Overview
overview
10Static
static
3Ghostbane.exe
windows7-x64
9Ghostbane.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Ghostbane.exe
windows7-x64
10Ghostbane.exe
windows10-2004-x64
10LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1resources/....2.bat
windows7-x64
7resources/....2.bat
windows10-2004-x64
7resources/elevate.exe
windows7-x64
1resources/elevate.exe
windows10-2004-x64
1swiftshade...GL.dll
windows7-x64
1swiftshade...GL.dll
windows10-2004-x64
1swiftshade...v2.dll
windows7-x64
1swiftshade...v2.dll
windows10-2004-x64
1vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...7z.dll
windows7-x64
3Analysis
-
max time kernel
57s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10-04-2024 18:38
Static task
static1
Behavioral task
behavioral1
Sample
Ghostbane.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Ghostbane.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Ghostbane.exe
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
Ghostbane.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
LICENSES.chromium.html
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
LICENSES.chromium.html
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
ffmpeg.dll
Resource
win7-20240215-en
Behavioral task
behavioral13
Sample
ffmpeg.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral14
Sample
libEGL.dll
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
libEGL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
libGLESv2.dll
Resource
win7-20240220-en
Behavioral task
behavioral17
Sample
libGLESv2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/index.js
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/index.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
resources/elevate.exe
Resource
win7-20231129-en
Behavioral task
behavioral23
Sample
resources/elevate.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
swiftshader/libEGL.dll
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
swiftshader/libEGL.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral26
Sample
swiftshader/libGLESv2.dll
Resource
win7-20240215-en
Behavioral task
behavioral27
Sample
swiftshader/libGLESv2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
vk_swiftshader.dll
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
vk_swiftshader.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral30
Sample
vulkan-1.dll
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
vulkan-1.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win7-20240221-en
General
-
Target
Ghostbane.exe
-
Size
133.4MB
-
MD5
21dcf914458e92f92928d52bd89470bf
-
SHA1
cfe743e325859af219cc91b3e375b9afed58a6a9
-
SHA256
c68227296b243230fa9cb2fc7a1d3eed54de34db04bf0a8fb6b7c04c77bf44c5
-
SHA512
c8ccfd2cbc84b227c89e95988c51ddec76d99dd7cb06460c01c999bbe65018cd51422d9a03efa327d7e31723e0745658e47da54950959ef4e4d8d8cc9e22272c
-
SSDEEP
1572864:42HVo9Ck+yOBBdJAVwlymAETslfp409t:G9Ctx3tu
Malware Config
Signatures
-
Enumerates VirtualBox registry keys 2 TTPs 5 IoCs
Processes:
Ghostbane.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse Ghostbane.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService Ghostbane.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF Ghostbane.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo Ghostbane.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest Ghostbane.exe -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
Processes:
Ghostbane.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ Ghostbane.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Ghostbane.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ Ghostbane.exe -
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
Processes:
Ghostbane.exedescription ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions Ghostbane.exe -
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
Processes:
Ghostbane.exedescription ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools Ghostbane.exe -
Checks BIOS information in registry 2 TTPs 3 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
Ghostbane.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Ghostbane.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Ghostbane.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate Ghostbane.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Ghostbane.exeGhostbane.exedescription ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation Ghostbane.exe Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation Ghostbane.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
Ghostbane.exedescription ioc Process Key opened \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Wine Ghostbane.exe -
Loads dropped DLL 3 IoCs
Processes:
Ghostbane.exepid Process 1208 Ghostbane.exe 1208 Ghostbane.exe 1208 Ghostbane.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 15 ipinfo.io 16 ipinfo.io -
Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs
Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.
Processes:
Ghostbane.exedescription ioc Process File opened (read-only) \??\VBoxMiniRdrDN Ghostbane.exe -
Detects videocard installed 1 TTPs 1 IoCs
Uses WMIC.exe to determine videocard installed.
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
Processes:
tasklist.exetasklist.exepid Process 1976 tasklist.exe 1392 tasklist.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid Process 1840 taskkill.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
Ghostbane.exeGhostbane.exeGhostbane.exepid Process 1208 Ghostbane.exe 1208 Ghostbane.exe 1264 Ghostbane.exe 1264 Ghostbane.exe 1152 Ghostbane.exe 1152 Ghostbane.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
