85c9 |
| SHA512 | 98e833926fb151e42353c7fa75f3a09c9561d154508b6fa2f865e579774fcc9f26563a2e89c6ad955f35f2bdd9397e2e8d6dfc1abedc91799a72bcc9e62d4c69 |
C:\Users\Admin\AppData\Local\Temp\TarE866.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f23982277fd1e87579cfe2d9e8a3aeab |
| SHA1 | 247c2139c0f0a11f07ba8ea9aed31123a7ff3391 |
| SHA256 | bf4abc55c3e1e112c5366c23fbb43e9ff250c1515e3a3c0ad8a0942c9a861bd1 |
| SHA512 | 40dec6d203c06f9f517ea74cd50031f80b7f2555660656b40ccef3411cfd53b13f3fe3748cb85a6c9d0077e2533beef205e4f4c0c1c2d0b2d9588f456414d608 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52c798bb098f190c7e64abf2503832bd |
| SHA1 | b8f0e60e007335d7425b221d479c935814845b7d |
| SHA256 | a47530b075f194ee35b32dc841f15c75a36f80a23ae8d664d09e14d4648914df |
| SHA512 | d30accda637442af72fb88f2325245f2557ead6bf69b3072dc06dc083d1e9920e4369df30898ee38f6767117d9696b20434daff11bbaabc303f7c690443005bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bc661805de9018e347eba06c022c480 |
| SHA1 | f61c348739024a20b3dc88c40b5d1af94cfc6aaa |
| SHA256 | 2503adbface2b7e3cb25cbd3ae11a672786109e01ea933b386cb221f7f120a7b |
| SHA512 | 69e24e58d63f9cd93e6b17e85f998ed05f86977a1cfa73e6641b0ed3fe5f6a26aa68220e83e7bdd755c0d997cf48068f0bd5a339085725ff82fa7e78034a773c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 298d3dea29dc461dade60ac941bb090f |
| SHA1 | ace632e45ca979a388eb0d9ba3cdf62e2114d37d |
| SHA256 | be2bbb6f37c27c6a8256eccb9795ea092edbc22af4e9784155e32ca2e5e7579d |
| SHA512 | 12613c46e40537876c0eaf5ef2257a36da8752221d60d9b0534525c329343c2a52d253bbb07192b2c825157f8349cdcfef7f95401f2e7e6323d9058d481406d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bb6885447e80eba80cde8e0a9a70adf |
| SHA1 | dd055f5ffb88b8195d51d8077169a62d3cbbb41a |
| SHA256 | 759c545d3efa11e946dcf8d7eb55a6f2dcc31521d142e87076599b9cfed31b85 |
| SHA512 | 57a0821c4d8b73020d41f46113b1263292f610e20c6b0907737ec621b76d32b9c303177a0e2517ce60fef6b02a9471a45fbd29803a4f43e03e8499a9c64ad261 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d3bdc7e62cb2cd3e97aca900914e36c |
| SHA1 | f5c678fd8b1f39fcc38ba068c057cece5a42bca4 |
| SHA256 | 5f450941728efc270f4a6555d091dd9ff5c6f5566c30669285f55c84db940e55 |
| SHA512 | 2cd9f6c93cf46b64dcfc8f31c959d07c5b1743a0c50767fe4deea89ef5cd5b26bb9298cf06cf50b41ce45d74d20da8c90a163d96bd54a92c39d19f0b7b840b4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16d276779c532db502bd1e4cf659cee0 |
| SHA1 | 4c5b38c35384b7fe31238fc609caf38ef5341ced |
| SHA256 | 2348f04e623f1f376e493205de3f3ebebba3a7e51456de973ff9fc14b904ff85 |
| SHA512 | 3c96c9cd9906d35b708c3f165b5b717d2ebe5a5c437f896b1d74e017475d9cc86b33932eedf1dbb1cd05bbd4241ae9f73fa287549ddd0a803997d3c1df58fd72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9df248d3ead5731f321a2eaaf5682bd |
| SHA1 | 51bf85d10081f693d35f336bf99af756996e2eac |
| SHA256 | c64b993c2e647c1307bf557836735c4cc6090e923a1f4a5e7a76268e1b2db43a |
| SHA512 | 1fee78c48e78afde194cfdcebb4f66ffd1dbd925c614f181a9ae647c76d4d6422050a7b15148011990a69ad09c53eb5f2a3ed81b3d4d0ef11751d515ba6ad837 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 722f6ef0c656feee78869253659a1b05 |
| SHA1 | 4ea43271d7f826d4934183f05c85ae4aa1d6fe15 |
| SHA256 | 96f6ff19969218375739a833ff66013aa43f68ea29c45d4176bb09ed4dc777ae |