WMIC.exetaskkill.exetasklist.exeWMIC.exedescription pid Process Token: SeIncreaseQuotaPrivilege 1532 WMIC.exe Token: SeSecurityPrivilege 1532 WMIC.exe Token: SeTakeOwnershipPrivilege 1532 WMIC.exe Token: SeLoadDriverPrivilege 1532 WMIC.exe Token: SeSystemProfilePrivilege 1532 WMIC.exe Token: SeSystemtimePrivilege 1532 WMIC.exe Token: SeProfSingleProcessPrivilege 1532 WMIC.exe Token: SeIncBasePriorityPrivilege 1532 WMIC.exe Token: SeCreatePagefilePrivilege 1532 WMIC.exe Token: SeBackupPrivilege 1532 WMIC.exe Token: SeRestorePrivilege 1532 WMIC.exe Token: SeShutdownPrivilege 1532 WMIC.exe Token: SeDebugPrivilege 1532 WMIC.exe Token: SeSystemEnvironmentPrivilege 1532 WMIC.exe Token: SeRemoteShutdownPrivilege 1532 WMIC.exe Token: SeUndockPrivilege 1532 WMIC.exe Token: SeManageVolumePrivilege 1532 WMIC.exe Token: 33 1532 WMIC.exe Token: 34 1532 WMIC.exe Token: 35 1532 WMIC.exe Token: 36 1532 WMIC.exe Token: SeIncreaseQuotaPrivilege 1532 WMIC.exe Token: SeSecurityPrivilege 1532 WMIC.exe Token: SeTakeOwnershipPrivilege 1532 WMIC.exe Token: SeLoadDriverPrivilege 1532 WMIC.exe Token: SeSystemProfilePrivilege 1532 WMIC.exe Token: SeSystemtimePrivilege 1532 WMIC.exe Token: SeProfSingleProcessPrivilege 1532 WMIC.exe Token: SeIncBasePriorityPrivilege 1532 WMIC.exe Token: SeCreatePagefilePrivilege 1532 WMIC.exe Token: SeBackupPrivilege 1532 WMIC.exe Token: SeRestorePrivilege 1532 WMIC.exe Token: SeShutdownPrivilege 1532 WMIC.exe Token: SeDebugPrivilege 1532 WMIC.exe Token: SeSystemEnvironmentPrivilege 1532 WMIC.exe Token: SeRemoteShutdownPrivilege 1532 WMIC.exe Token: SeUndockPrivilege 1532 WMIC.exe Token: SeManageVolumePrivilege 1532 WMIC.exe Token: 33 1532 WMIC.exe Token: 34 1532 WMIC.exe Token: 35 1532 WMIC.exe Token: 36 1532 WMIC.exe Token: SeDebugPrivilege 1840 taskkill.exe Token: SeDebugPrivilege 1976 tasklist.exe Token: SeIncreaseQuotaPrivilege 1236 WMIC.exe Token: SeSecurityPrivilege 1236 WMIC.exe Token: SeTakeOwnershipPrivilege 1236 WMIC.exe Token: SeLoadDriverPrivilege 1236 WMIC.exe Token: SeSystemProfilePrivilege 1236 WMIC.exe Token: SeSystemtimePrivilege 1236 WMIC.exe Token: SeProfSingleProcessPrivilege 1236 WMIC.exe Token: SeIncBasePriorityPrivilege 1236 WMIC.exe Token: SeCreatePagefilePrivilege 1236 WMIC.exe Token: SeBackupPrivilege 1236 WMIC.exe Token: SeRestorePrivilege 1236 WMIC.exe Token: SeShutdownPrivilege 1236 WMIC.exe Token: SeDebugPrivilege 1236 WMIC.exe Token: SeSystemEnvironmentPrivilege 1236 WMIC.exe Token: SeRemoteShutdownPrivilege 1236 WMIC.exe Token: SeUndockPrivilege 1236 WMIC.exe Token: SeManageVolumePrivilege 1236 WMIC.exe Token: 33 1236 WMIC.exe Token: 34 1236 WMIC.exe Token: 35 1236 WMIC.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
Ghostbane.exepid Process 1208 Ghostbane.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Ghostbane.execmd.execmd.execmd.execmd.execmd.exedescription pid Process procid_target PID 1208 wrote to memory of 2540 1208 Ghostbane.exe 88 PID 1208 wrote to memory of 2540 1208 Ghostbane.exe 88 PID 2540 wrote to memory of 1532 2540 cmd.exe 90 PID 2540 wrote to memory of 1532 2540 cmd.exe 90 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 4484 1208 Ghostbane.exe 91 PID 1208 wrote to memory of 1264 1208 Ghostbane.exe 92 PID 1208 wrote to memory of 1264 1208 Ghostbane.exe 92 PID 1208 wrote to memory of 1152 1208 Ghostbane.exe 93 PID 1208 wrote to memory of 1152 1208 Ghostbane.exe 93 PID 1208 wrote to memory of 3868 1208 Ghostbane.exe 95 PID 1208 wrote to memory of 3868 1208 Ghostbane.exe 95 PID 3868 wrote to memory of 1840 3868 cmd.exe 97 PID 3868 wrote to memory of 1840 3868 cmd.exe 97 PID 1208 wrote to memory of 4248 1208 Ghostbane.exe 98 PID 1208 wrote to memory of 4248 1208 Ghostbane.exe 98 PID 1208 wrote to memory of 2752 1208 Ghostbane.exe 99 PID 1208 wrote to memory of 2752 1208 Ghostbane.exe 99 PID 1208 wrote to memory of 4440 1208 Ghostbane.exe 100 PID 1208 wrote to memory of 4440 1208 Ghostbane.exe 100 PID 4248 wrote to memory of 3848 4248 cmd.exe 104 PID 4248 wrote to memory of 3848 4248 cmd.exe 104 PID 4440 wrote to memory of 1976 4440 cmd.exe 105 PID 4440 wrote to memory of 1976 4440 cmd.exe 105 PID 2752 wrote to memory of 3956 2752 cmd.exe 106 PID 2752 wrote to memory of 3956 2752 cmd.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"1⤵
- Enumerates VirtualBox registry keys
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Loads dropped DLL
- Checks for VirtualBox DLLs, possible anti-VM trick
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1208 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"2⤵
- Suspicious use of WriteProcessMemory
PID:2540 -
C:\Windows\System32\Wbem\WMIC.exewmic CsProduct Get UUID3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1532
-
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=gpu-process --field-trial-handle=1644,1720411707240764412,11718900805635595287,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 /prefetch:22⤵PID:4484
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,1720411707240764412,11718900805635595287,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --mojo-platform-channel-handle=1864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1264
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1644,1720411707240764412,11718900805635595287,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2356 /prefetch:12⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:1152
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"2⤵
- Suspicious use of WriteProcessMemory
PID:3868 -
C:\Windows\system32\taskkill.exetaskkill /IM chrome.exe /F3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1840
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""2⤵
- Suspicious use of WriteProcessMemory
PID:4248 -
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"3⤵PID:3848
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"2⤵
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath3⤵PID:3956
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist"2⤵
- Suspicious use of WriteProcessMemory
PID:4440 -
C:\Windows\system32\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1976
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"2⤵PID:4316
-
C:\Windows\System32\Wbem\WMIC.exewmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"2⤵PID:4792
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_VideoController get name3⤵
- Detects videocard installed
PID:2788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"2⤵PID:4804
-
C:\Windows\system32\cmd.execmd /c chcp 650013⤵PID:1624
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:1520
-
-
-
C:\Windows\system32\netsh.exenetsh wlan show profiles3⤵PID:4072
-
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1644,1720411707240764412,11718900805635595287,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --mojo-platform-channel-handle=2580 /prefetch:82⤵PID:2212
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"2⤵PID:2124
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f3⤵PID:2924
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist"2⤵PID:3468
-
C:\Windows\system32\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
PID:1392