| SHA512 | 36123ba76360370a9a9ae8fa9e9152e4681ad854c6b0f0a236e29011458d35aed6c990567849933189244a873ccfd31d7de7d50d8c08a21b69e9684c8ec5698c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 667113888746866f88cd58380a2932fc |
| SHA1 | 5eff54498db4ba11eac6eab1a3b6e3a856f6726c |
| SHA256 | 65379566ecfa35ee5f2e0e12f8999290e59764ad95401a81b9473872e4abdeb6 |
| SHA512 | a3fc2d3a5ad04a84b1645d49124a6855aa25aa27fd0b32df17e332351d07e3476e3c8cc3cc2ca39888d22ebf37658099e917572c13d60ad9cde0164476ced299 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 536ddf53c3d4a2ad1d3ae7b9910aa308 |
| SHA1 | cf8e781f65f86f6a2fda2d5c841f215d2a51f576 |
| SHA256 | c71c4d56a389998477b09683940e8452f2dbc7748cbfe716de797c7ee5ec465c |
| SHA512 | dc01f6fb6be74088edd3d02fb836a8bcf55cb105c13aa1bd80be8c75f9c2850db665c2caaf51d10485aee40ba82c10ad54c49e2da0a3372f88f92e9d17bbe958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c90a77a95a61cd1ea0b37f0db47fa81d |
| SHA1 | cdf1c30eec6503c4898e67e2c5a02c7437a04cee |
| SHA256 | 68c0844d20553e89e6f308d56c352c11f3de53f5383ba46f414ede7d0147044e |
| SHA512 | d9ea24ab0d046a63557d1e34443ff01677b0728920c3cf267e86af3ecd6927e8b3b9d541aa06613fb87ae49f04a23ec0036730dc3af4e96275a97ec6157708df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a799e0c9a2fd3299771bfbfe5065fbca |
| SHA1 | ae2fa948b0bb787e7cb0e9035dfe1b19b28d0415 |
| SHA256 | b33ed6a5736bbb2f1543583b9ada0425d798acc95aa12bbf86bf645a6a3db548 |
| SHA512 | dc9c7c4a8dffe46eccac0edccba9f97010a59db5bb1a117a693fea937d47c18c30bad7610344377be517e13330f8be53a59fe9ada6874d9ce3aa1ef1c3f04b1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b1d0430168a4a7fe3492664f1b5891a |
| SHA1 | eb9af0fdb89559da8d9d3a7147829798024fc39f |
| SHA256 | fab28e077a5fec4f340a31d468c241d162e4aecb190797fc965d0d7496b02e6c |
| SHA512 | 9ac044059f6148f3fd0cd18fdc2d1ba38649351127476662a0f0e5f753adb42b409bca88dc95cbd87839a415870cddc792821b5426f967e4fc3c0d0f945158f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29130adff8f2f0727441ec9bd677a0a0 |
| SHA1 | 5fe8b14ba6c4268118e5a4cd8245777683b54822 |
| SHA256 | 61b9bfcc2b18b93c99518a6c2ded7ebc3ab178e3f506663564a3f496246e2141 |
| SHA512 | 489bf185262010fe61d6bb74c1f16cd3ecd86a5fa073ecdeafb8209d4d73fd28541701d366f68c1e6f7189b5f2f02ea3dcd9bc64967e2713ef587c3c0f6ede0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2392a7647fb685b803c3907dcaef291 |
| SHA1 | e30b3451df3e9c23655947ef7d4d0589c72f5d2a |
| SHA256 | d9889f57c4acf1247ec6d4998cf255d7d4c488b985413a626780864a8ebed31b |
| SHA512 | d97c56eea99cef8e949f6a4336a34c1505ee50929acf9d1b5be9a550693c5d9a010a191719e0033115d2d9f2170ab36189a65afe09748802cd532b53a4669c8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23ad7801f16a2094fcee8cf741e10cf0 |
| SHA1 | 9052ec7a2f154732ed914db22da6fbcb3632300a |
| SHA256 | f3f9362bc92a7c45fa366e9ed14fc72396c255dab453d263c8ec2eb9123772d0 |
| SHA512 | a33dcc20899a4b30cbd5e19cc92935395c522e347e2e1795d277fa7c4f7c8096a3f02b14f9e60c4be427d312b0590fd48fab462a15adc2d59d794d7bdf50116b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e1ef417fced7f6dc280a7605ae0c3b5 |
| SHA1 | c5a1e958ffcc4d05a665b0bb9bb7a3c0205e7f70 |
| SHA256 | 47e44254f70b296e725277772d6d8c5ea408ce84e6e5c60926acffebd898c926 |
| SHA512 | ff0d333353c89e04449b2b6aea3f9b6317d3353fbf893f677268e30603628927dec00f07a1051e44871525ce67a9caa36e0a8c04255d3ab3fb7ae7758442af0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58dc807019108532e09f4d98d31b5911 |
| SHA1 | d5d04af9c563d98ce9f949506bf12c12c8eff900 |
| SHA256 | 2debdc5856801cc0d2ae06f09c3778bfa309efd682db8e187177e6b646960dae |
| SHA512 | 58395d834e8ac0ea9724f68cbdfda9310473fdba56ef6525df4416b4ff7016b0f9921e5aa80974a64f2ea90afd842089c4ce44ab0fa3c403f5fcc23732426e80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 717580fd296f55e2d59267e97b0178c7 |
| SHA1 | 8a8d64db3e5df16ad004cf893bf2b78db55077d6 |
| SHA256 | c81292cfe3f9f724eec54c22e5af00df3ecbf50f9a714e0f972c714a739d334f |
| SHA512 | a8e3867b81b581549dc12521f26234932a502bfabcb5addc0ba770116689543a673edcc345b9b58a443e84fdbf76901a7edf0b30ba4a714ed33043970b14d0c5 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win10v2004-20240226-en
Max time kernel
145s
Max time network
155s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa47b46f8,0x7fffa47b4708,0x7fffa47b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14147524843496069781,16169463956744850166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1eb86108cb8f5a956fdf48efbd5d06fe |
| SHA1 | 7b2b299f753798e4891df2d9cbf30f94b39ef924 |
| SHA256 | 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40 |
| SHA512 | e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d |
\??\pipe\LOCAL\crashpad_1912_VXFFVHYUNKSILNOB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f35bb0615bb9816f562b83304e456294 |
| SHA1 | 1049e2bd3e1bbb4cea572467d7c4a96648659cb4 |
| SHA256 | 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71 |
| SHA512 | db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0432eaece6e400331810770ea0f8fb68 |
| SHA1 | e54a72a772a24c41ac9fda05e06c3754ca80afea |
| SHA256 | fa8cfd1917ea8a5b310cd8d24ae6d4a38f829a1604f8343141fe609931d28ef1 |
| SHA512 | 979f3930fd00e1e752866516c405360634a70675823403f0fe12eb40d1c3277ac17935bf3b7345c4b8b57d011ba8428c7cc73b888612f5a405e74fda349314d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 192126fc59786728b9f22afbe1f04b7b |
| SHA1 | ec2174d16ac2c78b5fd6eb7fd414db7a5c8d821f |
| SHA256 | f51237785bc87db80ab3beb02ec24e402f70facc355f5ca8e7ab762e5d291e84 |
| SHA512 | 4c9cea4d0bf4c7db4cb446b7586fa40df463f93b5e80ee7b106adf49c820e8aac5e0506c140de0aa455c723ebdfe5ba7e6417ec7a241229dfe281438a7090b29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e03fe1ba1a7c26f1c1e4468a8d95568d |
| SHA1 | 40da821bed68769eb67ccb80bfe2abf6b07a1aae |
| SHA256 | e0bf5747bfc6792573f897a4f0022030add35f25802b49a0aa43b938dfe8ee5c |
| SHA512 | 1cba5df662e8ba03831b5a08f6703984aa880e3eef86aae2472a51c6229776566575791e227e9185d8f22ef4d87a9ff5b9cda0a2a38a30f38eec5aa912c711ef |
Analysis: behavioral22
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win7-20240221-en
Max time kernel
123s
Max time network
138s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20231129-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
160s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20240221-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 220
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
161s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20240221-en
Max time kernel
120s
Max time network