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1l9fwl3.cenv.jpg" "2⤵PID:2008
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:3996
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES62C1.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC780015F7E494BB994C28D65C7C3209A.TMP"4⤵PID:1184
-
-
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1l9fwl3.cenv.jpg"3⤵PID:3212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-if6f0i.kixp.jpg" "2⤵PID:2908
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-if6f0i.kixp.jpg"3⤵PID:2300
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-85twkj.v07a.jpg" "2⤵PID:4008
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-85twkj.v07a.jpg"3⤵PID:3892
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-iigapo.fae4j.jpg" "2⤵PID:4148
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-iigapo.fae4j.jpg"3⤵PID:5480
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-u9nckm.j7uba.jpg" "2⤵PID:1976
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1vspewo.xbnq.jpg" "2⤵PID:1664
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-17kir61.kkr8.jpg" "2⤵PID:820
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-79zh7r.slw7u.jpg" "2⤵PID:4984
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1n8rq1y.g9ce.jpg" "2⤵PID:1624
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1n8rq1y.g9ce.jpg"3⤵PID:6120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ataqih.cpwc.jpg" "2⤵PID:3924
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1enifma.bnop.jpg" "2⤵PID:1456
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-o4jbku.8v38.jpg" "2⤵PID:4220
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-4ms9u3.5wq0k.jpg" "2⤵PID:864
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1uba5i0.ydum.jpg" "2⤵PID:3368
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-18shcqq.mlsh.jpg" "2⤵PID:3540
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1hegdnk.sz62.jpg" "2⤵PID:2528
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-v3mqsj.43c4.jpg" "2⤵PID:5180
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-6wz9le.3vv0g.jpg" "2⤵PID:5228
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-5o8dk0.dbahe.jpg" "2⤵PID:5304
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-5o8dk0.dbahe.jpg"3⤵PID:6980
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1k3bwaj.u84t.jpg" "2⤵PID:5384
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1k3bwaj.u84t.jpg"3⤵PID:6000
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-xn51e7.7myd.jpg" "2⤵PID:5416
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-16zeffi.rdjcl.jpg" "2⤵PID:5540
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-16zeffi.rdjcl.jpg"3⤵PID:7360
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1dbflcz.wcvh.jpg" "2⤵PID:5572
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1dbflcz.wcvh.jpg"3⤵PID:7380
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1w3zq8d.u5ksf.jpg" "2⤵PID:5668
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-lb6b93.6xcha.jpg" "2⤵PID:5752
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-n1bbab.cp3g.jpg" "2⤵PID:5836
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1765mx9.xnbf.jpg" "2⤵PID:5896
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-12rqmbr.buen.jpg" "2⤵PID:5968
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1cwulou.8938.jpg" "2⤵PID:6028
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1cwulou.8938.jpg"3⤵PID:7664
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1i1aeni.0ug.jpg" "2⤵PID:3212
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1i1aeni.0ug.jpg"3⤵PID:7296
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1hsuiwn.3fls.jpg" "2⤵PID:5220
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1hsuiwn.3fls.jpg"3⤵PID:4212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-syqfl1.8z8n.jpg" "2⤵PID:4008
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-syqfl1.8z8n.jpg"3⤵PID:2192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-5txhqu.pu1eo.jpg" "2⤵PID:6268
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-5txhqu.pu1eo.jpg"3⤵PID:5192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-ml0784.301d.jpg" "2⤵PID:6340
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-ml0784.301d.jpg"3⤵PID:8132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-mc7cpj.z7k38.jpg" "2⤵PID:6508
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-mc7cpj.z7k38.jpg"3⤵PID:5448
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-13gr5bd.aftj.jpg" "2⤵PID:6548
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-13gr5bd.aftj.jpg"3⤵PID:7288
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-eauqv4.2vsvq.jpg" "2⤵PID:5412
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-eauqv4.2vsvq.jpg"3⤵PID:8680
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-jqy5fd.hn7hb.jpg" "2⤵PID:6600
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-jqy5fd.hn7hb.jpg"3⤵PID:8840
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1rkbihi.9pdvi.jpg" "2⤵PID:740
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1rkbihi.9pdvi.jpg"3⤵PID:5372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-n3z3z7.vuh3.jpg" "2⤵PID:1944
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-n3z3z7.vuh3.jpg"3⤵PID:1388
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1j66x2a.2tnte.jpg" "2⤵PID:6788
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1j66x2a.2tnte.jpg"3⤵PID:7124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-17sznkh.zcqo.jpg" "2⤵PID:7076
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-17sznkh.zcqo.jpg"3⤵PID:4008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-g8i56s.eh9e.jpg" "2⤵PID:7188
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-g8i56s.eh9e.jpg"3⤵PID:5652
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1rimwzs.48qp.jpg" "2⤵PID:7276
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1rimwzs.48qp.jpg"3⤵PID:7416
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1v6rn89.kqu8h.jpg" "2⤵PID:7340
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1v6rn89.kqu8h.jpg"3⤵PID:864
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1s34zy4.h0ut.jpg" "2⤵PID:7948
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1s34zy4.h0ut.jpg"3⤵PID:4456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1qvrswi.wgs1.jpg" "2⤵PID:8008
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1qvrswi.wgs1.jpg"3⤵PID:9124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-dpzyi3.dgef9.jpg" "2⤵PID:8044
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-dpzyi3.dgef9.jpg"3⤵PID:9208
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-133yzen.9kou.jpg" "2⤵PID:8084
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-133yzen.9kou.jpg"3⤵PID:2620
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-19uqkzy.80roi.jpg" "2⤵PID:4620
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-19uqkzy.80roi.jpg"3⤵PID:6480
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1mh62ue.t3p3.jpg" "2⤵PID:7236
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1mh62ue.t3p3.jpg"3⤵PID:6168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1x6d1qm.choki.jpg" "2⤵PID:632
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1x6d1qm.choki.jpg"3⤵PID:7632
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-ch2adr.sjnf.jpg" "2⤵PID:2372
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-ch2adr.sjnf.jpg"3⤵PID:7832
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1aag1d3.vs4t.jpg" "2⤵PID:2220
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1aag1d3.vs4t.jpg"3⤵PID:5332
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-4ccv7w.20q74.jpg" "2⤵PID:7900
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-4ccv7w.20q74.jpg"3⤵PID:6204
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1hx4vrr.azn9j.jpg" "2⤵PID:2004
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1hx4vrr.azn9j.jpg"3⤵PID:2944
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-17oo4gy.1355.jpg" "2⤵PID:3112
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-17oo4gy.1355.jpg"3⤵PID:6684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1qonk3i.malc.jpg" "2⤵PID:7808
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1qonk3i.malc.jpg"3⤵PID:7224
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-i5x30c.uq87f.jpg" "2⤵PID:2616
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-i5x30c.uq87f.jpg"3⤵PID:7020
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-4rk0o4.dk2cm.jpg" "2⤵PID:7608
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-4rk0o4.dk2cm.jpg"3⤵PID:7656
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1b3zfuc.510i.jpg" "2⤵PID:1200
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1b3zfuc.510i.jpg"3⤵PID:6848
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-5bspjs.nxyby.jpg" "2⤵PID:7052
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-5bspjs.nxyby.jpg"3⤵PID:6900
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-16na98n.kw2y.jpg" "2⤵PID:5316
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-16na98n.kw2y.jpg"3⤵PID:6492
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-170sy78.40ui.jpg" "2⤵PID:3552
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-170sy78.40ui.jpg"3⤵PID:820
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-ohrq9i.yod8.jpg" "2⤵PID:3836
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-ohrq9i.yod8.jpg"3⤵PID:7772
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1mmq3hd.1zpef.jpg" "2⤵PID:2628
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1mmq3hd.1zpef.jpg"3⤵PID:6232
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1oacnmt.m4an.jpg" "2⤵PID:5468
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1oacnmt.m4an.jpg"3⤵PID:7044
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-10cry1f.44hy.jpg" "2⤵PID:7580
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-10cry1f.44hy.jpg"3⤵PID:6412
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-pghzic.0jq1n.jpg" "2⤵PID:6816
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-pghzic.0jq1n.jpg"3⤵PID:6228
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1pwykuo.s34r.jpg" "2⤵PID:8100
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1pwykuo.s34r.jpg"3⤵PID:6164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-oqwa7w.o4j6d.jpg" "2⤵PID:7400
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-oqwa7w.o4j6d.jpg"3⤵PID:8496
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ml5tpn.e8td.jpg" "2⤵PID:5432
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ml5tpn.e8td.jpg"3⤵PID:6272
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-169ab6t.prgt.jpg" "2⤵PID:6808
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-169ab6t.prgt.jpg"3⤵PID:5736
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ucs7k9.m4bt.jpg" "2⤵PID:1456
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ucs7k9.m4bt.jpg"3⤵PID:6852
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1mdpw0b.0jzz.jpg" "2⤵PID:5424
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1mdpw0b.0jzz.jpg"3⤵PID:7280
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1bsb21v.wsz2.jpg" "2⤵PID:3376
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1bsb21v.wsz2.jpg"3⤵PID:7920
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1pqg1fl.dex6.jpg" "2⤵PID:1496
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1pqg1fl.dex6.jpg"3⤵PID:5924
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-iuplr8.f54pn.jpg" "2⤵PID:5904
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-iuplr8.f54pn.jpg"3⤵PID:4876
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-iyt8s4.omf7.jpg" "2⤵PID:5164
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-iyt8s4.omf7.jpg"3⤵PID:7912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1e0086g.879i.jpg" "2⤵PID:5196
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1e0086g.879i.jpg"3⤵PID:4740
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1nnr7m7.u6k4.jpg" "2⤵PID:6096
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1nnr7m7.u6k4.jpg"3⤵PID:2332
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-vxp0yp.br7un.jpg" "2⤵PID:5668
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-vxp0yp.br7un.jpg"3⤵PID:5636
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1xt5m80.1dxy.jpg" "2⤵PID:8140
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1xt5m80.1dxy.jpg"3⤵PID:5756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1v7rw8m.i4l9.jpg" "2⤵PID:5340
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1v7rw8m.i4l9.jpg"3⤵PID:6512
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-15simnz.jtk6.jpg" "2⤵PID:8240
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-15simnz.jtk6.jpg"3⤵PID:7984
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-t74jdo.s4vnr.jpg" "2⤵PID:8356
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-t74jdo.s4vnr.jpg"3⤵PID:1488
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-m7nko0.bv22.jpg" "2⤵PID:8408
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-m7nko0.bv22.jpg"3⤵PID:1960
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1x0eqv8.3wf.jpg" "2⤵PID:8488
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1x0eqv8.3wf.jpg"3⤵PID:7976
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-6it5kv.fjvcs.jpg" "2⤵PID:8636
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-6it5kv.fjvcs.jpg"3⤵PID:6968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1c72rgm.3plih.jpg" "2⤵PID:8672
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1c72rgm.3plih.jpg"3⤵PID:4948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-yucz9s.arq5.jpg" "2⤵PID:8696
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-yucz9s.arq5.jpg"3⤵PID:8172
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1s2un3i.o1zb.jpg" "2⤵PID:8780
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1s2un3i.o1zb.jpg"3⤵PID:6520
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1uieh9m.npub.jpg" "2⤵PID:8972
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1uieh9m.npub.jpg"3⤵PID:6184
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1yua0od.6ij8.jpg" "2⤵PID:9000
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1yua0od.6ij8.jpg"3⤵PID:8044
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-titnna.0mdhi.jpg" "2⤵PID:9060
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-titnna.0mdhi.jpg"3⤵PID:7788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-qeeu1h.4y7tb.jpg" "2⤵PID:9164
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-qeeu1h.4y7tb.jpg"3⤵PID:6536
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-152713i.hbqm.jpg" "2⤵PID:1624
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-152713i.hbqm.jpg"3⤵PID:5096
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-18s9uxo.e4bg.jpg" "2⤵PID:3540
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-18s9uxo.e4bg.jpg"3⤵PID:8168
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-18ocmy0.4idz.jpg" "2⤵PID:5300
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-18ocmy0.4idz.jpg"3⤵PID:5944
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1to6xa.zvhjt.jpg" "2⤵PID:5460
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1to6xa.zvhjt.jpg"3⤵PID:6908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-wz4alf.me69.jpg" "2⤵PID:8664
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-wz4alf.me69.jpg"3⤵PID:7604
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-6dcdzi.hjrao.jpg" "2⤵PID:8908
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-6dcdzi.hjrao.jpg"3⤵PID:7268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-9h5wg5.323w5.jpg" "2⤵PID:5676
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-9h5wg5.323w5.jpg"3⤵PID:8236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1r8lrcf.fwa3.jpg" "2⤵PID:5812
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1r8lrcf.fwa3.jpg"3⤵PID:8844
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-187n5j2.5yyx.jpg" "2⤵PID:9076
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-187n5j2.5yyx.jpg"3⤵PID:6172
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-gf4jgw.8rga.jpg" "2⤵PID:7664
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-gf4jgw.8rga.jpg"3⤵PID:5308
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-172705b.j8bd.jpg" "2⤵PID:5336
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-172705b.j8bd.jpg"3⤵PID:3248
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-13g4ggt.dkv8.jpg" "2⤵PID:3780
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-13g4ggt.dkv8.jpg"3⤵PID:2316
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-p0iizj.gjbjt.jpg" "2⤵PID:3088
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-p0iizj.gjbjt.jpg"3⤵PID:7684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-liwq7a.hu67h.jpg" "2⤵PID:8344
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-liwq7a.hu67h.jpg"3⤵PID:3552
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1c5bv5m.fsof.jpg" "2⤵PID:8788
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1c5bv5m.fsof.jpg"3⤵PID:2628
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1oq1k6u.l1m7.jpg" "2⤵PID:208
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1oq1k6u.l1m7.jpg"3⤵PID:1904
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-14giqv.n62b6.jpg" "2⤵PID:8480
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-14giqv.n62b6.jpg"3⤵PID:1612
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-qvt7r1.fcgqr.jpg" "2⤵PID:8992
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-qvt7r1.fcgqr.jpg"3⤵PID:3184
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-z56cz9.jqsol.jpg" "2⤵PID:8984
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-z56cz9.jqsol.jpg"3⤵PID:396
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-i8jw00.vlo3s.jpg" "2⤵PID:1284
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-i8jw00.vlo3s.jpg"3⤵PID:3232
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1q6wou7.flt.jpg" "2⤵PID:7756
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1q6wou7.flt.jpg"3⤵PID:3416
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-10kuyit.l8nuj.jpg" "2⤵PID:6444
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-10kuyit.l8nuj.jpg"3⤵PID:3380
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-llzq71.54yhk.jpg" "2⤵PID:4736
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-llzq71.54yhk.jpg"3⤵PID:7356
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-drkxz4.cci9r.jpg" "2⤵PID:6212
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-drkxz4.cci9r.jpg"3⤵PID:2704
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-zoynzu.pcj5.jpg" "2⤵PID:5888
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-zoynzu.pcj5.jpg"3⤵PID:8732
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1xxcyvv.gzut.jpg" "2⤵PID:6716
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1xxcyvv.gzut.jpg"3⤵PID:5852
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-q0fccj.8mivi.jpg" "2⤵PID:5192
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-q0fccj.8mivi.jpg"3⤵PID:5792
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-4uzlup.hhs8l.jpg" "2⤵PID:8800
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-4uzlup.hhs8l.jpg"3⤵PID:1340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1k6vdam.fwmg.jpg" "2⤵PID:6484
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1k6vdam.fwmg.jpg"3⤵PID:2092
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ad82rd.7nh5.jpg" "2⤵PID:8260
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ad82rd.7nh5.jpg"3⤵PID:5280
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-k1x8i4.p87us.jpg" "2⤵PID:2908
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-k1x8i4.p87us.jpg"3⤵PID:7912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-r4i97i.6yu09.jpg" "2⤵PID:6352
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-r4i97i.6yu09.jpg"3⤵PID:7968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-bcuhvn.tyxd.jpg" "2⤵PID:5156
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-bcuhvn.tyxd.jpg"3⤵PID:5740
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1nj1sg0.96cu.jpg" "2⤵PID:7648
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1nj1sg0.96cu.jpg"3⤵PID:5340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-3v43jc.4bqt9.jpg" "2⤵PID:6304
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-3v43jc.4bqt9.jpg"3⤵PID:4852
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1wj4yu4.8rtj.jpg" "2⤵PID:6188
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1wj4yu4.8rtj.jpg"3⤵PID:7788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-l6mt7z.kwjpm.jpg" "2⤵PID:6080
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-l6mt7z.kwjpm.jpg"3⤵PID:9164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-xc0qrq.157jg.jpg" "2⤵PID:3596
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-xc0qrq.157jg.jpg"3⤵PID:1644
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-w76vlt.xcoz.jpg" "2⤵PID:7388
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-w76vlt.xcoz.jpg"3⤵PID:5900
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-yjqw9u.ceol.jpg" "2⤵PID:8376
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-yjqw9u.ceol.jpg"3⤵PID:8668
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1sp6gg4.9ey6.jpg" "2⤵PID:5656
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1sp6gg4.9ey6.jpg"3⤵PID:3908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1d7hcui.wv9e.jpg" "2⤵PID:6476
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1d7hcui.wv9e.jpg"3⤵PID:5840
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-sjevzy.cf2s.jpg" "2⤵PID:9108
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-sjevzy.cf2s.jpg"3⤵PID:7376
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-nv89vo.20qab.jpg" "2⤵PID:6840
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-nv89vo.20qab.jpg"3⤵PID:5320
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-oi180i.5lp98.jpg" "2⤵PID:7564
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-oi180i.5lp98.jpg"3⤵PID:5524
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1qnw3c0.4nnx.jpg" "2⤵PID:7508
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1qnw3c0.4nnx.jpg"3⤵PID:5044
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1pj3wzt.ohy7l.jpg" "2⤵PID:5572
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1pj3wzt.ohy7l.jpg"3⤵PID:7456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-4ldqhm.5p8v8.jpg" "2⤵PID:4264
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-4ldqhm.5p8v8.jpg"3⤵PID:8756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-jhy7tj.2tdg.jpg" "2⤵PID:5984
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-jhy7tj.2tdg.jpg"3⤵PID:3024
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1caulf6.pynlf.jpg" "2⤵PID:6532
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1caulf6.pynlf.jpg"3⤵PID:9524
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-q7pu25.bih2.jpg" "2⤵PID:6984
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-7a872t.d0c4l.jpg" "2⤵PID:1872
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-7a872t.d0c4l.jpg"3⤵PID:9848
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ajjlqg.1aep.jpg" "2⤵PID:7840
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ajjlqg.1aep.jpg"3⤵PID:9628
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-172yz4e.gn7r.jpg" "2⤵PID:7932
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-172yz4e.gn7r.jpg"3⤵PID:9892
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-l4ev36.pq62.jpg" "2⤵PID:7036
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ujz9ma.glla.jpg" "2⤵PID:7412
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1j78t6z.3hft.jpg" "2⤵PID:6960
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-kkdmfb.ejudq.jpg" "2⤵PID:8084
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-vq1a7y.fxml.jpg" "2⤵PID:8092
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1cwetjl.xlmg.jpg" "2⤵PID:7172
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-16gx7lj.xwnz.jpg" "2⤵PID:6288
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-5r0gvw.5qcou.jpg" "2⤵PID:6196
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-oibpgs.yz1p.jpg" "2⤵PID:4620
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-14hxd4r.788u.jpg" "2⤵PID:3400
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1lmyzv1.7njo.jpg" "2⤵PID:8176
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-ry2ik6.x6v.jpg" "2⤵PID:3012
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1te34aq.dfloi.jpg" "2⤵PID:3768
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1pa3fs8.man.jpg" "2⤵PID:7236
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1qfipbh.x7mc.jpg" "2⤵PID:6488
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-160r3o6.beh9.jpg" "2⤵PID:2540
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-lb359y.g000d.jpg" "2⤵PID:3520
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-6uvurr.444tc.jpg" "2⤵PID:4604
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-14230y1.a333j.jpg" "2⤵PID:6456
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-qzi8d0.byro.jpg" "2⤵PID:4904
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-16dtl1w.q4zv.jpg" "2⤵PID:5556
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-to5ixz.uhkar.jpg" "2⤵PID:7584
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-j3umpa.w3c8t.jpg" "2⤵PID:7352
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1inerxr.c3v4.jpg" "2⤵PID:5392
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-60pfd8.83z57.jpg" "2⤵PID:5872
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-giii1i.j1il9.jpg" "2⤵PID:6604
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1b1yln4.9uoj.jpg" "2⤵PID:5532
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-2qu9fc.xm7el.jpg" "2⤵PID:7964
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-187dyf3.9qr6.jpg" "2⤵PID:6200
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-e6kq4s.bpfk.jpg" "2⤵PID:7996
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=gpu-process --field-trial-handle=1644,1720411707240764412,11718900805635595287,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5368 /prefetch:22⤵PID:7040
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1a9q4uu.3yi3i.jpg" "2⤵PID:3168
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-19td6qq.ia1m.jpg" "2⤵PID:4328
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1038004.lhsr.jpg" "2⤵PID:6632
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-43exxw.llwni.jpg" "2⤵PID:6432
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-cz38lh.4ro3.jpg" "2⤵PID:5360
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-qgpbzz.ri13.jpg" "2⤵PID:832
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-15v2imn.iyzn.jpg" "2⤵PID:5492
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1t44c3r.cok2.jpg" "2⤵PID:7044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-nhcac2.ujwb.jpg" "2⤵PID:2504
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-iqss8s.0l00b.jpg" "2⤵PID:7128
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1mo2vex.q7o.jpg" "2⤵PID:4480
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1cuo18i.umm5.jpg" "2⤵PID:6956
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-10g9329.h936.jpg" "2⤵PID:5408
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-sqwjvu.np4wo.jpg" "2⤵PID:7808
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1n6tzs4.6bsg.jpg" "2⤵PID:3376
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-dec4qu.009e.jpg" "2⤵PID:2004
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-ioux59.k8pjl.jpg" "2⤵PID:5196
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1k54jn7.ilgm.jpg" "2⤵PID:8272
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1wa7zsv.540a.jpg" "2⤵PID:8920
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1xed9jh.moki.jpg" "2⤵PID:3648
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-p2aq3x.ndbhs.jpg" "2⤵PID:4184
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-9957nn.4r6f.jpg" "2⤵PID:7980
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-165sr8a.za7m.jpg" "2⤵PID:4148
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-14fmde7.4i2o.jpg" "2⤵PID:8724
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-o0452a.kal8.jpg" "2⤵PID:5176
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-ki750e.q5emh.jpg" "2⤵PID:8044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ophh1o.d7dsh.jpg" "2⤵PID:4104
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-196tso4.vub9.jpg" "2⤵PID:4388
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-17i9mtm.ptfyl.jpg" "2⤵PID:2300
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1q7yqwt.deq5.jpg" "2⤵PID:2640
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1oemjpn.jzsx.jpg" "2⤵PID:9060
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-5c0imu.ei5to.jpg" "2⤵PID:6396
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-dt44qf.kg0ya.jpg" "2⤵PID:5648
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-zpaqf9.muye.jpg" "2⤵PID:2648
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1t872yd.zc7o.jpg" "2⤵PID:5964
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-m0mh56.rxmqr.jpg" "2⤵PID:8172
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-4gg21.hdfpf2.jpg" "2⤵PID:7100
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1k5wwsr.iz0xm.jpg" "2⤵PID:7492
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1nctmbk.wz7el.jpg" "2⤵PID:3836
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-zmr6f4.uiyg.jpg" "2⤵PID:1940
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-dkh58r.r7pva.jpg" "2⤵PID:2952
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-958owx.yj3rh.jpg" "2⤵PID:6516
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1yg8hcs.yb3kl.jpg" "2⤵PID:1956
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1nahclu.d7hr.jpg" "2⤵PID:8844
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-10nj4nt.ir8d.jpg" "2⤵PID:5312
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-40s3i8.nvvg4.jpg" "2⤵PID:9408
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1wld0xn.nm9oh.jpg" "2⤵PID:9464
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-bn9oki.dn4ca.jpg" "2⤵PID:9560
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1hbl16m.rsvg.jpg" "2⤵PID:9572
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1g0t7dy.cboc.jpg" "2⤵PID:9612
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-lcf0j4.ht0lt.jpg" "2⤵PID:9732
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024310-1208-damzzl.y2w1e.jpg" "2⤵PID:9856
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2836
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x408 0x3cc1⤵PID:1544
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1uddtpa.rq52.jpg"1⤵PID:6636
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-6h7spf.vgnmu.jpg"1⤵PID:6644
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-9svxh2.594qv.jpg"1⤵PID:6804
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-in4g9k.lde8.jpg"1⤵PID:6816
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-qq1jo.xxpk7i.jpg"1⤵PID:7488
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-urr4q7.nb4s.jpg"1⤵PID:8096
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-17ojqxn.iqxg.jpg"1⤵PID:7224
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-12yhq5u.hdhz.jpg"1⤵PID:4820
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-169lluq.9fag.jpg"1⤵PID:4680
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-dpds55.vgcv7.jpg"1⤵PID:7424
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1bzabfk.esom.jpg"1⤵PID:1784
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1xtjk5z.8ujv.jpg"1⤵PID:6560
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-9e3erd.mj1gq.jpg"1⤵PID:5172
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-eosojz.fjvpl.jpg"1⤵PID:1120
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-51v5i6.9er.jpg"1⤵PID:3968
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-13dknyv.df2gj.jpg"1⤵PID:5600
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-2xyfmm.yrbdw.jpg"1⤵PID:5568
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-fe4rec.y7gmh.jpg"1⤵PID:5308
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-qu9h8d.0q669.jpg"1⤵PID:5472
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1mflpou.cen9.jpg"1⤵PID:7880
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1i6sht6.2ja9.jpg"1⤵PID:1296
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-ew9mx5.yeq7h.jpg"1⤵PID:4064
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-17rgm46.4g5m.jpg"1⤵PID:5820
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1ang273.2afp.jpg"1⤵PID:5908
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-14sr5dw.gv1b.jpg"1⤵PID:7380
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-g93kfa.1k2jk.jpg"1⤵PID:8384
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-pgphvm.v6zc.jpg"1⤵PID:8496
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1spavr8.zcuz.jpg"1⤵PID:8620
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-5x5894.7nq7u.jpg"1⤵PID:7824
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1nm4pxt.vxgw.jpg"1⤵PID:5984
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-11wfsfx.9my5.jpg"1⤵PID:5508
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-19kb5i3.mrcn.jpg"1⤵PID:5636
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-s2qx0w.k1f7c.jpg"1⤵PID:8996
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1kl5v5f.jwkz.jpg"1⤵PID:5108
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-6n0dcm.7xvca.jpg"1⤵PID:456
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-3ifov6.fpagp.jpg"1⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-11gkwur.e1uv.jpg"1⤵PID:6560
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-135fy7m.q2jhi.jpg"1⤵PID:5172
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-cjupcy.9n0sv.jpg"1⤵PID:6452
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1th8vtm.3ohs.jpg"1⤵PID:6612
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-hoo8p2.7fyav.jpg"1⤵PID:5308
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-15rg6xn.2sij.jpg"1⤵PID:7380
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024310-1208-1lutk9y.j78v.jpg"1⤵PID:832
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
862B
MD5f3ac7a0e31b9af1b495241eff29915ad
SHA1286fe23eba741cd3fca3f3e9a919021946655392
SHA256f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a
SHA512b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210
-
Filesize
24KB
MD5c87e8e11efcf9b8fd2550f467802a3c7
SHA10d41109d7d3529521884fbbb6455fb82272c1b9b
SHA256e4963d6ba460643d3a85693c6385ec6b873773e1021a5c170660abdbcebb9d85
SHA512260dc7b038def6c8988dd66c40c17035f3949e46c4d2542186789283c55ffbc31150c583cf976a1c6a6def52fda1f610acfc7f3ad0781f85b43ec5d8d7652d02
-
Filesize
2.7MB
MD5d4e6004197508892d18fc47645b25f62
SHA11afceda2531e593c00de7ab994f928a150de5b4d
SHA256dc29d32decbd161ea4ff1e645d3fdf7a1ce3db0ee25e5485bc19fc775922b71c
SHA5120be017eaba3764eb9f38e78248528a9e025958e713a8eb4a8f9b03d087267e107ceef8525a4ecfcbb684b077145fb0161e5dbe05f9fd95f8f94a140fe3ceb8a4
-
Filesize
1KB
MD5ca0e22caeefdf41df340b5f2da7e3165
SHA138b76d6b0b3354a4a8d405fdc233648d4e8f99e1
SHA2561dd790061589aa2250f8cd9defa35b4834814e6a5c25ff5e79b7cde74424d80d
SHA5121d88c48d4e68d70d4ae75dfc248adf6d65ce8b31d3e0498d9d6fdb70ac2c2585a4070a948d13d5422112be5288545f99b6468d9ff1930f9aea3c4038c9a85ca4
-
Filesize
652KB
MD5e4c111d47eb54b62dab8cb12540b9e39
SHA109be3e7d9eec1853dc628c8c3b90e7b670921029
SHA256a05338fe1e0eb08230717ad2f3587a5c1cb4bd10a673c40a3059f70ae0e7e6b1
SHA512f9ec1e62c08425382b48320d2fb1a7fa412dea84825cc49b0297d5c6cfdcb80f32c54de28ac59e7a4c7557ae9900a8d3860fc7d23e486bcc28e603787d9f0f79
-
Filesize
163KB
MD5f1e751eb4dbfa4a1b5f4903315fc535a
SHA185e1166819678f839954c473d7eb363a99e24a96
SHA256b8c24de2fa870ceb677f30da0eabdf20745d0a9ebed98f49c52d881383c75096
SHA5122349745a84bc2b2f9c2b96999d48e37242a6c3627d7898cd9a36e682e36ec12553713db7167b3a9cd20ec308ce11d84f09f06beb3e971823d8b4a959f457b182
-
Filesize
240B
MD5810ae82f863a5ffae14d3b3944252a4e
SHA15393e27113753191436b14f0cafa8acabcfe6b2a
SHA256453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA5122421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112
-
Filesize
231B
MD5dec2be4f1ec3592cea668aa279e7cc9b
SHA1327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA51281728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66
-
Filesize
13KB
MD5da0f40d84d72ae3e9324ad9a040a2e58
SHA14ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA51230b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9
-
Filesize
12KB
MD584a054eae4c7fcee21feba7a531f384d
SHA1e706b743d9aa04896358675123ef3835570061c6
SHA25642f4683f72ab39ef7cf7739348c6ad4e1165ae398adbc2394277c44f2779f694
SHA512c4b9d6bb629d74ffeb1b8bdf50c35012fe7c2d02c3062ab74962630c3b4187bc029527e18471cca8f2c0782edf5251a6ea1a56dcad7f7d8d45aee8936443afe8
-
Filesize
393B
MD55931ed6cf39f49773ca16f61403dddd7
SHA126433a484998a1423ed4cc6bdac0839544e8ed3c
SHA256112a623a3b1c736803a99fbcd09ec60d20fb8e67a1a4666d304275b6cb576db4
SHA5129f334c6fea4b6803ab0f48bbb24cf7dce67de8b7271bcd2c286d1a8364fdc8004d6627408d8a4ae92fc9739c31433c4394bd4d0820f91cbe74c0be7ddff2514e
-
Filesize
484B
MD5e826db475d8d912671ee714fd1048b48
SHA1074c1fa15aca2edb3c880a34add1c819b64efd7e
SHA25633f67878d92e87a2f14cf3f6b3761a58015da1043d4929e9399172c90666d67c
SHA5128e0806b993e75b21ec1e8612e0fc7c23160d1299b3b25774c8ffb9fd3800c5d44561907fd546c6138846f131f02cc53a440b98d70f081cf128441f7af4c59f8b
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
203B
MD5f476681d7e1967a5bc46393e9d969c69
SHA14a6d6443a47d6e962cc6aff0ea8f8572959d25ce
SHA2562138fd7254a5ea76ad9de880eefb605f39ae58d4b5bde919041a613e4c13ee21
SHA512ee4f2c1c5574733e6ab41a857588484b37108e3cdd17d759dedd5514fb91ef5b3794fb39d3238d4c8226065510221ab683993ed978f95d40098d5a4198f5debd
-
Filesize
203B
MD57c64fffa85edc37e9d28f8c7c3fd782a
SHA1e143ad5ebe576fd9cc12bbcc9499a3912c7bd587
SHA256b0e925b3f995fac102534624660ba3019e3e77b92f99ac63c9dda0317b1b388a
SHA512bc880a37dced61840c3d75477c6fb5e4376192e354d22423b7da9142408c0f66a9410d50b8833948a94d08728e554482371187f85e8fae7ab92aaf5b12d0c4e0
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
1KB
MD5a6f2d21624678f54a2abed46e9f3ab17
SHA1a2a6f07684c79719007d434cbd1cd2164565734a
SHA256ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA5120b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676
-
Filesize
350B
MD58951565428aa6644f1505edb592ab38f
SHA19c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA2568814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA5127577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5