125s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2380 wrote to memory of 2008 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2380 wrote to memory of 2008 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2380 wrote to memory of 2008 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2380 -s 88
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win10v2004-20240226-en
Max time kernel
146s
Max time network
155s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win7-20240221-en
Max time kernel
122s
Max time network
133s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2492 wrote to memory of 1940 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2492 wrote to memory of 1940 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2492 wrote to memory of 1940 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2492 -s 92
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win7-20240221-en
Max time kernel
118s
Max time network
129s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20240221-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:09
Platform
win10v2004-20240319-en
Max time kernel
139s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=744 --field-trial-handle=2256,i,16750283575152780128,2524258836761969159,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| GB | 13.105.221.16:443 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 195.98.74.40.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20240220-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1944 wrote to memory of 4476 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1944 wrote to memory of 4476 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1944 wrote to memory of 4476 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4476 -ip 4476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win7-20240220-en
Max time kernel
120s
Max time network
125s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1D12.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSCA52054C96B4A4A44A14A92861825FAF3.TMP"
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe
Network
Files
\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSCA52054C96B4A4A44A14A92861825FAF3.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
C:\Users\Admin\AppData\Local\Temp\RES1D12.tmp
| MD5 | feb3210e3365380763e2addf877c8c55 |
| SHA1 | 4324ec12171829bba6458f2b12ccd4cf66d23ec7 |
| SHA256 | 6c146971cf4e631415c1b3bd067f967ebe6194f9a623212ad814128bee5a9ab4 |
| SHA512 | e28bd4ca6edf8e7afbcf6c9749bef07d284019df7c6e61f9c4ff4048e626ff3073dbb9770ec9e908494ad8bb076b1f08a788c2edc04fba1355db7bc4beee937d |
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
| MD5 | 1a182ccbfff3be024d3f71f8c0bc2484 |
| SHA1 | b0a9e509fa0d7bbcaf07415841a6b4cdd68f982c |
| SHA256 | c798a0a136c304741c6b0dd207dd44f92decd31743f3da7c68ddf2ad8e323b6b |
| SHA512 | 73ade6e9160dbf5562c1d156831c5440d402e945ef554d4c22fec8ba33e0cd8fac7b11c7f68d161da752c1255587e8b4cbcc6cf22b0f86af1b6946361371ba1c |
memory/3012-8-0x0000000000380000-0x000000000038A000-memory.dmp
memory/3012-9-0x000007FEF5150000-0x000007FEF5B3C000-memory.dmp
memory/3012-10-0x000007FEF5150000-0x000007FEF5B3C000-memory.dmp
Analysis: behavioral31
Detonation Overview
Submitted
2024-04-08 12:04
Reported
2024-04-08 12:08
Platform
win10v2004-20240226-en
Max time kernel
148s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| IE | 52.111.236.23:443 | tcp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |