Analysis Overview
SHA256
9c1a052b4f6fbbe3c6437b3af2a3f93f2218b3c175073e7daeb6361f999a94c5
Threat Level: Known bad
The file SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe was found to be: Known bad.
Malicious Activity Summary
Epsilon Stealer
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VirtualBox Guest Additions in registry
Enumerates VirtualBox registry keys
Looks for VMWare Tools registry key
Checks computer location settings
Reads user/profile data of web browsers
Checks BIOS information in registry
Identifies Wine through registry keys
Loads dropped DLL
Executes dropped EXE
Looks up external IP address via web service
Adds Run key to start application
Checks for VirtualBox DLLs, possible anti-VM trick
Enumerates physical storage devices
Program crash
Unsigned PE
Detects videocard installed
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious behavior: CmdExeWriteProcessMemorySpam
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-11 08:35
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
145s
Max time network
152s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4912 wrote to memory of 2644 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4912 wrote to memory of 2644 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4912 wrote to memory of 2644 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2644 -ip 2644
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.17.178.52.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:39
Platform
win10v2004-20240226-en
Max time kernel
137s
Max time network
205s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
120s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
167s
Max time network
175s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4396 --field-trial-handle=2272,i,1589057049575649654,2929151440327217574,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.189.173.25:443 | tcp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
137s
Max time network
162s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.192.11.51.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240220-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 220
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
120s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
111s
Max time network
158s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES53DD.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSCE8D80A7AB38C4B9BA182646E2669AE2A.TMP"
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSCE8D80A7AB38C4B9BA182646E2669AE2A.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
C:\Users\Admin\AppData\Local\Temp\RES53DD.tmp
| MD5 | 63727d710e58d0a54e185e6d53659ac6 |
| SHA1 | 7eae47c47d4ec4d28634eaa821066d5f40a7aaf5 |
| SHA256 | a18bb5f12fbda6e619652e532f5f49affe923598fcbb76e73fee282f102e4101 |
| SHA512 | bdb3238dfbf714beaa5e5f923a19dc3cc3045dddc014d3b0a0f8bfbf568aabc74157355eca80475d17fbc0ea272f3743d9f023e1943dd0c283e0496cb28ffc98 |
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
| MD5 | 5bad0db0c7e3c9608a8bd74461514de7 |
| SHA1 | 0e3baeaa81516b3a718ad6f43c7846a3356a8c22 |
| SHA256 | 4ba149017b08f5d7166f90985052793876cf6ecdea8278ebfd7f6d211ba55995 |
| SHA512 | 8f7be2b5cf6a6c8b66cc91d9014a43fdb7c065d878966f22e73a7ff959052766c9567897b7313592e2252d688f7facecce64b95f2273a88cc47d8a4d3eb0e420 |
memory/1768-9-0x0000000000410000-0x000000000041A000-memory.dmp
memory/1768-11-0x00007FFD6BE40000-0x00007FFD6C901000-memory.dmp
memory/1768-12-0x00007FFD6BE40000-0x00007FFD6C901000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240319-en
Max time kernel
165s
Max time network
180s
Command Line
Signatures
Enumerates VirtualBox registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Wine | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Reads user/profile data of web browsers
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=gpu-process --field-trial-handle=1668,12479651944745129726,16166801356043990671,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1668,12479651944745129726,16166801356043990671,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --mojo-platform-channel-handle=1968 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1668,12479651944745129726,16166801356043990671,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2464 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
C:\Windows\System32\Wbem\WMIC.exe
wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
C:\Windows\system32\cmd.exe
cmd /c chcp 65001
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1668,12479651944745129726,16166801356043990671,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --mojo-platform-channel-handle=3068 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x408
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-si0jam.kpncc.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-deemt9.b0wnd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-gkp23f.i6x4j.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1wjx62i.sh05h.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1hztmvx.eu83.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-9nme5r.jgvz.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-9bj6o4.i138t.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD59.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCE7BEFB0B732C40B6B84A87D2572396BE.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-10qda13.vgrc.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1ljehrk.kila.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-5bp8aq.7mhzn.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-18vyem4.khu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-hnb5bl.g9cvn.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1borx4c.0mn5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-13ly4b8.ym44.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1nd2w1c.ohnxk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1y51te2.wnf8k.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-6oaxsj.2qmps.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-188zwxe.jiir.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-65xnxl.lpdf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-fp6br3.9hzj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-p8rbul.2zad.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-4u71t3.8gn1b.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-hd5i3l.cwgdb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-19i6bnv.q6rm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-2es011.afgmf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-x4mm60.nyow8.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-122q5u7.5wxb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-9nme5r.jgvz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-j5l7kt.kj0mn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-10qda13.vgrc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1y0qkmj.n4ix.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-19reqmm.7cz9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1ub2n9e.0jgcg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-5bp8aq.7mhzn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-269ize.gf6uk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1udlto1.drr9.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-75enkz.bwjw.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-p4mzit.f2o3.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-lm92ou.3yx5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1yzxvh4.zqca.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-hnb5bl.g9cvn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1fqbjy5.9r7t.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-133dfea.94uy.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1dubjng.3hx2h.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-17079ew.5c6k.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1ec789i.hjp7.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1flm1pg.d968.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-9hi8em.wltu8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-6oaxsj.2qmps.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-188zwxe.jiir.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ho71yv.x1s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-pfezr5.uumvg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-9lpak7.44gvf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-65xnxl.lpdf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1gfv9do.l9ey.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-vjul8y.2c5gm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-fbq9qh.4x6kl.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-hm9blg.x4zgm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-l4y455.as5.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1rvvxy3.2b9m.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-g8kup2.jh93g.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-fcmj52.bw97l.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-146rwvv.0nhj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-sxa9i8.gjx.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-tlgmxx.iyhg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-4u71t3.8gn1b.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1q3anmx.itdgj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-vyzybv.or.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-8vdamj.9oqnd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1y2c4d2.7x6e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-hd5i3l.cwgdb.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-19i6bnv.q6rm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1qwkfu7.aiv6.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1gypjgp.3ptce.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-11bo25q.wmrw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-103otf.a6kz1l.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1xu1f8k.82oh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-4sy6a1.wz7ml.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-19qisus.dzdd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-o7kjkz.gpme.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1yiu54h.geukh.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-7azxbb.hpgv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-269ize.gf6uk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-2ax5dh.jgpyo.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1uioyj3.l5hf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-12yefgk.529d.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1krb7g9.d03y.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-46gm3c.sj8lk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-110e82.ib6gca.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-zi80v.bmv6o.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-gjk80r.rd0hf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-bod7bp.cnftq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-15j9bmx.qsbp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1g48fmt.luw.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-19ravsb.bzc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1wtnyv8.s3k2.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1yzxvh4.zqca.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-mq331v.lyab.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-gr98re.glecg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1fgw99k.ytutl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1fqbjy5.9r7t.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-17mjalo.ve29.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-9hi8em.wltu8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-n8nslu.rds7d.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1jrqkaw.h8xcf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-88vaob.cfcfi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-5693bl.t5mco.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ub30q6.8khq.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1enves3.2rwwg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-15ktyn1.xf4a.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1mft3hg.nj5k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-g8kup2.jh93g.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-146rwvv.0nhj.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1dubjng.3hx2h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1coqlzl.h108.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-vjul8y.2c5gm.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-pfezr5.uumvg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1flm1pg.d968.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1n76csy.h5rt.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1hxmooh.iq7q.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-pggy3e.yeaq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-fbq9qh.4x6kl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-tlgmxx.iyhg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-hm9blg.x4zgm.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-vyzybv.or.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-tdmg74.094bq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ld3wdn.qo5ka.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-e59r.f07g1a7.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ngnzn5.yicz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-gd0rec.2uyg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-8vdamj.9oqnd.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1wb5xlt.iqf1.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1t09h95.p9dl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1wgk0g5.hg10f.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-yh354t.3c2m.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1p7ivu5.8dc7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1m3ojuv.aqqk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-9lojd1.hadzd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-djjsta.lv3x.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ztvqje.0es6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-timh9t.f49p.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-6pxrwm.673a4.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-88hf4w.xp03h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-17079ew.5c6k.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1uz690e.e0iz.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1mxa1yt.tl19.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-fcmj52.bw97l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1rqaf9d.aqp8.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-d5urvz.v4t5j.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-4x2lrr.ybtwv.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1uc4xlp.0f9q.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-441kkh.6v2sd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1vmrkd6.bdqgj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1a8pk8o.ghkf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-c2z7y6.vmzja.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1wxd84b.0mvx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1tgof5n.l1c3.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1ec789i.hjp7.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-9lpak7.44gvf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1gypjgp.3ptce.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-wa1cnq.6q08.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-17k0d2a.jidzi.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-199wv4o.0wgc.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1mev93v.moqzh.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-tjm8mw.mz87l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-7pzxd5.o3nbh.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-entlyq.2qrnl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1e4ddsz.vfwq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1c07w6x.o7oi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1nu9a3.05qd6g.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-gvxc4n.pidif.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-995imk.x7exs.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ebpr12.09xtq.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-13l7cp0.ndyg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1lpzdb3.iwy3.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-16z9mev.kucs.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-m09bdx.qwxe.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-qmnpj.nuphlj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1cc5h3c.llxrj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1bwgnd2.rnm7.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-sxa9i8.gjx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-q7u67a.rg1q.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ct72kd.r24eb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1qq1lf9.3aw9.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-4sy6a1.wz7ml.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1np90dw.0jem.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-11idcn0.p325.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-10iv2jj.sb11.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1yeun6y.tjk7g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1cgj7z4.8qejl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-rxtm1u.wyml.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1hysg2.g0hd2.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1qwkfu7.aiv6.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-janllp.5geli.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-12qo3d1.wxcd.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-inxwmh.auvfd.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-11euc08.r3tpl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1yiu54h.geukh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-mkx3ko.6qeab.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-xfozpo.1210e.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-kq12n5.dcvxc.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-8irwrh.i411w.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1of9zqg.n018.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1l744td.wlfc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1ngdpme.r555.jpg" "
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=gpu-process --field-trial-handle=1668,12479651944745129726,16166801356043990671,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5536 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-12yefgk.529d.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1ovnn79.p6tr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-h0pz05.w7bvf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-110e82.ib6gca.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1w41mmy.bfvo.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-zi80v.bmv6o.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-bod7bp.cnftq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1cwngwv.z35p.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1g48fmt.luw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1vu53qy.7mv1.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1m7lu24.ej9m.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-19ravsb.bzc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1z4wrd.4etvd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-o7kjkz.gpme.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-o2zjru.112kl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-5693bl.t5mco.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-n8nslu.rds7d.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-he8h5r.shfrq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-32f8s0.6d91i.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1fgw99k.ytutl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-mq331v.lyab.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1xvcpks.9fws.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-hj4ylk.xp0ji.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-7azxbb.hpgv.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1jrqkaw.h8xcf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-gr98re.glecg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-lc8b4a.584e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1enves3.2rwwg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1mft3hg.nj5k.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ub30q6.8khq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-t0h6uf.ifzbd.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-15ktyn1.xf4a.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1n76csy.h5rt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-18mxr52.g52x.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-46gm3c.sj8lk.jpg"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1syb4zx.4pnx.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1guj7jd.42xj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-5c0xrn.3lv9u.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ad5pvs.lqbgc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-yh354t.3c2m.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-olgyop.3kukc.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-3coxdc.28bu8.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-pggy3e.yeaq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-y4pjiw.83sk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-xwe67d.8qyp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1wxd84b.0mvx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-vawg55.5mnc8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-tjm8mw.mz87l.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1p7ivu5.8dc7.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ebpr12.09xtq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-q7u67a.rg1q.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-m09bdx.qwxe.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1cc5h3c.llxrj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-120u402.9d1y.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-ct72kd.r24eb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-sgcu8i.0zdz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-11idcn0.p325.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1td9euv.orks.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-vsk5f4.jydno.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-mkx3ko.6qeab.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1v0ltgc.p4a8.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-17pkabi.5zxp.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-dt40xo.jamnd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-2c3dpx.uicjw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-h0pz05.w7bvf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1ffpv6u.koqh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-o2zjru.112kl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-he8h5r.shfrq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-lc8b4a.584e.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-18mxr52.g52x.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1mq01c6.bnao.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-8zfuty.71xad.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1guj7jd.42xj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-kacuo8.q0a7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-15j6fhd.hz9w.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1yx560o.t7mr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-vueoy9.xxq6n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1vghrhs.4734.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-5c0xrn.3lv9u.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-l0wvs1.8ciyi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1o635wi.k82y.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-5asl79.7dgn8.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1qiuu0k.2rkpk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-48mygr.2g3xl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1s3oz03.yazw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-120u402.9d1y.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1ekjwdw.js0s.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1chpecn.51dl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-sgcu8i.0zdz.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-1v0ltgc.p4a8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-4172-gzlfoy.fqdj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-dt40xo.jamnd.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-4172-9x7vog.4etnd.jpg"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | whoevenareyou.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | 119.176.67.172.in-addr.arpa | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\fbe117eb-5617-4f68-ac0e-ae87fb9c1c24.tmp.node
| MD5 | e4c111d47eb54b62dab8cb12540b9e39 |
| SHA1 | 09be3e7d9eec1853dc628c8c3b90e7b670921029 |
| SHA256 | a05338fe1e0eb08230717ad2f3587a5c1cb4bd10a673c40a3059f70ae0e7e6b1 |
| SHA512 | f9ec1e62c08425382b48320d2fb1a7fa412dea84825cc49b0297d5c6cfdcb80f32c54de28ac59e7a4c7557ae9900a8d3860fc7d23e486bcc28e603787d9f0f79 |
C:\Users\Admin\AppData\Local\Temp\05288c44-28ae-41cb-829d-5291919b32f1.tmp.node
| MD5 | f1e751eb4dbfa4a1b5f4903315fc535a |
| SHA1 | 85e1166819678f839954c473d7eb363a99e24a96 |
| SHA256 | b8c24de2fa870ceb677f30da0eabdf20745d0a9ebed98f49c52d881383c75096 |
| SHA512 | 2349745a84bc2b2f9c2b96999d48e37242a6c3627d7898cd9a36e682e36ec12553713db7167b3a9cd20ec308ce11d84f09f06beb3e971823d8b4a959f457b182 |
memory/3184-12-0x00007FFE79D40000-0x00007FFE79D41000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\8e22bb57-a842-4830-b158-bb5bbcbc9125.tmp.node
| MD5 | d4e6004197508892d18fc47645b25f62 |
| SHA1 | 1afceda2531e593c00de7ab994f928a150de5b4d |
| SHA256 | dc29d32decbd161ea4ff1e645d3fdf7a1ce3db0ee25e5485bc19fc775922b71c |
| SHA512 | 0be017eaba3764eb9f38e78248528a9e025958e713a8eb4a8f9b03d087267e107ceef8525a4ecfcbb684b077145fb0161e5dbe05f9fd95f8f94a140fe3ceb8a4 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt
| MD5 | dec2be4f1ec3592cea668aa279e7cc9b |
| SHA1 | 327cf8ab0c895e10674e00ea7f437784bb11d718 |
| SHA256 | 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc |
| SHA512 | 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Cookies\Google Chrome_Default.txt
| MD5 | 76b15962038ddc53a535e77abeed6928 |
| SHA1 | b2225b888132fec7fbe1cb004c27804d339dbdeb |
| SHA256 | 12c86c7f376d7fc4d14af18418043e84bde83d7a48cd7f4468dc976e230537c6 |
| SHA512 | 77ac68c8a671d098777ddbbd0ac6c3c1740b2425d27f246c983a3d93c41d2fe5f8582651c3c3287c166cd3f374c52f29c7263c3ec6f675177b2de9ba304fd497 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt
| MD5 | 810ae82f863a5ffae14d3b3944252a4e |
| SHA1 | 5393e27113753191436b14f0cafa8acabcfe6b2a |
| SHA256 | 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c |
| SHA512 | 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112 |
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat
| MD5 | da0f40d84d72ae3e9324ad9a040a2e58 |
| SHA1 | 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f |
| SHA256 | 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b |
| SHA512 | 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9 |
C:\Users\Admin\AppData\Local\Temp\RESCFB.tmp
| MD5 | 41252f1c3ef338bbb109c59fa8c25a42 |
| SHA1 | 2ba25840f0454399637c1998290cb964b78d6d94 |
| SHA256 | 1ea3e1ce3c56ae0c54fe87221f5a9ded9bb18a0fe1c325b65747b45fe87ed882 |
| SHA512 | 259b0a8cd7bc7f21842d233249c05d07391425d2ea69d67d49de030fbac24e8c8b67d81cdee3d7123b0c79986d9d0a725a28820e06fdfc43a9af875f0700320a |
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
| MD5 | 879bc979896ea620f8c6b65c488dec42 |
| SHA1 | 13fdd14d39f45f199dfef87ccff7ce7db983ae51 |
| SHA256 | fd4fb09864c7273a40a7474c54bf13adcb2f02e60ff78ff1dd556d092738eb22 |
| SHA512 | 88262211834a77028660c63c76b3c5f9c35986e55f49f6ebfdbd7da587c479f9b7d2d26ed2592bfb15c6ad64a901bfab2c5828b8fc28cbef2e351096f8fae9ab |
memory/5364-164-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/5364-174-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/5988-177-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/3320-184-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/5992-185-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024311-4172-1hztmvx.eu83.jpg
| MD5 | c87e8e11efcf9b8fd2550f467802a3c7 |
| SHA1 | 0d41109d7d3529521884fbbb6455fb82272c1b9b |
| SHA256 | e4963d6ba460643d3a85693c6385ec6b873773e1021a5c170660abdbcebb9d85 |
| SHA512 | 260dc7b038def6c8988dd66c40c17035f3949e46c4d2542186789283c55ffbc31150c583cf976a1c6a6def52fda1f610acfc7f3ad0781f85b43ec5d8d7652d02 |
memory/6180-216-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/6520-229-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/6996-244-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/7540-280-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/7224-279-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/4808-275-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/1652-286-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/7024-285-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/1528-265-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/6420-260-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/7304-294-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/7752-298-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/7028-319-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/7028-334-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/5372-353-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/8332-367-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/628-373-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/1396-378-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/8416-385-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/8424-394-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
memory/8940-413-0x00007FFE5C580000-0x00007FFE5D041000-memory.dmp
C:\Users\Admin\AppData\Roaming\Ghostbane\Network Persistent State
| MD5 | c78bfc02f23a43d0d80df15d1ca58d81 |
| SHA1 | 650eeb2e342160d61426e19bb6aceee5d34f77b1 |
| SHA256 | 0eaae20d7f25c7e6618a779344ef155a025e65941314dba9cdcf129a6c44ea1b |
| SHA512 | bd7e6bdcccd95e5f60cd696644587dc2a65425a721349efa5315c4276dc0caa7ea98e2f4eb1e6079d0b66aa108f4da37d6ae525aa6da1ffd08e161bce88151e1 |
C:\Users\Admin\AppData\Roaming\Ghostbane\Network Persistent State~RFe591592.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/4560-714-0x000002CFC22A0000-0x000002CFC22A1000-memory.dmp
memory/4560-712-0x000002CFC22A0000-0x000002CFC22A1000-memory.dmp
memory/4560-711-0x000002CFC22A0000-0x000002CFC22A1000-memory.dmp
memory/4560-719-0x000002CFC22A0000-0x000002CFC22A1000-memory.dmp
memory/4560-721-0x000002CFC22A0000-0x000002CFC22A1000-memory.dmp
memory/4560-722-0x000002CFC22A0000-0x000002CFC22A1000-memory.dmp
memory/4560-724-0x000002CFC22A0000-0x000002CFC22A1000-memory.dmp
memory/4560-725-0x000002CFC22A0000-0x000002CFC22A1000-memory.dmp
Analysis: behavioral14
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20231129-en
Max time kernel
118s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:39
Platform
win10v2004-20240226-en
Max time kernel
137s
Max time network
165s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2760 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.246.116.51.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:39
Platform
win7-20240319-en
Max time kernel
118s
Max time network
131s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1916 wrote to memory of 2336 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1916 wrote to memory of 2336 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1916 wrote to memory of 2336 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1916 -s 84
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240221-en
Max time kernel
120s
Max time network
132s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
161s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3668 wrote to memory of 2772 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3668 wrote to memory of 2772 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3668 wrote to memory of 2772 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2772 -ip 2772
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.116.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:39
Platform
win7-20240221-en
Max time kernel
32s
Max time network
157s
Command Line
Signatures
Epsilon Stealer
Enumerates VirtualBox registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\SOFTWARE\Wine | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe" | C:\Windows\system32\reg.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=gpu-process --field-trial-handle=1016,15444438410964901243,6550007024850517456,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1016,15444438410964901243,6550007024850517456,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --mojo-platform-channel-handle=1300 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1016,15444438410964901243,6550007024850517456,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1504 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
C:\Windows\System32\Wbem\WMIC.exe
wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
C:\Windows\system32\cmd.exe
cmd /c chcp 65001
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=gpu-process --field-trial-handle=1016,15444438410964901243,6550007024850517456,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1268 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1dg4d5i.drc4.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1br8ml5.qzhb.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-xmkki7.72lhr.jpg" "
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=gpu-process --field-trial-handle=1016,15444438410964901243,6550007024850517456,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2024 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1go5zv6.ypbkk.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-59dajx.4i5k8.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1j4tmtw.612a.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1lei9fa.a1gv.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-f72r26.56xq.jpg" "
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1016,15444438410964901243,6550007024850517456,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --mojo-platform-channel-handle=2336 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-v0l1yo.uyd1.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-dhgzis.67fc7.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1f5qs3z.ectz.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1agolsw.44wt.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ok3erv.o2gu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1c19rq9.c4a1.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-17ccnvb.t96d.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-7b2w5z.zr5v3.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-6okojh.x1zh.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-10q6m19.8d9nl.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-154gdg1.zb0bh.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-16y7v2u.9zll.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1f18zn7.5dx9.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1t2ly1c.a23l.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-xs20qy.o8c9j.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-17bg7bz.b8usl.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-131364z.39k9.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-k0ma.grbvi5p.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1302r5t.eo6p.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-frht9l.m4r7.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-nniy0z.zsi6n.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-yqeluq.idgoh.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ljbb8l.wcbd.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-m6bq3u.vif.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-9qmvr7.tapei.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-kvvg40.el0p.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-189gkq8.p44hl.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-3ga7qq.e4mvi.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-pj5gv4.wh1tn.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1e2ode1.3obtf.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-14v8v7b.fanii.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2F0C.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC8F8923223DFA47A093A181F4D6B954A.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2F1C.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC1F6F630F62A84B2085B08DEE8C979CE.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-l53qaf.069er.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-13g4mg3.nnez.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1fx0ann.0sp7k.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1sr373t.vet6.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-f07ah5.oh4w.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-17izurs.c8os.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-17izurs.c8os.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1lei9fa.a1gv.jpg"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2F5A.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC77C5547AA5AA4638B212DD2FF2D028AA.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-qgxcks.57o0q.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-qgxcks.57o0q.jpg"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31BB.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC8867FD5AD8034C628CC933A351824469.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31BA.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC7950020E7B3647949893B04E90401C40.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31BD.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC37A81A45CBCD444EA6E168695C19C970.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3285.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC1CBA03D344034ECD8999A994C11B455D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3037.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCD93DD545DAF44F56B3B49FD79139EB3.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES33AF.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC48E387B7100B4633B89B731929EF9B4F.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31BC.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCFF2280A059074173B89B93C19C21BA64.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES33AE.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC1B70135BC0FC46CEBFE20C7A69F3D92.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3478.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC71231EB21BC4205B423A6FF82933ED.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FFC.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCA9BFB87741664F75B5B6D3E6A97E76DE.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-zmduo8.s8uxl.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES32E4.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC513B9FFAF5714D7DB41BF899A33A09.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3035.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC488DCD3051574C4ABFD0981017355B55.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FFA.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCCC1AAB738DA847F5A9584A3AD79538C4.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31AC.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5A09B43BE88B4F59BA98EF127EB361C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FFB.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC81AE0051A36541F98C1B3FC556D991A.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FD7.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC97AF6F7FB604EDDB2BEEDB1559220B5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FF9.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC937DB45DCC904E45A5ED46D2697D64D7.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3034.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCA7790A824EA34BE1AADAE029CBE08B5D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FE6.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC9F364C403B7C4A7EB0E87E9127CD80.TMP"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-zmduo8.s8uxl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1twkg2u.0noe.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FB8.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCED16E787ED2644BABD9111CA619EC42B.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES32A4.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC7F957C5182F74C9FA8879BB802523E6.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31C0.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC8D1E03BD8FEE41759786F63CA4C256B4.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31BE.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC104FFA8FCA5E4B76879C8A28D858881B.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31BF.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCBB78B4DE24D7498CBEF2E4A7EF2801D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FF6.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC4637D1FB3F9C488A9A14E6AB8F7B8FAE.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FF7.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCAFC538516C77440F9E98230AA64C4C3.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31AD.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC97D5704151241A790183C5D3E3A4DEC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES319B.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC164700CA576E4E78A9B0201BC39297AC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES30F0.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC75F0B4A7410442029F6E770ADFA90D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES344A.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC3FA5A4634CC94445A63398C8E4A8691C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FF8.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5A7F61D9E4394232928687549D404CF3.TMP"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1twkg2u.0noe.jpg"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3036.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC3DEAACDF4ED4589BDE8D8DE4A9152F.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-scyg48.n706.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3340.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC8B8246951B59441284956BA04218E9.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31AB.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC538F193DC79A401393EC272C3C43D79A.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES32E3.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF82429E619440ECB5E948DB41366BD0.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES33CD.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC737565F952D140D6AC62147784AE577C.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-pmhwa8.tye8c.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-scyg48.n706.jpg"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES342B.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC87DDBECDEE154B9CB727A4293E199C0.TMP"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-pmhwa8.tye8c.jpg"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3562.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC1E1A7D2C90D24E1389E5E1A089C36597.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES342A.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC604B032D5BF4321B0F68618F424E77.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES360E.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCBE93F5D025944369BE7A8F7C3867F786.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-fjecjp.uglwk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-fjecjp.uglwk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-11gi093.pkzo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-11gi093.pkzo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1l9vco3.u7wj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1l9vco3.u7wj.jpg"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES37C3.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCCC10335AF7ED49D7B4443DD238AAA8E.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-mvknqv.6w7bm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-mvknqv.6w7bm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-gguxxr.ilyxq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-gguxxr.ilyxq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1feu6ch.s309.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1feu6ch.s309.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ls9ndx.n3ev.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ls9ndx.n3ev.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-iqyziu.7kz3.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1phbafx.jblo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-iqyziu.7kz3.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1phbafx.jblo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-3lfi92.wg7e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-3lfi92.wg7e.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-50m5jb.x18f5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-50m5jb.x18f5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1bphaaz.4s2o.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-5be2xi.ljym9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1bphaaz.4s2o.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-5be2xi.ljym9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ibbit3.70cx.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-oofztd.6sawb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ibbit3.70cx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-91ymwo.5e5pf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-18qjkc3.ve4dj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-oofztd.6sawb.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-91ymwo.5e5pf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1kedifq.pfy.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-9d7bfc.gcuz6.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-5lxywu.dxj4b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-18qjkc3.ve4dj.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1kedifq.pfy.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-9d7bfc.gcuz6.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-5lxywu.dxj4b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-gopb10.ogjeb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-gopb10.ogjeb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1urh41e.3058h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1urh41e.3058h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1pqsfmt.gkf5f.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-18l347y.bmld.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1pqsfmt.gkf5f.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-18l347y.bmld.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1lwjq72.2596j.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ilv7fr.4hx8p.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1190mcs.zyly.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1lwjq72.2596j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-qhqzw5.euhkh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1190mcs.zyly.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-buxejs.1twq.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1sks7jv.ysgd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ru49qh.54os.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-qhqzw5.euhkh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-11op3pv.z873.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-11op3pv.z873.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-abmt8q.wpmkl.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1xd443b.6sfp.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-fqzl55.2t2td.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-198cczp.g98m.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ogb7ut.b76v.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ru49qh.54os.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1sks7jv.ysgd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-nhkhe.h6c1fq.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-vl8bx1.r0wpc.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-15bbow.9tda5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-138tcdu.3dag.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1b9xumf.dok3.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1rccb5z.ow4h.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-89hn6w.r0en.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-zpogxh.hyfo.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1jil0io.17gfj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1elnoce.ywsw.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1kfyk4r.ardc.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-hdctc8.biiqq.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11499074481781375390-416344391451633512-96947180-163455075187105981435583890"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-d7lnc2.agbi.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1djdj7e.fq7.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1dsxdgd.twhl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-fqzl55.2t2td.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-198cczp.g98m.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1xd443b.6sfp.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-abmt8q.wpmkl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-138tcdu.3dag.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1b9xumf.dok3.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1elnoce.ywsw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1jil0io.17gfj.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-zpogxh.hyfo.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1rccb5z.ow4h.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-89hn6w.r0en.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-vl8bx1.r0wpc.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ogb7ut.b76v.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-nhkhe.h6c1fq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-18rttfm.bwzth.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ynn7j2.j8qb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1k6d8vk.lway.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1tswmns.g0jg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1djdj7e.fq7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1cgvbbo.vm1d.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1nt6hih.2i5g.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-e9fq1h.jrzsr.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-lk96.ssgvu3p.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ssw8mu.s5ns.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-8nq4tq.fmpdq.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-5joyx7.jg8kd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ktybup.7oug.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1abqtis.ovmq.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-15x1ptn.fgv2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ilv7fr.4hx8p.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-zjkktg.ztgo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1cgvbbo.vm1d.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1xawgke.lk9b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-d7lnc2.agbi.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-18rttfm.bwzth.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ynn7j2.j8qb.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1k6d8vk.lway.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1mleyh.0l7z1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-8nq4tq.fmpdq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1nt6hih.2i5g.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-e9fq1h.jrzsr.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-lk96.ssgvu3p.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ssw8mu.s5ns.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-5joyx7.jg8kd.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ktybup.7oug.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1abqtis.ovmq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-15x1ptn.fgv2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1imn0j6.ygx3i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1tswmns.g0jg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1oulet1.vxcj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-6c5y4z.yv0gw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-buxejs.1twq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1xawgke.lk9b.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-zjkktg.ztgo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1297zwp.yay5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1e2ffx3.jfh1.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ulr82w.qhfn9.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-10u3iym.z1n3.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ff06gr.8on07.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1xgk3v7.1afu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1g7x2as.w8ay.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-186z25v.a5n2h.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1yh6da3.wj5li.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ywi0ca.3s2wi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-6c5y4z.yv0gw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1imn0j6.ygx3i.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1297zwp.yay5.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1e2ffx3.jfh1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1q22svt.rv47.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-gjlkqc.iqg3h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ywi0ca.3s2wi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1o10ku1.mn27.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-12vp7fk.ou0p.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-pqy1w2.emomo.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1i6enfs.d79h.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-14452xr.8eed.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-16j9f2u.8ca8j.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1luykdv.oy5mh.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-r37ihd.u21za.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-15bbow.9tda5.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-hdctc8.biiqq.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ulr82w.qhfn9.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-10u3iym.z1n3.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1xgk3v7.1afu.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1g7x2as.w8ay.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-186z25v.a5n2h.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1q22svt.rv47.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1o10ku1.mn27.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-11xbjhw.2o8b.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ff06gr.8on07.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-tugdmu.8sv.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-5aku75.bz58m.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-h37qff.54mnh.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1fzjsbw.qnp8f.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-x439b8.87sus.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-f8ytx2.zrz5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-129af0x.i8r5l.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-koqjn0.7729.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-194j0sk.lz7t.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-6n65ts.qewys.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1512pu6.3m9v.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1dnu3xq.n6lhk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-t950up.lrce.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-wvr5uj.4ofa.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-d4s684.ni44s.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-rwyxvl.1mfu8.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1cuw7w8.qfum.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-13z9zey.8cmm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-195vapy.jccf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-iy5alq.70c79.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-19j1sau.6wpc.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ujta8w.26q1h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1yh6da3.wj5li.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1oulet1.vxcj.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1mleyh.0l7z1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-sgz2or.mzx4l.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-csr1an.sq5t9.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-e5wrnc.djkib.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1qzeqdc.nk2x.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1aj677z.jqii.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-gjlkqc.iqg3h.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-pqy1w2.emomo.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-r37ihd.u21za.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1luykdv.oy5mh.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-16j9f2u.8ca8j.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-14452xr.8eed.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-12vp7fk.ou0p.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1r6xkp9.y32.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-tugdmu.8sv.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1i6enfs.d79h.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-11xbjhw.2o8b.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1trpnpv.z6s8i.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-llaah3.71tf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1aj677z.jqii.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1r6xkp9.y32.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-sgz2or.mzx4l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1e3egix.n72.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-h37qff.54mnh.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1fzjsbw.qnp8f.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-x439b8.87sus.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-f8ytx2.zrz5.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-129af0x.i8r5l.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-koqjn0.7729.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-194j0sk.lz7t.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-6n65ts.qewys.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1512pu6.3m9v.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1dnu3xq.n6lhk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-t950up.lrce.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-wvr5uj.4ofa.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-d4s684.ni44s.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-rwyxvl.1mfu8.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1cuw7w8.qfum.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-13z9zey.8cmm.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-195vapy.jccf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-iy5alq.70c79.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-19j1sau.6wpc.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ujta8w.26q1h.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-csr1an.sq5t9.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-e5wrnc.djkib.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1qzeqdc.nk2x.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-5aku75.bz58m.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-imhoc5.j78qf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-g0c3od.aso3c.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-qg5ob0.zy6gj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ryledh.amhea.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-mkqeom.kwb1a.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ye8wwt.v1t1.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1qqjuz6.fo3g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1trpnpv.z6s8i.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-llaah3.71tf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-c9d4ks.jg5jg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-e68sfv.azzgf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-b4yiy7.8tvvv.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-9og8dw.n9paw.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-pg7a1v.zq9h.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ux1gk1.x71n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1dsxdgd.twhl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ahavxb.n0wd8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1kfyk4r.ardc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-i68iek.6qw8.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ohreke.hqpef.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ye8wwt.v1t1.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1e3egix.n72.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1qqjuz6.fo3g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1phgyoe.roht.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-136hd7a.bd2s.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1mys0eh.bp0h.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-yonqyy.dn3a.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-c9d4ks.jg5jg.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-b4yiy7.8tvvv.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-imhoc5.j78qf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-g0c3od.aso3c.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-mkqeom.kwb1a.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ryledh.amhea.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-qg5ob0.zy6gj.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-9og8dw.n9paw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-e68sfv.azzgf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-puozxm.bm2hi.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-v3b99d.a1m2.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1okk8vj.v8o7.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1vfpbqr.kf1q.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1vj3elx.a7oj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-18j7rr6.toa.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1wb9jd8.ocav.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-58zz49.qr21c.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-yonqyy.dn3a.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-vskbhp.kt9pn.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-4gkxk1.usqph.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1ohreke.hqpef.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1mtosj2.17tf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1u9gbpy.if6kl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1phgyoe.roht.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-j4z1ml.c4tk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-136hd7a.bd2s.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-puozxm.bm2hi.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1vfpbqr.kf1q.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-qyflav.40g4r.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1mtosj2.17tf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-cm31g2.c4s39.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1vj3elx.a7oj.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1okk8vj.v8o7.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-v3b99d.a1m2.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-18j7rr6.toa.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1wb9jd8.ocav.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-58zz49.qr21c.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-4gkxk1.usqph.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-i68iek.6qw8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1tv7ygz.dwwm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-yhcjnd.mmtu9.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-au7ckt.f0kns.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1g1vy6a.mbui.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-99daik.obyjm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-130zqr1.v26f.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1u9gbpy.if6kl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-qcp52f.3vbb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-yhcjnd.mmtu9.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-pg7a1v.zq9h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-vv3fpe.1cven.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-cm31g2.c4s39.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1g1vy6a.mbui.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-99daik.obyjm.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1tv7ygz.dwwm.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3016-ahavxb.n0wd8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1wxipbd.io5yj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-yve9rj.69j7a.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1adndqe.t6qt.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1sdcnil.f2is.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-rmisyt.62hg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-19idsn5.ttw5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-1owv6t5.8e9x.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3016-15ipsr9.d797i.jpg" "
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | whoevenareyou.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | r2---sn-aigzrnse.gvt1.com | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
Files
\Users\Admin\AppData\Local\Temp\fa7c66fd-2151-4be6-a3f0-d966fc9fbf9a.tmp.node
| MD5 | e4c111d47eb54b62dab8cb12540b9e39 |
| SHA1 | 09be3e7d9eec1853dc628c8c3b90e7b670921029 |
| SHA256 | a05338fe1e0eb08230717ad2f3587a5c1cb4bd10a673c40a3059f70ae0e7e6b1 |
| SHA512 | f9ec1e62c08425382b48320d2fb1a7fa412dea84825cc49b0297d5c6cfdcb80f32c54de28ac59e7a4c7557ae9900a8d3860fc7d23e486bcc28e603787d9f0f79 |
\Users\Admin\AppData\Local\Temp\146a21ad-e4fd-4035-8bc3-4a3ae62548e0.tmp.node
| MD5 | f1e751eb4dbfa4a1b5f4903315fc535a |
| SHA1 | 85e1166819678f839954c473d7eb363a99e24a96 |
| SHA256 | b8c24de2fa870ceb677f30da0eabdf20745d0a9ebed98f49c52d881383c75096 |
| SHA512 | 2349745a84bc2b2f9c2b96999d48e37242a6c3627d7898cd9a36e682e36ec12553713db7167b3a9cd20ec308ce11d84f09f06beb3e971823d8b4a959f457b182 |
memory/2556-9-0x0000000000860000-0x0000000000861000-memory.dmp
memory/3016-26-0x0000000002BA0000-0x0000000002BA1000-memory.dmp
memory/2556-58-0x0000000077890000-0x0000000077891000-memory.dmp
\Users\Admin\AppData\Local\Temp\a832a330-833c-48da-b253-1de6e299942f.tmp.node
| MD5 | d4e6004197508892d18fc47645b25f62 |
| SHA1 | 1afceda2531e593c00de7ab994f928a150de5b4d |
| SHA256 | dc29d32decbd161ea4ff1e645d3fdf7a1ce3db0ee25e5485bc19fc775922b71c |
| SHA512 | 0be017eaba3764eb9f38e78248528a9e025958e713a8eb4a8f9b03d087267e107ceef8525a4ecfcbb684b077145fb0161e5dbe05f9fd95f8f94a140fe3ceb8a4 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt
| MD5 | dec2be4f1ec3592cea668aa279e7cc9b |
| SHA1 | 327cf8ab0c895e10674e00ea7f437784bb11d718 |
| SHA256 | 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc |
| SHA512 | 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt
| MD5 | 810ae82f863a5ffae14d3b3944252a4e |
| SHA1 | 5393e27113753191436b14f0cafa8acabcfe6b2a |
| SHA256 | 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c |
| SHA512 | 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112 |
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat
| MD5 | da0f40d84d72ae3e9324ad9a040a2e58 |
| SHA1 | 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f |
| SHA256 | 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b |
| SHA512 | 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9 |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\app.manifest
| MD5 | 8951565428aa6644f1505edb592ab38f |
| SHA1 | 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2 |
| SHA256 | 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83 |
| SHA512 | 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5 |
C:\Users\Admin\AppData\Local\Temp\screenCapture\CSC97AF6F7FB604EDDB2BEEDB1559220B5.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
C:\Users\Admin\AppData\Local\Temp\RES2F1C.tmp
| MD5 | c7aa5b734a99b43303949a7f86951fcc |
| SHA1 | caf202429f092abdc85ed9272016a65df7e7b8a1 |
| SHA256 | 0d3786491e5eeae4357d716c0e2436d4a59e72f518378424b68f180534910bfc |
| SHA512 | 48f05fe8d65081ffc2cae1d6c194bc97b5380922ee4279011e3bac5f10d82a00439f4df719f4144e101790fccf881e4b14d5b7da1e90dd333fa6d8b4b373a209 |
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
| MD5 | a8f231dfe9c9636526ab7adf429ff6a1 |
| SHA1 | 4870aadfa037e229c2bde9828c1a12c961bf9074 |
| SHA256 | 7c96108f7a34e8fc539a5c676d755f7919862243eb77c211a72d7307d49409ca |
| SHA512 | e774ab0cc8dc3c0db87a6d32d55a273296821aecb5612bf24eca3dd80936c21c26eea6797a298be0aaf183456ddcb2e1e2d085718e4e64d53cf80fde7b55cb72 |
C:\Users\Admin\AppData\Local\Temp\RES2F0C.tmp
| MD5 | 037446d3e276bbc5ed546f5f835cd113 |
| SHA1 | 4bb75b4880f1cdd1b4392dcb802390acc216f208 |
| SHA256 | a9feb113736e3b514ee0addf2957f812be19470ecbb38ee8a159a12b946b26ea |
| SHA512 | 586fce0ec34fb72273e88633142f6ebda34f72c923732325647e2f34cc642ea0dfad16d385e0cc13e0c7c1e8126c4704456878ab1f0842214ead52a127a3cd43 |
memory/3752-370-0x0000000000070000-0x000000000007A000-memory.dmp
memory/3788-379-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024311-3016-1lei9fa.a1gv.jpg
| MD5 | dabdaa372e0a6350ea25255d7c45c4cf |
| SHA1 | d859d31924be44623a88285caaa2af0cca8d7e58 |
| SHA256 | 78d497f3e70e558b6d3e697577159dea83e61564b199738ca3ce1260b269f1d2 |
| SHA512 | f4f0fedbe3dc8d5a2b5dba21c48cbd883094d88ecf6a68a0982fe8a45c8dc1d52bfbd85289b3fc790267b5cb08749d405d1ad977d84b0c2a2f6c459a78fd35e3 |
memory/3892-404-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/4000-403-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/3752-405-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/4072-429-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/1276-471-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/436-482-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/1592-495-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/3124-499-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/3156-504-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/3172-513-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/3424-519-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/3124-528-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/3788-538-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/3256-543-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/3172-549-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/3424-562-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/964-565-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/1944-591-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-598-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-593-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-608-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-610-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-600-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-584-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-581-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-580-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-578-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-571-0x00000000069C0000-0x00000000071C0000-memory.dmp
memory/3156-534-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/1592-516-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/964-508-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/1944-669-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-666-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/3956-629-0x000007FEF32B0000-0x000007FEF3C9C000-memory.dmp
memory/1944-683-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-685-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-881-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-889-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-887-0x00000000065C0000-0x00000000069C0000-memory.dmp
memory/1944-884-0x00000000065C0000-0x00000000069C0000-memory.dmp
Analysis: behavioral11
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:39
Platform
win10v2004-20240226-en
Max time kernel
128s
Max time network
204s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.192.11.51.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240319-en
Max time kernel
118s
Max time network
129s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 224
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240221-en
Max time kernel
121s
Max time network
131s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240221-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
170s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
5s
Max time network
155s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe"
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe" --type=gpu-process --field-trial-handle=1584,10807445711293924242,15207587896280415050,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,10807445711293924242,15207587896280415050,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --mojo-platform-channel-handle=2084 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --app-path="C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1584,10807445711293924242,15207587896280415050,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2464 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM msedge.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
C:\Windows\System32\Wbem\WMIC.exe
wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
C:\Windows\system32\cmd.exe
cmd /c chcp 65001
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1584,10807445711293924242,15207587896280415050,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --mojo-platform-channel-handle=3044 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e0 0x2d0
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1n3pfob.6g3h.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-k3trds.ppbhd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-11l5gz9.111wk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-r9p8bf.jv2wg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1imo5d.kc3a4.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9F0F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC52F057F080F54BD39413C26D5F34978.TMP"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1va7bqj.igxm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-hamikz.nep5e.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1w3uhdf.q6lu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-8l7a24.oqll.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ghdx9q.a6tk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ndch65.ccbi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1n3pfob.6g3h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1wzm78h.ypdm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-14blmrd.4bio.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-m6wojx.3syel.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1luzspp.9e0m.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-wuy85v.8g2fo.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-njhbl1.h7qbh.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-dv1ctj.i3xg5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-t6bt3t.35n0i.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1xcqmo3.b4m.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1i06jz9.vx3f.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1hz81ro.q98u.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1n5iiln.70d8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-r9p8bf.jv2wg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1gbig5z.cd7v.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1pd19wq.1siu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-ctqd9c.47hnu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-cm1k1p.tvxib.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-pwwwjh.be5d.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1imo5d.kc3a4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1qiiw4j.qugz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-k3trds.ppbhd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1p9qkea.y1z1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-11l5gz9.111wk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1dz4qmq.m4xu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-15wv9uu.40rm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1t130r7.leku.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1aykeqx.v3kci.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1b2sul2.lbgl.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-rjsn2g.qh7gj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1hlkuu0.leuzl.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-iscn2c.n0flc.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1sfgwd2.cymt.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-flqotk.hy67.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1tlfk3d.rbj2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1va7bqj.igxm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-hs1ag9.k19gp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-hamikz.nep5e.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1s56suv.o8kd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ehtfdy.iode.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-pyt1r3.k37zk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-unw4cu.tlp5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1715cup.0zcn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1w3uhdf.q6lu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-bkvt89.bm91.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ei0utm.c4ba.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1k86iej.6vpb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-qx22ik.b58p.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-t7nkau.v7r08.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ss2ocj.eivd.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-ygnuux.1csfb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ghdx9q.a6tk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-8l7a24.oqll.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-tcgsu2.29m1.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-bn66bd.1q73q.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1h968zk.qdy3.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1mqxswc.9mpi.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-16aavhl.e4yj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ndch65.ccbi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1iltjj3.4nlql.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-zmmu2i.j0cq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1wzm78h.ypdm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1xe1gfy.ehf9.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1jvyc87.58ab.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-14blmrd.4bio.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-bqbos3.hazlu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1qbejns.gwk5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-m6wojx.3syel.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1luzspp.9e0m.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-12sh20z.8i49.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-wuy85v.8g2fo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-16dk6p4.s0qm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-njhbl1.h7qbh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1sjzy0o.qex5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-xmcxsj.hzgc.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ghctay.a2nm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-dv1ctj.i3xg5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-vb8416.nmgmc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-t6bt3t.35n0i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-18nai1n.6g1n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1xcqmo3.b4m.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1hz81ro.q98u.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-sj9ram.szjkl.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-6qhynx.xvb8p.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1i06jz9.vx3f.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-4azftv.5wuab.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1n5iiln.70d8.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1gbig5z.cd7v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1epo20z.1z4.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1mamdav.p0t2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1pd19wq.1siu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-19fe8wf.snw1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-ctqd9c.47hnu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-65qhn4.5aujs.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-pkw2qc.ggn3.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-q5vfop.kgipe.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-16yf8z6.c7hef.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-11j89e0.q4fp.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1bv84f7.5jz7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-cm1k1p.tvxib.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-6jfvjt.mr3xb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-pwwwjh.be5d.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1qiiw4j.qugz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ko7mr3.o9asj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-11ky94q.97cr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1p9qkea.y1z1.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-15wv9uu.40rm.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1dz4qmq.m4xu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-fnynl3.k2bf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1t130r7.leku.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-11zu3xs.xl7q.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1lg6l8g.2e81.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1aykeqx.v3kci.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1hihatr.98h5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-t1qe33.r1p1o.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-usdsi6.7regf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-rjsn2g.qh7gj.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1hlkuu0.leuzl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-l995ee.pl3ee.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1sfgwd2.cymt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1k3yipo.dbimj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-yc7kos.zdan.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-iscn2c.n0flc.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1b2sul2.lbgl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1qtly20.4tgx.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-h3nart.2voir.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-f5mehf.ohqk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1o2t6eg.grkk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1tlfk3d.rbj2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-twhhjg.q1d3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-hs1ag9.k19gp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1k5c3cj.8wldf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-pq0qv.32foml.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-t86e6c.79gb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1n98ol9.o1ph.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1s56suv.o8kd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-112amwj.n5w4j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ehtfdy.iode.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-flqotk.hy67.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-18vz8pw.j28j.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1jbbikn.298zk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-oqlwn4.f6mwn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-pyt1r3.k37zk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-122nar3.kxv7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1k86iej.6vpb.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-bkvt89.bm91.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1715cup.0zcn.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-unw4cu.tlp5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-jq98vj.2txne.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ei0utm.c4ba.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-15q201d.ix65.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1peks9l.f54r.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ss2ocj.eivd.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-qx22ik.b58p.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-t7nkau.v7r08.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1rwc02j.sjxqk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1axrehx.d8i2.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-ygnuux.1csfb.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1mqxswc.9mpi.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-bn66bd.1q73q.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-tcgsu2.29m1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-kpm1vw.jb52i.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-6ltgx5.i9j8c.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1iltjj3.4nlql.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-12jpvow.25bjf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1r81f5q.zlrh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-16aavhl.e4yj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1oz6aue.w2o1f.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-zmmu2i.j0cq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-wpk5ng.yvsa.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-joq6z6.nk3bp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1h968zk.qdy3.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1jvyc87.58ab.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1daim86.fccx.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-161m1mq.q8ge.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-16dk6p4.s0qm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-70rpmn.r9ih4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1qbejns.gwk5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1jikcy6.nf71.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-opzuoh.isdk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1sjzy0o.qex5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-mvbn9j.r2bc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-bqbos3.hazlu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-xfqr54.xpyra.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1xe1gfy.ehf9.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-xmcxsj.hzgc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-uhzfyn.0ncrr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-18nai1n.6g1n.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-6qhynx.xvb8p.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-buke4g.pk24.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-sj9ram.szjkl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-12sh20z.8i49.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-19fe8wf.snw1.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-4azftv.5wuab.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1mamdav.p0t2.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ulhenj.q0vy.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-q5vfop.kgipe.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ghctay.a2nm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-6szts5.f7p3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1ko7mr3.o9asj.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1bv84f7.5jz7.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-vb8416.nmgmc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1fvrkbp.zmh3f.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-fnynl3.k2bf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-13jopju.zetf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1lg6l8g.2e81.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1hihatr.98h5.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-11zu3xs.xl7q.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-usdsi6.7regf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-t1qe33.r1p1o.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1qtly20.4tgx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-v39zt5.xc82e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-l995ee.pl3ee.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1epo20z.1z4.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-yc7kos.zdan.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1o2t6eg.grkk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-h3nart.2voir.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1k3yipo.dbimj.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-f5mehf.ohqk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-65qhn4.5aujs.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-pkw2qc.ggn3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1v9cc9m.rp4xk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-t86e6c.79gb.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-18vz8pw.j28j.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-16yf8z6.c7hef.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-112amwj.n5w4j.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-11j89e0.q4fp.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-oqlwn4.f6mwn.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-6jfvjt.mr3xb.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-11ky94q.97cr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1fw5d9v.ry37f.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-15q201d.ix65.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1gzzm5p.uqil.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-kpm1vw.jb52i.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1axrehx.d8i2.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1peks9l.f54r.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1rwc02j.sjxqk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-6ltgx5.i9j8c.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-12jpvow.25bjf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1oz6aue.w2o1f.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1r81f5q.zlrh.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-wpk5ng.yvsa.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-joq6z6.nk3bp.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-pq0qv.32foml.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1k5c3cj.8wldf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-161m1mq.q8ge.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1n98ol9.o1ph.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-opzuoh.isdk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1jikcy6.nf71.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-uhzfyn.0ncrr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-50nx9p.5cwus.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1fvrkbp.zmh3f.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-13jopju.zetf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1v9cc9m.rp4xk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-v39zt5.xc82e.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-pbvh7x.qvlf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-6sq36s.pyf52.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-50nx9p.5cwus.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-i116vb.dmj9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-6sq36s.pyf52.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-i116vb.dmj9.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-pbvh7x.qvlf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-16z9v9i.8430k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-16z9v9i.8430k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-dsicwo.bpfk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-dsicwo.bpfk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-13xsswa.9qeq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-13xsswa.9qeq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-13rafkz.3xy3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-13rafkz.3xy3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-t9betw.k999.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-t9betw.k999.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-9vzjbg.7j0dr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-9vzjbg.7j0dr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1w786tb.7xx7j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1w786tb.7xx7j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1pq7dw1.6n76g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1pq7dw1.6n76g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-k20xc8.z3w7h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-k20xc8.z3w7h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1gpjhw8.k5nq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-1gpjhw8.k5nq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-155rs90.szxf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-155rs90.szxf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-3148-neoph8.wbopt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-3148-neoph8.wbopt.jpg"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | whoevenareyou.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | 119.176.67.172.in-addr.arpa | udp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 54.40.21.104.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.4.4:443 | tcp | |
| US | 8.8.4.4:443 | tcp | |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | 50.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\chrome_100_percent.pak
| MD5 | 4f7cf265db503b21845d2df4dc903022 |
| SHA1 | 970b35882db6670c81bd745bdeed11f011c609da |
| SHA256 | c48e6d360aee16159d4be43f9144f77d3275a87b3f77eae548e357601c55fc16 |
| SHA512 | 5645d2c226697c7ac69ce73e9124630696516fc18286a5579823588f93a936da71084a3850f1f9a7b34c624f4c502957107f5957ffba5e6c1e4da6d8da7d3348 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\chrome_200_percent.pak
| MD5 | 6a7a9dee6b4d47317b4478dba3b2076c |
| SHA1 | e9167673a3d25ad37e2d83e04af92bfda48f0c86 |
| SHA256 | b820d19a7a8ce9d12a26837f967f983e45b07550b49e7b9a25e57b417c5f6fd9 |
| SHA512 | 67466e21a13ca449b014b511fb49bfc51df841eb5776f93b4bda2e0023da96d368ac5c65de051ed9de1899275b9f33839af2c387be903688cdb48bf08993791e |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\ffmpeg.dll
| MD5 | 7977f3720aa86e0ec2ad2de44ad42004 |
| SHA1 | 04a4ef5ccd72aa5d050cc606a7597a3b388c6400 |
| SHA256 | 61c6bd5fee2c150265241a15379c4053b174b1cd7687749629afcdbd1264a02e |
| SHA512 | 8ef3b8f506b5ad7241b96d381a501033266358fb3756a457c46ed499547db1232012f849838e65f916129fab1a0d74711e9851b8e0669831acbbf4c3494e492d |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\Ghostbane.exe
| MD5 | 5abad6a792f99a272e7606aefe2ffc05 |
| SHA1 | 5ec68b154c3ba8ee9e12cf9d27d8ef9fde6ccd28 |
| SHA256 | 7a9ad5a6e6b9878c79d62db40f9a00d70771ff811258286d07d7d3dbdab6659d |
| SHA512 | d45ddd4ab898d7eee062660af939aa2ce4ee5b7caf51d962e53160cbaacc0f93a70094c4d679238bd2c4e07836d824456b81ea1f286c77925fb0ff8956f15a40 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\icudtl.dat
| MD5 | 2e7d2f6c3eed51f5eca878a466a1ab4e |
| SHA1 | 759bd98d218d7e392819107fab2a8fd1cfc63ddf |
| SHA256 | b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa |
| SHA512 | 0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\libEGL.dll
| MD5 | 7b77074945dfe5cf0b1c5a3748058d57 |
| SHA1 | fdea507ac2be491b8ad24ddc1030ea9980c94c0d |
| SHA256 | 994972c1bc515c199552d50e97ad217ae15a3eed16db06181c7df50e743e8a56 |
| SHA512 | d637b2c7d75723601af099317a39820d3edbd3cea1e1cb20b702deb6ca7fdb0b67e1351cc8fee1c7badff957fffb848a8dce18bb25bfd60c81a588da4f68c1fd |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\libGLESv2.dll
| MD5 | 8c93e19281992a00993fc0f09e272917 |
| SHA1 | 3a2d12bc85f829775ec8c5c1f8e35a783d37b7a7 |
| SHA256 | 1ebc1da8d7e463a5d3dc127a632989ef35cfbd94cb18bf1f8ee790f172d43703 |
| SHA512 | c4ec65378d83e6645c9128825853de2d3e82c0f430cd28fdc761eaf2d011267c3794b7c1dcef017750323873d7fe976656eebf9ed7c03582741d43738f3e0c7c |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\LICENSES.chromium.html
| MD5 | 4247afa6679602da138e41886bcf27da |
| SHA1 | 3bb8c83dc9d5592119675e67595b294211ddbf6e |
| SHA256 | bf59a74b4404aa0c893ca8bbe636498629b6a3acdff4acb84de692462fd626e4 |
| SHA512 | ad3103f7fd32f0ec652bc7fcb8c303796367292a366037acad8e1312775cdd92c2f36ed8c34a809251ad044508e1e7579b79847de61025baf8bda5ad578a0330 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\snapshot_blob.bin
| MD5 | c497639990ef3d4435fd721e8e855c9a |
| SHA1 | 85e7df364daab70730c756b8e24e81965d5a2255 |
| SHA256 | 5e15a82831965e521bee172e6878806bba51d410d1fdf1b4eb01385d1954502b |
| SHA512 | 63f2514d585dd7d3b988f0aaeed8106a06b67629eb54f2152e8b4a24276d9f56fc4650c8770d0ab44b4c57ca458856a0cce5f26f6226a56a807b38ce5615ead3 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\vk_swiftshader.dll
| MD5 | 77f7b4f46cb3e06b53729fd1e562dfef |
| SHA1 | 223c09805220ff2b5c1dcbdd5c0396231ea34f11 |
| SHA256 | a648cd4671b12b469c4d2de20c2ba2429c9388c0f9d4b3d9d2244853d0e5acb5 |
| SHA512 | 6be9afda9320074c5842419cf8493d715ca65a3362d368d3a35e35a47d36f8197b0f19877485b41a06e21148613a77bb6275b0586c4a38da8a25efe6b5a6b571 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a718c9b6e5e6563e23e450a0d01b932a |
| SHA1 | 95ccb1228f024f037259e759dbac464f3c27b8cf |
| SHA256 | 315f5ed966a1f3a89c94d1b78b9bf70e59a2869601cf6551b2c1fd3e3b008447 |
| SHA512 | b04512e95ab3997bc7d5c65e2f526e124bf1895b139eb2b6c6c7b4a4aa381cd408eb2bba01f44b09b1936d24752baae288f24a32ed84687d3e7e0681b5387d01 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\resources.pak
| MD5 | 99c5bf0dcd43f961aa3e177f7dc42d42 |
| SHA1 | 5618abd2e7b45c50400bb4aa0c455bb0b28bc472 |
| SHA256 | 75ff04d991c2a203105525a1ccb200a461717ce7b86ada4be092fe903d95cdc8 |
| SHA512 | 2e508c46eb266301f42ee6a7d63494f3856b422df61d0b605096bf4fc4943239d3fba15161adf8cb1cdcfd3bea8608102a0abce636999cc2a9e01bda51cc77ae |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\vulkan-1.dll
| MD5 | 25afbdf6701013c57b19b92225920915 |
| SHA1 | 009300dd4ab3b81794388ce7d126ae90ff97535f |
| SHA256 | 22bb65dd206ce7ee10c05557933a04a04144e1a8228d2a9d1e9d704b0b1b2f7c |
| SHA512 | 575e38b60948cb704c355ba9cf3457f2693c30f95e85f10f795e759652bf4317e18ba480bee8aafcea9108415e8e58f674b22c7513a9fabee765142486919a0e |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\ca.pak
| MD5 | 53e3fb38f84f60b98d23b337e4f03f92 |
| SHA1 | 42e435837dd36872d2a413518a299cd293ff8536 |
| SHA256 | b00bd41c1222b3ea078df5b92cec1946e41430be241d0d57dc9baa4c70c91f3a |
| SHA512 | 98d0328e7370b1fec9e15ad0cff9e1353686fc581e3df9a8896e3c2e62ced044c4c51ea63f35ec8b7eb3e7df5c83ef5157468979b7f20e85480597042c1ac192 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\bn.pak
| MD5 | ee25e9cf28fdd35846d8a9b3c4220eed |
| SHA1 | 702342cc207ced1bb585195abcf263cbc4ea0069 |
| SHA256 | 9994b9832bce803bee8c48a8176653099df7768074e3c54d09a18593376466b9 |
| SHA512 | 2b703cd07bacc9f70e36844f148c980cb112a806b4ca11f692b9bbe6995fd5636eb9bdc84c5cfaf79790dbbb1ecf7cf2b61a7d6ff89311eb4907c586e20b7dbd |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\bg.pak
| MD5 | 5ed6adc6158f554e71bdac7dc9731b16 |
| SHA1 | 394c8396c566d2b92cef881c332624be812115fa |
| SHA256 | 0a3e79a6d270d212037ccb5a8730b7abfc45c6e9175dd7e17d997daed0985726 |
| SHA512 | 796f107698e82dfad9ec8d2ac1fc3f79b1f3a339a06eccd783dcd262ddb7399f8e3c093799f16640cf7a4488f1d2eb04ba6b7cb14ac9e9fcf87488cb8305b35d |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\ar.pak
| MD5 | 3a8a7a08fedb148ebee6d3300356e37a |
| SHA1 | 2e9ac1ea8b6396b909f823486538d5640ddcaa1a |
| SHA256 | 43636fc76a2da6ab562c4c3bcc1a5d548a169dc0e884484fb7e4341814c44c78 |
| SHA512 | 7951829cc7aa385bb5f8078a7af7d4f0b49fa8c05eecb2808eac3fb0e8700c63f92db888ad64f526d992a14d54948a6807bf06f9fb688aecea40311eaacea181 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\am.pak
| MD5 | ebe0e7e0c78fac281a3f0196da22cee9 |
| SHA1 | 689864d898905d43b8a70bdf37c5b339daaf48eb |
| SHA256 | 08d86a45ff0a4b21e74b06509c376ab0f907cae72a3e0cbf5c17fc275d10ac5d |
| SHA512 | 89b6603e5db8ad53ee5623c2c0f7e81194278dbdf5ed49c7480049006b20744fd4642743c2b4a264cafa87e7f787d6d6cbf26f12ff2b851333b3ba7541ebd933 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\cs.pak
| MD5 | f125738776a9fb8dbf25311fa3dadbcf |
| SHA1 | 3448b58d4810e69f5c1eca4e1484308c3ceff502 |
| SHA256 | 5d5089718677f9a4e677dec72058c376a5829921cd523ecb919d0da7766d3cd4 |
| SHA512 | ca5300e5fb73ed4ee8c108e875c66ce7f105693f3ba78cb00f33218febfdb3ea27fe26f118dff3fb2e4af66f722f8348760cb576aba48887be25fdfae4991776 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\en-US.pak
| MD5 | 0dcd84e9e50a3e0819d5875ea889ced4 |
| SHA1 | 7c47f6e4e0cafec3a13c07d689d1dd6ff6516b1e |
| SHA256 | 699b6d7f05a484e76d3e1197a656247863e570f03cc02634c9dc42078a5c5007 |
| SHA512 | 153fc15f676d78d5d0f3a6862fc7eaa60c2a659c25ce87485f0253c321d9407a9b799b959104c27a8e7b5487f0de926ae8f375e2c3d313329112e48f2d001a17 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\en-GB.pak
| MD5 | 074d3dd44706502de7c33e791794b23a |
| SHA1 | 564a73ffad9232052c692eb94f560d6b17227c47 |
| SHA256 | 9c3954a5ca2cf126370a1152e9281f41a7ca97c69293f556a2c79ea6729324ae |
| SHA512 | 6e1296d04b16534274fa438643ecee6e37d17ed935623f73d5a8f3510a194e0efda9ca60fac8d51d25763c4818050e23c306f9ee18284b8600610d14f7768d98 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\el.pak
| MD5 | db449f218a705453eb10b5f418e28d7b |
| SHA1 | 7bc8fcc59c532bb086a7f081cd8d275a89dac835 |
| SHA256 | 73da35d01b91707846775bea7dc0331fc1caebd5c63d101aa8bb8bb58ca7f193 |
| SHA512 | 7dce45bc723d62498b335be0ab72dfc91c44c01f96f25c2314e9245a0eab28a92dcaa730b11f108b604545592445ed1612721416f60ae3bf55b1bd438bd04f78 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\de.pak
| MD5 | fceb00caf7e76e688007665feae99e83 |
| SHA1 | 06fece84cf7028b3871f144258b8d084faf8745b |
| SHA256 | 80e63ef1950b8438813271365a7b6a3f3aba0bacc179f5675654249f31c06a3c |
| SHA512 | 08c14eb299a035949e6b64a069cadee66c420b7d66bb00d65d6a1a08fbee08a57ab08f8e77c44387f0fe02b47aeb0bf2709a1979025613cb51af4ab82fc3b6d5 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\da.pak
| MD5 | 22134b12d90fdc00f23a1e0a6fb04eec |
| SHA1 | 17c9fc2cacb6e5ccc393d1af9bdf3e8e63ecdaaa |
| SHA256 | 62020dd01b47b696e2e11d7f5598628c07782a96ea6bc013dc2ffe8c820b7c94 |
| SHA512 | 9cce6ffb2d84cedcc5ccf200080d6a2cab691468c042e8e48a5fdd809b5c0d067c322326e49d18f66da8e0b1d28adeda4cd03e12d7aa11350b72776737aa3427 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\es.pak
| MD5 | 39288ea031009bb9db582cbd93c7d534 |
| SHA1 | 467f76d33e39526a4d8cb6068eaf8e2791b3a9ee |
| SHA256 | 6cd39669df96b4b5b9047f7689338d3beb9ad7f8be2fddc595ef1ecbc47481c2 |
| SHA512 | 4a635e969cf2b09aab5f8723a3380c5e226bf0546019506d18de65c1e4a599d268b9ee2e03a65b245075f899a09697b7b535f1055c19344a411100c8f29d93b2 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\et.pak
| MD5 | fcdea2954549e5d8f1e7a5de36ae4f74 |
| SHA1 | 41dcdcefbbab3e0e908d98ec9b6bac7eacecbb99 |
| SHA256 | d875bca2e8800657306727902f4f5fceec7415ea530bfa780ece0f016f792569 |
| SHA512 | 37ea008078083a36b07b1f5d0ca6e16f62b06a19266d8042efc796bf33c53200f37d3a37f5b48d024dbfab9e6689ec9c3f22d6e37e3898fa7deb61ace1fb2df3 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\es-419.pak
| MD5 | cadd9ec43e823609c4bbdc418da6009a |
| SHA1 | 91bdd44d5972a4763227ee7c127fe122aefe195f |
| SHA256 | 6c8d074047d57a79cf5cadf9caa6e9a64bce0895743a3dd89ed1350cc91c1e4c |
| SHA512 | 2b9eae4072e46024e33f000b1df1a64246f70498a557f4a03234d3dd47aadb04883b98ebf48eec21f0d6ca4c8a62065f675fdb352be680a56644ea3ae1db93a5 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\fa.pak
| MD5 | e3f56d4b0fa2878ed6847631d3b05dea |
| SHA1 | 627f48d5423afcb3cade0789f058d60867419041 |
| SHA256 | 2ee67a38cce9ffae1a639be17c0ef7ed7c763d9c15c9621f300bf634e1f25a64 |
| SHA512 | e29c28717f31dc57c2294857680a439acec25478913ea425b0c7b6e50f3343b21fb7983c15352f9e3c001ffa0c8e500d92a1924acde32a4b5bf3f5b6c60c4142 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\fi.pak
| MD5 | 4f323a2eb73ccd029e742cee4dfa9769 |
| SHA1 | b860372d21cc55eb7ddbbf9f5bac61fed39426de |
| SHA256 | e1888472c8e1330e70e514d0a1936749a7e5d39f67e7edc818661c2cbf3e301a |
| SHA512 | d07d0f74736cd32d73b3a33867e65a25b727b5c30cb743162908e23d958fb3ae97285f600a9ef8196e61be9d450da5903d1e468fceb3b05ced93aa600387fddb |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\he.pak
| MD5 | 6010987755f300c7984dd3f72f518ab2 |
| SHA1 | eb85f0849a86aa5fb585efaa070d2d7300b197a3 |
| SHA256 | 1c84a575e28e9a72335ed13409d6861995bd9859fd57a4d9509fe912db4a56a9 |
| SHA512 | 4b77f74d986c16524a3a6c7f60cdbe53ac5be59418737835a7fa186e4b6ee853cce8317cce352fe4064c75a7d27bf1303d76eabc53993ff1e4b7758a8ccc6228 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\gu.pak
| MD5 | 57cf11b4352e59f11b20b7ab754af031 |
| SHA1 | ca1716d419f175a2dd548929fd551dcbd1ef4bd7 |
| SHA256 | 55588f211c26e1deb47b04d39728ec051b99334c55d30252b94df57d0fba2f52 |
| SHA512 | c74360769323b3267aa218e994f49c7e135d4f320365a349a5362c1755c4b660050a070bec6c5446d4620be97a341270b6c01289db20ddf5199ece23117110a4 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\fr.pak
| MD5 | e609419893f1d885a2f17f94805a441c |
| SHA1 | 31083ac114fa4077a7da7c796ab3744873fb893f |
| SHA256 | 8d71c36d04f2d6062458aa2614f7ce223b2ee9b4665556803f764f384b191091 |
| SHA512 | 77f965f436a009a5aacebed3cc15adde5a1054e1c699b8a50b947a7e78a97cf43317d50b0ab7a42532c77d320b7393007e47199f31c58f7acb6f462f98fdd4c4 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\fil.pak
| MD5 | 693abd21a6855aeaa31f6c738c6b6fc9 |
| SHA1 | bb1fa375a9f0c682d9913b1c1610535eb2b4028d |
| SHA256 | f0bb231c710c025ad4643e2128867de6e111da867384082e7dc2d0769976b6ce |
| SHA512 | 03c68c45e3144a73251d950a8c7695e5b9c2c66711134016543ac07ee6eded723324d5312fad4624d35d0bfe9861ca4b7440d2445e6d3d6cff4a1a3cd5263c98 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\it.pak
| MD5 | a2b9cce245e754258ea187ceb3aa2670 |
| SHA1 | 50f84fbcabea10385714a3c3a2483247ac040c02 |
| SHA256 | b72f89e5d2cacbd2db7ce28ceae35faab8c4199ec993fea64e8c78df882032d0 |
| SHA512 | 5e9cca2605d4a86d4f2b39845c8396c37f88b6f1d08c8f0e2b6f0896d60754331a588d0c0fc59e9ad8fccf0d50100a2307fff2d9df784f91537b1d9e108727ad |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\kn.pak
| MD5 | 90107e2353e707a6d071c9aabb5adefa |
| SHA1 | e4dfe445ca7830b3a56af38af1d73e3cb94abc73 |
| SHA256 | 9155b06ccaefbea6461f5c51e25ce25d85ca7bd557e76dae00a4d6a09a4bc424 |
| SHA512 | dead3b94638afbf4ef27e1cb5283ad2d0af73ab8996e7d2e8202ad174796121799992f577c974fc0ec53fe2b8f6fb4d37c3bef70b72c29b5b721377a0cf3b093 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\ja.pak
| MD5 | e720738027460b044429705f7ea1d25c |
| SHA1 | 851b59efad4ae074849fe41f40a56c5534caaf72 |
| SHA256 | c78fde77efbca1b3cc0cd12bda718d1a113bf6b6f3ed558b5c9a452dc974edfa |
| SHA512 | 08b0fd0ceff7ddfed26985bf84b54d75cead1f6fd4d5971da9e40996af6dc5fe9455c402f62e758020a6ccdb1ee0213cc2a5ddfa28a2bfb1e8064c6a4401c3a2 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\id.pak
| MD5 | b5e4e0092bd1063e8bd68d0b539ab005 |
| SHA1 | 5e3d12a6fb497687df81ed64de17b0502ea84f2a |
| SHA256 | 8d7ef1377d39fb6045c9d4b1bb064c329bd789ee33b6de530c187f1e713dd7f0 |
| SHA512 | 52b535a143bc13a03804cfda2d3f2f81f036b8d24897d1ef4a657ed290ba14e43d7cfe92c868cdef6b093b09b90119f7e50e8496eaf347c8e4fdfc13c5e306a2 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\hu.pak
| MD5 | ae13d7ddfeb82df9950c71a4ea0bd10f |
| SHA1 | 7b55315628060668f444b110031b1fc4715bda11 |
| SHA256 | 17758e2bc746f6d770fca8969ed0aa2d00658d68792d2e8bae94d7b58665d83f |
| SHA512 | f94247fecc4fda5bdbe9732f151cdffed337eee01f59aaab6e6452c570a549dfb87c0528484c1879a04af134ac883a21043c582d0a642e185e4e64e3aff830be |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\hr.pak
| MD5 | feea1754a955eb61cd41763be4e5ae2e |
| SHA1 | bb6252fec9ada8bf9ed7b81f59843d5abfcac80d |
| SHA256 | 787680ecb5d5ece246894481834b30145919c22b04d2dcad2f6ea2b2254abafb |
| SHA512 | 3d24c9ccb83f6ecf976df5cf00fdb0b46d53f09c1cb08ab68bb8d9944452785f40a761a152605708d7672f7dcb24e0b7cad1cfc14b267bf5fc1393cfd05ae4d0 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\hi.pak
| MD5 | 34bcb12c154075510d9d3066ad4a8d1f |
| SHA1 | 6a3c062221db4f391f8505892f584647b05a410a |
| SHA256 | 83c6c411d75ec5c5de6984b21fdecb07c9b926c66b67c5c99380605f6fdd8928 |
| SHA512 | aba38e4a8039bbdc46b510a8370c82d3b199b4a02da7751c162c941e6d893a9cdfc0ce92db4144ecc2b2644d58b0bc6cc7cceb0533c62c131cc55be0258c3a7f |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\lt.pak
| MD5 | 02e9c88d9d5e58d135c9a92effcce38d |
| SHA1 | 92421a5fac68d506fa904075ea7cf39a3da8efc3 |
| SHA256 | 38ad40532287da53fcdb6076b9cdb841bbb4f30162681707295bcab448149e65 |
| SHA512 | f0897d62e81eb6e2c56cf1a5b5ad5124521c345f70cab841071c7b70b16130984700d694a32dfa010460244d8b520ba1b217ffd76f75c074b5b3a9ccda26b02b |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\ko.pak
| MD5 | f21c6033fa73bc7d3358c2467c9048d2 |
| SHA1 | 939f209f00e6664294872e0dc3b33a9015a2f1fb |
| SHA256 | d19cfa8ae07f23b81c0d40d7e751628844fc1aafb83d4bb4dcbe71caecf6ea2e |
| SHA512 | a4a4909ca56d3d924639cf1adab6d9ee512132c99c8e3dd37f2b949a1c816ab29ce81c01c658022e680344516201fdb0440abb97e577e6946e2731411674566d |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\ms.pak
| MD5 | 0bb952597b170dd4dd76e9d9d546ac3d |
| SHA1 | 101aafdf6a4ac0cdba7bd88538e7ac395e715e3e |
| SHA256 | f6721ce0d4d601ffeff011d652a9bf2518386cd8c1d2317763e37512451534ff |
| SHA512 | 46c9b63273d6ea30ee63ff230d6b5600018ae54032e04a6707f5873ebd383d0d59645f8d0b44b8ce9a4d40d5acd3453b618b9c4fd3c1b958adb5aefba3465464 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\mr.pak
| MD5 | fd3452d812a6129b8b6db620423adca0 |
| SHA1 | 9bfe47a0e9f1843c90875f28d8873d592098024c |
| SHA256 | c9704a3e528092ef676be4a653cb14b906e7c32424d59c8e4f22981014bd9111 |
| SHA512 | 7ec30343e985f7bdc6a64fc13d50bfe58ae098b03e18afeaeb4c89073059698cdf40477f2323a52c5e8f07f37b28608c54734501d14ad6ae0c9a0f2f4ab0e689 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\ml.pak
| MD5 | 21aee42070f9eace2a8e14759526f05f |
| SHA1 | fedd83251a3fdb1846bf0e7e49a3a78cd77fae02 |
| SHA256 | 393d2dcd5c7c33945626fcf10ea4457649fa7b4c100c039898385133c26395cc |
| SHA512 | 60cc85a5a638d370710680bd39a6946d04660a0856bde49190fbc0002acf91617cfc3f3087a37cf592c047550ed2c5b73c2a769fbdffcacf4ad3ffa129c929e3 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\lv.pak
| MD5 | 7313fab584b7561b1fa63de07b972118 |
| SHA1 | 3a44d445f57a78867d37638a80ab39add3fcaa4a |
| SHA256 | 7b92238240c31c197029d41fdffc244f68caeb8002854f65ee3125bd95643598 |
| SHA512 | 05b067847a63c0419298616278678ade6a4fec4008323121ace5a09e22f6dae409494474f5a88adc703833691a7d4810546d012d4311e176fe58812f166b8ae3 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\ro.pak
| MD5 | 4d1ed9e347de9351454d11132c06e916 |
| SHA1 | e3734d17a579ac423ec5fdc5829a211c7b76e049 |
| SHA256 | 57dc80c76c535c645893c9d3b4d0c4779aaa877445383abec79e32cf02c41276 |
| SHA512 | bd3d0841678879a24eb6f2f15c27bcb64a5d7ad171debbb51e7601a3898b830b1985b365363a01d22967969d4d4ddf89a130a5a33ff6a94cef6410b0e89f1849 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\pt-PT.pak
| MD5 | e9f8bc9fd1e845551fe3bb63c9149726 |
| SHA1 | 0bfbe46e8ffd62493c019e890a30ebc666838796 |
| SHA256 | 50cadb4da4e61fc335d145374511c34e5a0e40f9c26363614cd907cc7942a777 |
| SHA512 | 1d3761caadc3ac750c0a89c64db472bcb0764fc1c4b1108a9443fa71633ec7fdd945120a6f05e76221d9c58103cc9865b4857877d57d60b623f92a0235ed15fb |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\pt-BR.pak
| MD5 | 3b70cbf1aa47436b78a5e8c7672ce775 |
| SHA1 | ff9f2820e5782f9eae0ea1d5ede61665fa62cc06 |
| SHA256 | 8b4a8a3b8741610c279283a6cb843cb274223f720edac1c73296340b02569fbe |
| SHA512 | 41e3b3264d8034edf9ee1ab696ca4612ee6ef4e8537b4598805362c4a250f81274425cfa2c9c62330fed73a683e6d3b2ff537b51d869d7da19c4422728da7c0a |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\pl.pak
| MD5 | 41fd7c76e30b333027e86e20a65283a8 |
| SHA1 | 81afebdfd62255d0b0ca508141dcd7b67982f4c1 |
| SHA256 | 5de95dc2236f896e66debfe2cc7553a5bfeaa7ffea2820fe1f2f67368af84f7e |
| SHA512 | c59132dc329ee72fa8e9e9c653da597b5fa40a6eb0a7988cf62b1bdaa646a9f09f504219bfbc5af394a12c9ab6050a39740460a3e5c3ed0946b556c33f608219 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\nl.pak
| MD5 | a17bff141aec095625d0420c7a609b08 |
| SHA1 | edf3746b20ff9e3bdbf09b195e7781da1f799a91 |
| SHA256 | 7482c28c2a42a94615118b6b8cc7d002415923ca104ef86a95a4ad05c8db36b9 |
| SHA512 | 903c50c39160e40920bdcce0dc337e83b03bba00481f82ebc8ac1cf6927ebfaa75b1f9791038a71632c5e79bf7331bbf7468cc626e303929801c08f54d092c8b |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\nb.pak
| MD5 | e5546ac3407546d6b786e24c7bc21ab1 |
| SHA1 | 7a9e44a525ae005d0b41020c403c4e1e49d237b7 |
| SHA256 | 751521cbf27777bc99f2039b987686f921cb27e02c959f6cbeb976799e45066e |
| SHA512 | becf51540db5a0893e6f44d588be98142bab5c2a0f37c0212348e3cf39da52def2fd104c039229b52767a9345890f5768ed897b4bde5c6feccd75036d8b4f363 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\sl.pak
| MD5 | cfb094955a5a8f655ce8a598d5a89706 |
| SHA1 | 181ace68b0c3be132ab73302ba7f7c8750f9adae |
| SHA256 | 15489195e92cf11354a9a02895aad2ba8f17aecb676dd77942054a4f3f0fd623 |
| SHA512 | a31e131663072c1192a4146321db5f0f457d27e14afc8ae40a92a4f255df4cd5302774534fed5247e145c73739a709dd5852af35750f35ecbab0fd4c1a612e2f |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\sk.pak
| MD5 | befec33f564454253ad90d6cc06ecf62 |
| SHA1 | 1fa0e082c89f9aa397551421a35b7dfc941f5250 |
| SHA256 | 9db30eeac7f1814158283affa0af6451c6f7966896cd6d6df8eab14a37e58c9f |
| SHA512 | a581faf67311eb8d81b481d1e3348f579745331f87523650a4fc35ddbe6d5033e726feab0ca3911ef76a21aceabc3e2122d16333d1b7840a933b5231a9e2d157 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\ru.pak
| MD5 | fd441a4b72397f5d76915ebcdef45aa1 |
| SHA1 | 94a0ab5704e7303c6ef1c2ee5be0b6f4a52d146e |
| SHA256 | df41fb92e4d682d47b5adf942600b4f23c1aa5274b31b844cd4c4b6f0ec86a86 |
| SHA512 | 5fab517ec0141bb67b4b5ac868100b770fc0b7773b94f977af9205294da9305a2079327a4ece1ff1d9a3b3c805c8d8676c2b0505bf190d1c57c4ed0c14a1cfdb |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\te.pak
| MD5 | 93edec428bdaa1f84f5c9478f440997a |
| SHA1 | e03f6bd50b0e0d888f9dfbdc87c98ff567e6a91a |
| SHA256 | a499f50e452ca02ea476fab8954e7ff58d2ee0c6263b8a4657b6ebddeecd2520 |
| SHA512 | ae34e29f1e8d23dacca66036e355b12ebb1117ec6e5e99413c792a0dc8b772eb63578b2406730b014fb4ffe32b05dfd9fab8adcf38ab3f5b9bfd0cf054ed09f7 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\ta.pak
| MD5 | 8a1a245b43af1f174f262d8f53014d59 |
| SHA1 | 655045f5c71aa2589851a66d5387d4125bbce1ec |
| SHA256 | 85d8ef6fb5fdbd1d689aa6cdbbb768376b08b03ff39f7528a3804a3b4bd82af1 |
| SHA512 | d71b73fd2b5658acf5825f142130c49c278c801fd8beb5fb2039a3c209a1214a9cc00fb6896735fa4d020bc2279afca1577f35fb0a96a315631d46656d2055d3 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\sw.pak
| MD5 | 70510abd3079bf26caf327989e810216 |
| SHA1 | ea640cb8b3c63d71d9b3a0d377fef5540b04fe81 |
| SHA256 | a11017a3e0e7f48338d4515ec9e79c1764387232a0d9a05fecc4b594bff40091 |
| SHA512 | ecbc97397557e27e66536a97ddf78a744c104b258d40d6f31972e6e5c6615699dd24eb02144ae0d3d53764da0f83a06f561ba95bbf08da4bf4a548b0e7f8c052 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\sv.pak
| MD5 | 773fc8c89b093c40191fc233730188c1 |
| SHA1 | 28001794144bdb76f62044d57e2d52c8ae1635c6 |
| SHA256 | 6aab29795a36a0234c6d447fb1fdd9011da505c348b934346a27b6a2ddb92ff3 |
| SHA512 | f9bfd3e72955104b922c34352ec16d56939eea634b9abd549d4a3342dd72f8768c85bff59814e419aee6469f6521f4f71fcfe9b8a81c1824187ba818f6d6caac |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\sr.pak
| MD5 | f4041623ce5e06d2dea58d532edb120a |
| SHA1 | 2d7ee3ef60b39e3508427c7bc12e046d7bf5e928 |
| SHA256 | f2f80d7325d259811afea1e7648c42d3ef3eebfeddaec27ee2817f4e68ab541b |
| SHA512 | 18691f4cee3eeaa2305d1c978d803fdf757d9c4e87e88e36d7b1fff482cfddd820568b39a1108065f61dd2cf10d7219c27813aad4d64e71695ab91084ec3c694 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\zh-TW.pak
| MD5 | 03ade5ba27cd3ae9bab6ab3a5cb721c2 |
| SHA1 | a747311a5f6c2e0e535efd52bc96f3c4d12d5c3f |
| SHA256 | 0c4abf7a66026068cd4f458d504cb04f3e04cf9fae45419ddc2d592f24899a2a |
| SHA512 | 33e122328773039595248a85dc0940841a1e273957ec9a4e175871b3ada48008b608ca6569b495275abb8e2a8844ee0c4d90b48af915a3f5a6aa44f3c37e51f3 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\zh-CN.pak
| MD5 | 20b6d54de42cf9c56f0a85fdc27d82e8 |
| SHA1 | cecb82b4afe8544876f443fcf578453358ab59a8 |
| SHA256 | 4140caf95939f116993ecd8bc5f7681991f96735d2397c9c7b4c66e3013eed24 |
| SHA512 | 646af407dfb85863f4555961f37f706c18b5c1e68b3111eda9f9b531ba2bb60cf67211ad634037b872156f0ddd04d50d68c49173a27a78ce59f75cbc2bb6c3bf |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\vi.pak
| MD5 | 98cb45f0555aee1985710196db17d72e |
| SHA1 | 1362238c253bc2a0e50c8dde6c95deb027fd6348 |
| SHA256 | 39a130557fea33a9c899f347fa3ed455e58bd51acc0b3b4586f76694b0f34646 |
| SHA512 | 93125310ade0c7029f0406aab291c35d2b7d1941f85bfd3d6071f85ff347c46e793a5ef164c08ebfcba252269a4aa84bf7a3b8779a36ee2f3da303411becc27d |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\uk.pak
| MD5 | 33f02db055c3f91148feee375acabfb7 |
| SHA1 | ca1dc284f41bc55cf35f94a4039008df9970d411 |
| SHA256 | 1968e9ed7722089330e7a8ae2c08f241aa106ed2be8948461439e6a92c330688 |
| SHA512 | ad16973e4103ced979276c6de175eb600241491ec9c441168e6375f68f8867d3f0eba422dd0ef6404208564015119f1e5e2500d5cf4ff2d8da45d713ed8c251d |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\tr.pak
| MD5 | 4e7c047364c7c4809242741b98b28092 |
| SHA1 | 4ff1b303476cb75d8190568c346e8cc2e452da14 |
| SHA256 | 6a25be43b786ab853f8081c53012be623543830cce5ccd246ec040d98f22b852 |
| SHA512 | 4624cec04114c15a72a804fa4966fe61303effe97039337273ed0dc99e8a6a685ca5cf5fa901a84c8b219d443f1a89e6e7cbe09eb21e7ecff662301067a6cefb |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\locales\th.pak
| MD5 | 96212a5191b7062d1620388acf1d09cd |
| SHA1 | d3616b6c4649dcfa347df0473e64219ccd63e63a |
| SHA256 | fa5f97bf433df481a6257fa39ef8dcc7961c5d5a83008b02c9773836d7bfc96c |
| SHA512 | 5192c36317c3a50696796c7286f77b1a02b7a0f83abb16ff7d47ec94281b85ee2fb29b9ddff7c4ad8b28a2a757772bd2bc726b10c19658ab672966679d391508 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\resources\app.asar
| MD5 | 45521cfdc0f0979a1fde10a1bf163b64 |
| SHA1 | 4f736d4fc78020a8a8df6fba1de46c95ea0c50be |
| SHA256 | b2c42f78307d22cede05b010e4cffaaa70e9ee469c8279a3399a6f497d8cde24 |
| SHA512 | d8fe5278fadd3610cd379c352c2dfd6f16f01f3e3512c364dbebc8c9fddbc933203a5e424df65f6678243f8796bc0c5b509f1c648a11989c740a5dfbb52baf31 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 1e401ccda5b723ab8a595a54f7d2531c |
| SHA1 | 127716680dd16f776b19c2306d716935e54c5100 |
| SHA256 | c167a458174e2a280c39d7af31bd109e8e2921032a687097b584653adc33ab21 |
| SHA512 | 1f2f35021f338aa7c5a0ae83c196217fbca6b1d017ac1bb4f1eebb93bd6e18c5d74c1a14bd4899d7a91d054b0139b2c4fc3271c35148ad1d8b71139aff0132fc |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | be1b6fe26a1b5a3e1302c26ce5ce53f3 |
| SHA1 | c3cac08e89c4cc91eae1cc87e33a1dea723f1d78 |
| SHA256 | 162abe61314e720384d8cdd43190a89df8a96de52f3ede7b6c58998f615d8546 |
| SHA512 | 07dca111391dfb6b7e90d4be02071bc625128eeca0b9d9a3cebdc7916baec9f95cbbf906f2533befd6b62b9bbc69488ffa720f8d40c9710dd3b7d540d9dcaa55 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat
| MD5 | da0f40d84d72ae3e9324ad9a040a2e58 |
| SHA1 | 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f |
| SHA256 | 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b |
| SHA512 | 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
| MD5 | d226502c9bf2ae0a7f029bd7930be88e |
| SHA1 | 6be773fb30c7693b338f7c911b253e4f430c2f9b |
| SHA256 | 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f |
| SHA512 | 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest
| MD5 | 8951565428aa6644f1505edb592ab38f |
| SHA1 | 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2 |
| SHA256 | 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83 |
| SHA512 | 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5 |
C:\Users\Admin\AppData\Local\Temp\nsz5E8C.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
| MD5 | 71ef0babe31049e07d843dfea1ef6052 |
| SHA1 | 483bf1f696282766d27a23b49d9520fc48852789 |
| SHA256 | c4fe6fb736e51eeab98c76e809f39e6c36aa48d2b4308845bbc87129fe201dad |
| SHA512 | 3fba5f9fd014232059cdc1b4199460eb70428d5360a4998730f579db3a28a775b6c6fd8a779d4d7035f291b8f2ef4bd7b3039c4ce085aa1480af02aac7a6504b |
C:\Users\Admin\AppData\Local\Temp\ca90c6df-5a37-4658-828e-7827bfd3c5e7.tmp.node
| MD5 | e4c111d47eb54b62dab8cb12540b9e39 |
| SHA1 | 09be3e7d9eec1853dc628c8c3b90e7b670921029 |
| SHA256 | a05338fe1e0eb08230717ad2f3587a5c1cb4bd10a673c40a3059f70ae0e7e6b1 |
| SHA512 | f9ec1e62c08425382b48320d2fb1a7fa412dea84825cc49b0297d5c6cfdcb80f32c54de28ac59e7a4c7557ae9900a8d3860fc7d23e486bcc28e603787d9f0f79 |
C:\Users\Admin\AppData\Local\Temp\606c23a9-fd3d-4290-b8c5-0b2b87d2042e.tmp.node
| MD5 | f1e751eb4dbfa4a1b5f4903315fc535a |
| SHA1 | 85e1166819678f839954c473d7eb363a99e24a96 |
| SHA256 | b8c24de2fa870ceb677f30da0eabdf20745d0a9ebed98f49c52d881383c75096 |
| SHA512 | 2349745a84bc2b2f9c2b96999d48e37242a6c3627d7898cd9a36e682e36ec12553713db7167b3a9cd20ec308ce11d84f09f06beb3e971823d8b4a959f457b182 |
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
| MD5 | 7a6e14ecd7633fd15dc39d926c0535f3 |
| SHA1 | 15f29a5a141a69d9aa766322644815249cffbc87 |
| SHA256 | c662435c7cdafe7cb5e8517b088465a2a3e72f3b964b6ebdca6ca5f28d633222 |
| SHA512 | 8ce3feb094e56d19735a6dbb0edd8c47fb370e3737548edf672304eefe7f434785e6deac95a61d06723d238ac24ee65700e16c0e88e161b6dde4dffd5f10d92f |
memory/2340-572-0x00007FFABB8A0000-0x00007FFABB8A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
| MD5 | 7c38266afbe7eb05792c4e3bb09e47ef |
| SHA1 | 87140d51e63748d30aae1062c2101a5dc428c6de |
| SHA256 | 2fa7e5797e0cb50ad394d5b0b5f60f60e3bf1bb9cdb84df65a6583188564f0dc |
| SHA512 | dad77101ce9088424e8430668eee7034bde70d13e8f59a69b01a3e27b3824bcbcd830489b3a971e728c7aff95e2c0185c6e592f9aefef46b095628d3d9b3598c |
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
| MD5 | 27bec05b3ba88eabf50ddc590e7349ea |
| SHA1 | 0765209c3de242bf596b34e787543f69e7c5514f |
| SHA256 | 8b4d1b9092142e030ef421f0702ad3547b0c61ba53f7046c9ccf6e55438937d5 |
| SHA512 | b1b4e01ff6d6c3862acd9e474826ae7170169b8762ff98dd4e44ce667321aa8e4a1142b636de45a81662c7322342c10f0db23beac307081c71eb94c2b055ae48 |
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
| MD5 | 6957a638117c76c358b10f79b32fa024 |
| SHA1 | 9c2260bcd25e70734492e6010c3839eb067a7862 |
| SHA256 | 2c7388649e45ee7947e4c95ed41a00e1710fb9753038e31425271652cf2391c0 |
| SHA512 | 5ca8a0d74eb1c987b9de24240f38d6b66c4ef8ec9957eaa0d3ba1f002b0886c0a201ab30577541048a0a9d0cc883f2cfbe13c52fe5d27c711ff156b13958a966 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\e358324b-a5b1-45e9-9e52-bef1e22de354.tmp.node
| MD5 | d4e6004197508892d18fc47645b25f62 |
| SHA1 | 1afceda2531e593c00de7ab994f928a150de5b4d |
| SHA256 | dc29d32decbd161ea4ff1e645d3fdf7a1ce3db0ee25e5485bc19fc775922b71c |
| SHA512 | 0be017eaba3764eb9f38e78248528a9e025958e713a8eb4a8f9b03d087267e107ceef8525a4ecfcbb684b077145fb0161e5dbe05f9fd95f8f94a140fe3ceb8a4 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt
| MD5 | dec2be4f1ec3592cea668aa279e7cc9b |
| SHA1 | 327cf8ab0c895e10674e00ea7f437784bb11d718 |
| SHA256 | 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc |
| SHA512 | 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66 |
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
| MD5 | 902e236a3fbaf609d56450915cca3e52 |
| SHA1 | 28ae922824a18c94fc6eedff164ebde576e48689 |
| SHA256 | 28a9359059919d1ea3dbe7eaa736842ab8e46043a0b208691b28a3ab70ff6506 |
| SHA512 | b14c6965368ad9422d9c28ff087aa4b30b973f7fae0c6b0022a503cbcc9de350c00c8628ed4c4bc4efbcbf7b37d138423fc3ee9ed0264963f193251e4bf8e2f8 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt
| MD5 | 810ae82f863a5ffae14d3b3944252a4e |
| SHA1 | 5393e27113753191436b14f0cafa8acabcfe6b2a |
| SHA256 | 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c |
| SHA512 | 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112 |
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
| MD5 | 168acdc3fcae1a5ecfc51eac31d60a78 |
| SHA1 | 059d52b44c9031e153fa711d31cd942b8bbb2190 |
| SHA256 | 4f419b3242708045612e91d3f3ae9a992abe6bc50ff08acd898b95ecb4ef7f41 |
| SHA512 | 26eb521aa6f42a6a8f5fdcedc29f019bfed051b4f4311359ff0e76abbbbd62112636a78f030ef6eb203fc4f4a79f2335e108799dccf197b21df630306dc138c2 |
memory/5064-722-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/2636-723-0x0000021A25FC0000-0x0000021A2606C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log
| MD5 | f3ac7a0e31b9af1b495241eff29915ad |
| SHA1 | 286fe23eba741cd3fca3f3e9a919021946655392 |
| SHA256 | f134296c53650817d3b2bbd04fd77b8833b76e79a953a1d14f7a3484bab5f12a |
| SHA512 | b21d4e091140025f7ef2e96a3e3228c788ecffe43f4bcc5d1a15826686a392d9e0ad4ead4ed19b88c92fc9fd470014b15a79b9a82878d03005da3681b8dd9210 |
C:\Users\Admin\AppData\Local\Temp\2024311-3148-1n3pfob.6g3h.jpg
| MD5 | c87e8e11efcf9b8fd2550f467802a3c7 |
| SHA1 | 0d41109d7d3529521884fbbb6455fb82272c1b9b |
| SHA256 | e4963d6ba460643d3a85693c6385ec6b873773e1021a5c170660abdbcebb9d85 |
| SHA512 | 260dc7b038def6c8988dd66c40c17035f3949e46c4d2542186789283c55ffbc31150c583cf976a1c6a6def52fda1f610acfc7f3ad0781f85b43ec5d8d7652d02 |
memory/5376-751-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/2412-760-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/1788-774-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/316-785-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6292-787-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6712-810-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7076-818-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/4864-829-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6992-831-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/5020-832-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/4572-837-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6692-845-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/5020-847-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/892-879-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/8012-894-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7916-910-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7732-911-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/8124-922-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
C:\Users\Admin\AppData\Roaming\Ghostbane\Network Persistent State
| MD5 | 92077f3a69a05a5af854b57a79182198 |
| SHA1 | c487a30d4aaf58fd02e8e2d74c3f18968b73eba6 |
| SHA256 | 36143b917b79b87bd1a89a6bd0c7b9ff3469d4c33175556b00c2a757766c8a8d |
| SHA512 | 829e97a584f9829dd06a299dc15b6445ea1dfd7995735643e395afbfd67df680aee4aca8a592682fbd626b85b6c5ab52594f7d89acab2e1aaddb36f3a13beb31 |
C:\Users\Admin\AppData\Roaming\Ghostbane\Network Persistent State~RFe58c06d.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/7924-927-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/8104-921-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/8104-909-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7592-904-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7696-903-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7520-902-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7452-901-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7324-893-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7472-888-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7592-884-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7520-877-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/1432-874-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7244-876-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/892-868-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6936-867-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6692-866-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7244-860-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/4572-859-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6556-853-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6936-852-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/464-846-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7100-838-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/4864-839-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/456-830-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7000-828-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/2636-824-0x0000021A25FC0000-0x0000021A2606C000-memory.dmp
memory/6848-823-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/7000-809-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6292-808-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6544-805-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6848-803-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6712-797-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6304-795-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6544-791-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/6304-783-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/2412-772-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/316-771-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/1788-764-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/5548-753-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/5476-752-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/5476-743-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/5376-742-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/5136-741-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/5136-732-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/5064-727-0x00007FFA9A5A0000-0x00007FFA9B061000-memory.dmp
memory/2340-721-0x0000027E14550000-0x0000027E145FC000-memory.dmp
memory/5064-720-0x00000000005E0000-0x00000000005EA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RES9F0F.tmp
| MD5 | f7347c7c46706f209c96eb4bab0301a1 |
| SHA1 | f3580dff8699aece908b7acf5fa9ac1df78eda35 |
| SHA256 | 07279faf112e2fe401e4358ead93dbefaf9747a62d2f07a8bb1c64b82bd38be6 |
| SHA512 | e69d30980da950a5d52641efe88f3f79a7ade51e34fd905b9c45711b39ea72a5068433dc1bd00856d7008a05eacb6c3ac92d3fabe109f899db6f46da2f8649fa |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC52F057F080F54BD39413C26D5F34978.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240221-en
Max time kernel
117s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418986431" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00cda467eb8bda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8707DD41-F7DE-11EE-B91B-6A55B5C6A64E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000001b3929138c43dbd52fb0ef8b85751c89f14de4b102566ce9df8ca2e7bda49800000000000e8000000002000020000000d8fd8a2c142d1170659c78e51419b89f04609c322390d950c083829c7298da4d2000000002ec30c9a7e83f9ca5fc7cb20a6119527f9eeee407b37ea5bdb8123d3c2e17b2400000005a19b7678c35fe7099cd04ab7e6a8dcf8e0b104418e5bbfa8ab4f2533712cfb075ecddb4c54dc7611c84793c8d79acc62039313116ddc5903e2cf8269fc04094 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000b02e92819e514128f2b3e06c4f5247b3ad61abc91b49964d13cf02280a4f82f6000000000e8000000002000020000000bdf52fe946994af5258f5280f6596b26c224bf23b2d9f4e6567b78c9aaae0a0f90000000ff96562acd2e8cbf5092ab97f7559d33ce5e83de3c0e88e60d900fde4a846b42b0a39c085f1b41234be0c3be59a6e3e295d8551ad8c7aafa4b9b7bce16db1a8228e3b6169b7ab245532e6fa2e1aa5bb40c6f05ad54fa4f426e95a0810a0ba00b82173d77a44bd15d573164509c6b4c570f7f81f76b2d1788f98a9c12f10d5dd3ead2a07f8d6cf89f8a1da6fc9c12299040000000f5b13a2ed4f74f323010a7ea097f21d47327f2e34d19a8a9b1e347a7b1f2f9a200defd0d393e5b1d7843f5fe452904c04ccc63c110e396d109c4f4f8d9ef793c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2736 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2736 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2736 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2736 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD606.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\CabEDCD.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarEDE2.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f77b50929b4c186899a876518cf8310 |
| SHA1 | 1c766f62b44de66324732b30300c3eb8837599a3 |
| SHA256 | ee45a13e1ab94c0532f89c8c6399ec78de318d694dd658a948d784cde67ece7b |
| SHA512 | 74e52d67e02fbec18f56854fb88c5170273578258d21a850c35601b2ad59301af70d36c9f5baf2624596bbe64e67c167e8eff81192015a5712d4ad50ae1585fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 680642976dfa1315d8078264e61aff6b |
| SHA1 | 6ded8b6fbc650892e1afed0ecdef2e34afb9e92c |
| SHA256 | bad1c6b07f104a7fab72f34e5d305a0ccb89d36f40ce8ab0174d77216cb552fd |
| SHA512 | 42a91b4fa4133e103c71e079c8660308fb85376dcda1f2c8aefd9a02ac321298c62520c5a29aa78512098b70602edc8c026b09a57c73b2e56dc36b1d3d0398e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8b3462c78dea31728aa99b2777b8356 |
| SHA1 | 33258a3143e1dd52b44890f4d93d63d6dbe0dba1 |
| SHA256 | 2ae6e5acd5f18c1046e54143cb1da6000a7c3d2a6eec0d2a94a443d35e58e88e |
| SHA512 | 8c5a84df2fe9e076e6f80dc46e437fc81aa844b51f086d26d53c2b87a74784211c8e52b705370d26c7a5fdaf26850dad01e1eb9fd28d2ed3300bae806cc557c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c250d5cd045cd61e0c4009d29fc8ddd5 |
| SHA1 | 8af06bd2d281c2d317091efd693581238da49f1c |
| SHA256 | ace7dff666c3248d44c1d6b3492ce12dd01170cc0463161358604a24726ce001 |
| SHA512 | 9d81813c8cbea3f8df59811161e6ee24f1eae183982490b8d13a7bb2d1f03d335232deb0e71a9e9b66803221cf4de1614309bd99532a552096fc0256734f6983 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 003febb56e7939dd3ccbacb27691e905 |
| SHA1 | dcbb3985ee56ce0a149d859492e5cc16bcad7d36 |
| SHA256 | 20186cb7a921a984003303d6819189e9558ea13fcb04786befe6c61df643ba44 |
| SHA512 | 13782890c2b0490049ea7d823fc8de7450d221d09e995ad81ad5f6853391bf5b581be52acfcfab9520c010512d0c68e8d4851079a532ff067a2190cdf756dade |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2995b9105b99e3223e6ed6a1d6962319 |
| SHA1 | f4b5974bb2b50548e40a03c393fa26c04be6f747 |
| SHA256 | 568dbde6c0a2c3bc7fa4b89d65f3396c1c49b555431da026831b7e54141571bb |
| SHA512 | 5555e79e14752c1eb6242c55e5aa0dff8b7df3553d70a62782327d6410a6f1e4c2a34b848218e5fd1c541987df76d2d65a4ab727b3796103ff7f5e02c7aa8872 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ef4708002925de8323a82b9de772a45 |
| SHA1 | afbc4ebe0f8a0fef0b20ca29293a03b5ff5526d7 |
| SHA256 | fda94521be264bc37fb4b5d14b73d199032d8cdec0f6764ace5ddea7b62e85bf |
| SHA512 | a72fd6492e7f0df16b73eb8b3f92ed093977ca9f6bf482676dadc0d06bdf767fbe8f71953e0738aef0afadd1ec91ba63ce8c76b80fbad05c003a4a089d5c0f96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50938453e361c3d6ea81bd3ec112b6d2 |
| SHA1 | 9a1c0488d409df8108ff67bf1e2a4bbb5b5e3e01 |
| SHA256 | 6a424e9991335e29adfca783a8f814ac2df89d3116376c66a989fb11c5b15791 |
| SHA512 | 7005128dcbb5d6ffd45ecddd6abe6dc7ca380e5a189cc820d9fc0d85041f5f0c382d11e3e9e1869edc9093896f91cd0b829a7119915b17b8e5df75613781d439 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d99b890738266ddcd7bbaee79aa8d64 |
| SHA1 | 81781cb642fcb28b06411d1b140e49bb4f34982d |
| SHA256 | 7d81ed8e83631d87a4950f29d45bbabf2c20e49c526ac8cc9394f5cf91afa322 |
| SHA512 | 1032d977b35b578f6da7a6b888c68747910cfd2b59eac6e68f4b8cb184610eacec3606fadde6f13e10ac6273ad16227c493bb797826fe22e3d213dfa27deddea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b614e9fac5eda3b7fb2db1c93771014 |
| SHA1 | aed142e933f2f3c44a0d506e0bc06232df1cc172 |
| SHA256 | b577d1adf7a7eb64ab74bc9585a3d48ff4908fc9278aad11040d364ed40bd3e7 |
| SHA512 | a4378c8beb3783de82695626e320bae46b0dfed1bf486df9d17cfd907575c97fe15a1639af3d5300bdf97cc62142d7868172b5832fc878097c6bf9600c7da756 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2b93ee3b7078aa66873d9361757ebee |
| SHA1 | ad58efa5cc0a7a89501a306d3de781dac15bd0ba |
| SHA256 | 886e12c9e1f096a726cf4bfa807e6daf74b2b8740313be5d6de77d80ddacc3bc |
| SHA512 | b5d5c0ebcdab812b3154bf25b907a94ee944ca842186c09e7ed657caa745ceb294cd931bd52fd1243c0541ed1c7f68eb36ad90132883d39d5b60bb5d8b733a51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22de842b0849282467746fecfe583b44 |
| SHA1 | 59321fd5da580e3732de24ac246a73a2c7db999c |
| SHA256 | f444f1fb14a2c61c89ef1f88e35454142c8d20d6f9fe811387f37d6327a9c5cb |
| SHA512 | 268b2e15af1856051225fa7dc927e6649d304adf170b661f65b08e5c65c59ccfac3cb5c9c1d4be326fe4d362e062e78798a10a1b304628e481daae4cbb4c024f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef4bf7dd6ea9c22b38083aa21289f4fd |
| SHA1 | 29d1cb60b11bd0b092d51291f98140bf0a3c6083 |
| SHA256 | e40fd0324c5c4be4e2b46fc1c71812a2dc816c9c464e93a28708b59e806e02ca |
| SHA512 | ff0ad9ae70e0940b2cc7d0e89280f4c63421c57d7ab4a63782e3a4adf0e1af7d767fbc043f9b5d75c23789d3855961a59e2a9daf6b776dbdb7e41c5c62aeee3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 600e2c19e11fc58276117b1261158d54 |
| SHA1 | fb1fe79a322bc06af110daac52667b127fba73ae |
| SHA256 | 4f409bc4eb73a05ed6490da5cef848d71f4f0dcd42bf113d9d4958c933f41e38 |
| SHA512 | 2a95e97a04e931834bd0c7512ffccf24b32eb511223e04c1a2013570d3bd560647a58410200f9ef9c3d251f385de25980673d7e40436d64869b107058ee4ae93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0024e98739accfaa54fd18b484f76a65 |
| SHA1 | e099798d63e703125855da159c8e4eb854e72528 |
| SHA256 | 556e0645149444eb70453166e46e62770228c98415988eb0fec639f88447bfa7 |
| SHA512 | 640536515792c610717ed92e79b879a09db75f7f5346ced9ad62dd267154a9740e568cc7405567b7988f42fd3e19bd3eaf82a080b9afd4a3638191a733193b01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98bb8ed7c41763dbfaafb7037d7f172f |
| SHA1 | afdd07320a98e705d479635af32629b525ada46c |
| SHA256 | 97b4d7fd5a785b36e76abe9535ff679164a466b67484e44af5d79e4629a470c0 |
| SHA512 | e5fde2dc852739dbb113f11416f052621e3fcf750aec6132960def3a3f9fa962c5a26ce0e70b39c7c746245785e2f86b2465bc4fb2ade1ee898a265934306bd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9124d72600c56fb793bb6378c334b4a4 |
| SHA1 | 6cd8513ef7e6d6fd9ef02cf99bdb4b0ff3225485 |
| SHA256 | 6504a750af870692ba085786c34267c2916914f790cbc970de3535a666844040 |
| SHA512 | f5ecf1b9f16dcbbbeb5fe00c9be2f331e77fc6b228c0838a3ed870d823198cd98b5c4e89a5a935d5c599cd23df7a057f4c044ed5ba4d5ede9b78e64c2592fa0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 002fb6296b7592d16f042a22ea6dfe03 |
| SHA1 | b6ed8969755bda49548baa5708293fc1ae7ef2e4 |
| SHA256 | 80dc6f86572a893a39e9b95b648d43bb3ecaed446663d5f2a24fb6c271646b23 |
| SHA512 | df215c83d6ea23b57cddd757642287a5fe960bfa1709ae32e210af0c62e454878b6bac18aa52dfc6367a1fef10e59871c92477ee4f563d3717e7460af0d7c51e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3e84ae7bdfcc0fe2f3827c71a577c78 |
| SHA1 | 413b1c98fdf5f94de5ecf3ead644a0463e8a7f71 |
| SHA256 | 1524304ed184cbf92c44fb87a1be19ed1a9e80079a22aa0907c87e441b97beef |
| SHA512 | 13d572eb3a0269c9e817c6354fc5b6718174dda1111bb5deed451669b71f5fe7161fdaa1a44f9f5610e93e3db962a0fbb2b28e1e43a8f5503281e1c386217c1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49ef872c1c67afafdc61569fd617e925 |
| SHA1 | b89c7c9410d0aa8e25204380ce182f2c4a8b3a26 |
| SHA256 | c65c9787b1a45256fa9544816f76146199605452430c71e84b3139c6bf446262 |
| SHA512 | 8bf415e168eee01c2d55c56114da0fc3eddfb25f08a5db59b5498572009f378ad497120fd1afc7b174639b6437d900f091d83daf381e527b9cd00edac6c845ce |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240220-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Enumerates VirtualBox registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\SOFTWARE\Wine | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
Enumerates physical storage devices
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe"
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
"C:\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe" --type=gpu-process --field-trial-handle=1072,16677055223325137418,6405857931281607202,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
C:\Windows\System32\Wbem\WMIC.exe
wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
C:\Windows\system32\cmd.exe
cmd /c chcp 65001
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-xfvfpn.bvqp9.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1cki7fp.sm1yh.jpg" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES472E.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCA1586D95432D404784B253D48FF0DCFC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES473D.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCFF2EB0A19848B3A841B35225F08F9A.TMP"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1cki7fp.sm1yh.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-xfvfpn.bvqp9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1tmfsl3.37q1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1tmfsl3.37q1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1nugxt5.hjyn.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fx27lx.umvcw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1nugxt5.hjyn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-i8k7kv.nulxg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fx27lx.umvcw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-i8k7kv.nulxg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-d81okv.lkith.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1tnim12.3e7jg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-d81okv.lkith.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-g0q5fa.2xfvq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1tnim12.3e7jg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1oz1l3y.rp0h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-g0q5fa.2xfvq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-51iin5.mkc08.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1oz1l3y.rp0h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-gl9tr9.b3z1g.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bhsgee.l7n8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-gl9tr9.b3z1g.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-51iin5.mkc08.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bhsgee.l7n8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1a36sfi.yvov.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-gwg0h0.qpv3l.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1vcwwy9.dvtv.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "921202424-177877231617648151681907253441198735670-1800116871-569576841639657233"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1a36sfi.yvov.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1vcwwy9.dvtv.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-gwg0h0.qpv3l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-d3zv7n.u32lk.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bpb568.d2z7n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-d3zv7n.u32lk.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bpb568.d2z7n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-wabppf.dju4a.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-t2wui6.hv3t.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-wabppf.dju4a.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-t2wui6.hv3t.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-txie3z.lsgh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-txie3z.lsgh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ovofcm.gmb5.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ovofcm.gmb5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-16rlu8h.oa8h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-16rlu8h.oa8h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2un1xw.mfly4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2un1xw.mfly4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1f0bihc.e6y1.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1f0bihc.e6y1.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-v9ufmj.aq1ga.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-v9ufmj.aq1ga.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-a00b0n.ttsj7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-a00b0n.ttsj7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ovoyzf.6j90o.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9886811131056365857-2055659420-1008295678-1273143238-2135974481-14260899312042215206"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ovoyzf.6j90o.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-17h69g.yo26q.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-17h69g.yo26q.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1r7vxq5.bq7y.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1r7vxq5.bq7y.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1oxrnwt.d5cdi.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-11u7hdq.s6tp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-11u7hdq.s6tp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-jpacru.iogrr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1oxrnwt.d5cdi.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-jpacru.iogrr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1pyd5pd.5n7o.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1pyd5pd.5n7o.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ttn4rv.vn9a.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ttn4rv.vn9a.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-gnfajh.vimij.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-gnfajh.vimij.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-tg7eyf.7dtn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-tg7eyf.7dtn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bzp1bq.onns.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bzp1bq.onns.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fovb3x.p6cr9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fovb3x.p6cr9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1hhrhyi.dx4p.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1hhrhyi.dx4p.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-hznyia.4v4z7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-hznyia.4v4z7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1cu1bvl.86soi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1cu1bvl.86soi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-od6b7z.1zqyh.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-10gfkqy.f5eq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-od6b7z.1zqyh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1rngyn8.n99v.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-jvihj8.9mgh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-10gfkqy.f5eq.jpg"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14693536012272910651154402330-19686507221344458793-1215196691-360096473-664136998"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-d3t998.yfdh8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1rngyn8.n99v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bvwiv9.l6x2e.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-jvihj8.9mgh.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-d3t998.yfdh8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ryevgj.cdhgs.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-f8g0ky.zyk7i.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-hosijg.tl0r6.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bvwiv9.l6x2e.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ryevgj.cdhgs.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-f8g0ky.zyk7i.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-hosijg.tl0r6.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1k19yf6.q3rui.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-184n07n.hwuzf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1k19yf6.q3rui.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bqmepi.vzsof.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-184n07n.hwuzf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-101u99i.u762.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bqmepi.vzsof.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-101u99i.u762.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1gfr483.88iz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1gfr483.88iz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1vlqq3i.ex8j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1vlqq3i.ex8j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-t8gq4t.1u6lk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-t8gq4t.1u6lk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-my0brl.kwur.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-my0brl.kwur.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-177p1kx.nbka.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-177p1kx.nbka.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-10h7wr9.xlhx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-10h7wr9.xlhx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1lnlz1r.3prp.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-308850661512165864-155348807113182967252142279162-1578600249714010434-1542731839"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1lnlz1r.3prp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ud3aro.q9me9.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "106564334923668849511535742681292732962015862962-388659773330312681601460431"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ud3aro.q9me9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2nkj87.eobeo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2nkj87.eobeo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-z69s1h.gl41.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-z69s1h.gl41.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fzw71a.wk4z.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fzw71a.wk4z.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fzmpdq.in68a.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fzmpdq.in68a.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1pa9e4a.t215.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1pa9e4a.t215.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1c8jn9u.75olh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1c8jn9u.75olh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-n0m8ug.lrkns.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-n0m8ug.lrkns.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bti46f.wxkl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bti46f.wxkl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-lqwmea.lw1qb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-lqwmea.lw1qb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-z1m6ux.ws9sg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-z1m6ux.ws9sg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-82zivv.3rtgx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-82zivv.3rtgx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-i2lcud.lv04s.jpg" "
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1066071491081808620-1472670324908880147-412028171-161783885967585694-912954441"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-i2lcud.lv04s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-d1mz8n.169xt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-d1mz8n.169xt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1v1upts.3x7s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1v1upts.3x7s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-t1yd0t.7lda.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-t1yd0t.7lda.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bklg82.bxfe4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bklg82.bxfe4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1cnluql.p7wh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1cnluql.p7wh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-s31u4o.ojhnf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-10lpsb8.2abvk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-s31u4o.ojhnf.jpg"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "38589845721375917281701873586-552253752-7727942152330799771882935476-477930594"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-10lpsb8.2abvk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15ke3tz.86ao.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15ke3tz.86ao.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-tpmccb.dmz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-tpmccb.dmz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1knmb1i.tyzi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1knmb1i.tyzi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fiusrm.obz2u.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fiusrm.obz2u.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-17dn6q8.5t01i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-17dn6q8.5t01i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-qjqhgp.3b1n.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-qjqhgp.3b1n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1fbx6nq.y22z.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1fbx6nq.y22z.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1jvt4dc.jriz.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1jvt4dc.jriz.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1hreuzo.c37i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1hreuzo.c37i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-mv4hx2.lpzso.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-mv4hx2.lpzso.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-glx1zl.zprl.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1hx7dy0.u2wy.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-glx1zl.zprl.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1hx7dy0.u2wy.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1x9lkpl.vrby.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1kzpjo5.xjh2m.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bh2zp8.7aloo.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-87mqd0.af27g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bh2zp8.7aloo.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1kzpjo5.xjh2m.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1x9lkpl.vrby.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-87mqd0.af27g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-d0y69h.dqlte.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1wngmmh.1xdb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-j3wbi3.i0c0i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-d0y69h.dqlte.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1wngmmh.1xdb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-zysi1x.57tw.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bk7d22.ntp9q.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-xxcyat.lj1fb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-j3wbi3.i0c0i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ypphej.fkjm.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-3ick5t.gt6u8.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1simkae.yqhj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bk7d22.ntp9q.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-zysi1x.57tw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ocv7ng.b9ga.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-3ick5t.gt6u8.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-xxcyat.lj1fb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1u5hnen.sbl8.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-7rpzdk.rloqw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ypphej.fkjm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4ncog6.c8egk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ocv7ng.b9ga.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1simkae.yqhj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-iow3og.80usn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1u5hnen.sbl8.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-7rpzdk.rloqw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4tc39i.jqvvx.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-lxs5kr.6bmb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4ncog6.c8egk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-f83bgy.5msgf.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-xz4vm0.hebqq.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-yoqlb8.dare8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-iow3og.80usn.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-lxs5kr.6bmb.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4tc39i.jqvvx.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-f83bgy.5msgf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-yoqlb8.dare8.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-xz4vm0.hebqq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-6eqe5d.tkb1c.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-9sv9n7.kks2t.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-6eqe5d.tkb1c.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1d9he6k.jvdl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-9sv9n7.kks2t.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1d9he6k.jvdl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-yyshju.pkxu.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-h2gov9.3sn7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-yyshju.pkxu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-zbal4q.jbrbf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-h2gov9.3sn7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1mm8un8.0puu.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-zbal4q.jbrbf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bl3g24.k1qjs.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1mm8un8.0puu.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-bl3g24.k1qjs.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1h1gyoc.c540j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1h1gyoc.c540j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ms451n.e0zw.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-j1db2p.urz9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ms451n.e0zw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-j1db2p.urz9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ooumxs.g105.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1j4yoc6.p4xo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ooumxs.g105.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1j4yoc6.p4xo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-11kscvn.buh6l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-11kscvn.buh6l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-tt1rva.gmrh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-tt1rva.gmrh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4ifrp5.i024w.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4ifrp5.i024w.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-knuueb.o7bf8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-knuueb.o7bf8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-17c85u5.2si3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-17c85u5.2si3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1s4trhf.uxxg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1s4trhf.uxxg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-q8kua4.1xxf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-q8kua4.1xxf.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ty7bfp.jhd3m.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ty7bfp.jhd3m.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-dw9g5r.wsk8v.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-dw9g5r.wsk8v.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1205in7.7zt4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1205in7.7zt4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-l9lwq5.ke6m.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-l9lwq5.ke6m.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ge7s3j.l3ldj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ge7s3j.l3ldj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4cfmr5.7cpy5.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ppxkgh.3oe9j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4cfmr5.7cpy5.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-19ey7du.f9rp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ppxkgh.3oe9j.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-19ey7du.f9rp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-aw2lyp.qslx7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-aw2lyp.qslx7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1kl3uzj.867f.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-m1e3bc.q5mi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1kl3uzj.867f.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15e7z8k.ctme.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-m1e3bc.q5mi.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1pqoaa2.p9iw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15e7z8k.ctme.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-a94fkv.i3zxu.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1pqoaa2.p9iw.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-a94fkv.i3zxu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1w01xy7.s54qj.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-cn44c9.vp9w8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1w01xy7.s54qj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1esvjz4.8193.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-cn44c9.vp9w8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15fft40.k633.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1esvjz4.8193.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1np5cyz.zwlq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15fft40.k633.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-dhae3q.wbi9j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1np5cyz.zwlq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-135tfx2.74op.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-dhae3q.wbi9j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ehytl3.da3i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-135tfx2.74op.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1p8dizi.v6j8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ehytl3.da3i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-vnh4j6.h160a.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1p8dizi.v6j8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-141byim.xnm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-vnh4j6.h160a.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-6tvtva.jk6tc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-141byim.xnm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-zhuigf.gujvf.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-6tvtva.jk6tc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-hpfvle.97028.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-zhuigf.gujvf.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-hpfvle.97028.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1tcia6.fpeov.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12zpca4.q99g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1tcia6.fpeov.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1hldfh3.bwfd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12zpca4.q99g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-an0vyw.xvw8r.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1hldfh3.bwfd.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-an0vyw.xvw8r.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ccpdp4.ybi2s.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bt8rbi.3h7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-ccpdp4.ybi2s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-tphm8o.jhrds.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bt8rbi.3h7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-dic3cg.vltst.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-tphm8o.jhrds.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1rq1ny5.2cqp.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-dic3cg.vltst.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-wovi2q.lbf2k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1rq1ny5.2cqp.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-14fg1dw.m625.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-wovi2q.lbf2k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1u3reol.p7ky.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-14fg1dw.m625.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ubo8pu.0qj3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1u3reol.p7ky.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1u4q673.r77j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ubo8pu.0qj3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1i5nl39.vyg6g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1u4q673.r77j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-hgv220.3wzuw.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1i5nl39.vyg6g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1w9nfo8.mi1v.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-hgv220.3wzuw.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1yd7yp7.s68s.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1w9nfo8.mi1v.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1yd7yp7.s68s.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-gfdzky.aoibn.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-13jycgh.9azh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-gfdzky.aoibn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-w0ujri.mogsn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-13jycgh.9azh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1fk1nrd.epkb.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-w0ujri.mogsn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1d4ph4o.bbh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1fk1nrd.epkb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2uldl2.21c1l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1d4ph4o.bbh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ij31fk.mpi.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2uldl2.21c1l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ijddsl.ltxx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ij31fk.mpi.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ijddsl.ltxx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12eea6t.uxfb.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1dqqzgc.cjhxk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12eea6t.uxfb.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-lg2ju1.tia7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1dqqzgc.cjhxk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1yirl6p.a5dc.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-lg2ju1.tia7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-v341hj.u71qk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1yirl6p.a5dc.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-55xanu.h6px7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-v341hj.u71qk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1keon6c.ox46.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-55xanu.h6px7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12hot5z.ti99j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1keon6c.ox46.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15vez0.ja3ne.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12hot5z.ti99j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-13dwhl3.yrfx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15vez0.ja3ne.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-13dwhl3.yrfx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-11yn37n.5j9n.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-qgas39.wt82.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-11yn37n.5j9n.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-mlfimm.th8qg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-qgas39.wt82.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1lon2bo.qsam.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-mlfimm.th8qg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15zc9hw.jznu.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1lon2bo.qsam.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1p0j75z.m3ptj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15zc9hw.jznu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-wh5t9w.acoqd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1p0j75z.m3ptj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1cs1tkz.azo4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-wh5t9w.acoqd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-3tnkq7.1skhl.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1cs1tkz.azo4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1u8x57e.khv7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-3tnkq7.1skhl.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1c1gg4d.9f4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1u8x57e.khv7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-tne9ub.gkkd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1c1gg4d.9f4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1knr1nc.lm3a.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-tne9ub.gkkd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1c3le6w.e3k3.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1knr1nc.lm3a.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-kb3429.ql02.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1c3le6w.e3k3.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2y4bmm.x5mqd.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-kb3429.ql02.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-lqmbo.0n1van.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2y4bmm.x5mqd.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-nqjzjv.hxjbm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-lqmbo.0n1van.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15xnuyq.0xmx.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-nqjzjv.hxjbm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-c1ajf8.m6o7g.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-15xnuyq.0xmx.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-q9yzly.xo53.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-c1ajf8.m6o7g.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1327x2w.ltef.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-b4mzs2.0oal4.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-q9yzly.xo53.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ir3a2s.2g5z.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1327x2w.ltef.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-b4mzs2.0oal4.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-h4z9nm.3czxo.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1ir3a2s.2g5z.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1l1sacr.3h9o.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-h4z9nm.3czxo.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-6jd4nk.kep5x.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1l1sacr.3h9o.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1mecjkh.wvgri.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-6jd4nk.kep5x.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bhjba6.lp9y.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1mecjkh.wvgri.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2ahskj.8u0ig.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1bhjba6.lp9y.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1nijizv.702l.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2ahskj.8u0ig.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-100bfeo.yf9nh.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1nijizv.702l.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1r4lca1.gw05j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-100bfeo.yf9nh.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-r3dudk.sfls8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1r4lca1.gw05j.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-r3dudk.sfls8.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1kgqjro.9pto.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1953fgy.6pvlk.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1kgqjro.9pto.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-g001b6.7tjm.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1953fgy.6pvlk.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12mrj8h.96oq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-g001b6.7tjm.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-utxcqk.4gwkt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12mrj8h.96oq.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1y660j6.iysg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-utxcqk.4gwkt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4gc93c.x4fe7.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1y660j6.iysg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-oo6i5l.088dn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4gc93c.x4fe7.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fevthb.u8.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-oo6i5l.088dn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-7t10pz.j7jbn.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-fevthb.u8.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-7t10pz.j7jbn.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1qj1g9i.wu9k.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12kg8vh.y8ua.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1qj1g9i.wu9k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1wxhdet.fa4h.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12kg8vh.y8ua.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12qc5pu.yicu.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1wxhdet.fa4h.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-pdtkya.1uf3i.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-12qc5pu.yicu.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-e0wn9h.t1kbj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-pdtkya.1uf3i.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-w8d7a.kwn05j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-e0wn9h.t1kbj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4tmjb6.opsm9.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-w8d7a.kwn05j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1s5wnvv.7rpr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-4tmjb6.opsm9.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-mzzwp6.jiyt.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1s5wnvv.7rpr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-nb32dg.a73ft.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-mzzwp6.jiyt.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-abe7go.ktsg.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-nb32dg.a73ft.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-19uj6i1.5k5k.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-abe7go.ktsg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-16b1yk1.tmd7j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-19uj6i1.5k5k.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-gvq804.4iu18.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-16b1yk1.tmd7j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2of7ff.2v9vr.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-gvq804.4iu18.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-129xbwa.0u2y.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-2of7ff.2v9vr.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-118fmz1.s5di.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-129xbwa.0u2y.jpg"
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-118fmz1.s5di.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-npn16e.fe0zg.jpg" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-esgde5.2woim.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-npn16e.fe0zg.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-dpdtb7.qrx87.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-esgde5.2woim.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1qxqq4u.zm9j.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-dpdtb7.qrx87.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-9c6o6d.70xyj.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1qxqq4u.zm9j.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-1uj5il6.eywq.jpg" "
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024311-2152-9c6o6d.70xyj.jpg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024311-2152-11ld6dv.7vwf.jpg" "
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 8.8.8.8:53 | panelweb.equi-hosting.fr | udp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | whoevenareyou.equi-hosting.fr | udp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | whoevenareyou.equi-hosting.fr | tcp |
Files
\Users\Admin\AppData\Local\Temp\nst14BA.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nst14BA.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\chrome_100_percent.pak
| MD5 | 4f7cf265db503b21845d2df4dc903022 |
| SHA1 | 970b35882db6670c81bd745bdeed11f011c609da |
| SHA256 | c48e6d360aee16159d4be43f9144f77d3275a87b3f77eae548e357601c55fc16 |
| SHA512 | 5645d2c226697c7ac69ce73e9124630696516fc18286a5579823588f93a936da71084a3850f1f9a7b34c624f4c502957107f5957ffba5e6c1e4da6d8da7d3348 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\chrome_200_percent.pak
| MD5 | 6a7a9dee6b4d47317b4478dba3b2076c |
| SHA1 | e9167673a3d25ad37e2d83e04af92bfda48f0c86 |
| SHA256 | b820d19a7a8ce9d12a26837f967f983e45b07550b49e7b9a25e57b417c5f6fd9 |
| SHA512 | 67466e21a13ca449b014b511fb49bfc51df841eb5776f93b4bda2e0023da96d368ac5c65de051ed9de1899275b9f33839af2c387be903688cdb48bf08993791e |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\ffmpeg.dll
| MD5 | 7977f3720aa86e0ec2ad2de44ad42004 |
| SHA1 | 04a4ef5ccd72aa5d050cc606a7597a3b388c6400 |
| SHA256 | 61c6bd5fee2c150265241a15379c4053b174b1cd7687749629afcdbd1264a02e |
| SHA512 | 8ef3b8f506b5ad7241b96d381a501033266358fb3756a457c46ed499547db1232012f849838e65f916129fab1a0d74711e9851b8e0669831acbbf4c3494e492d |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\Ghostbane.exe
| MD5 | 21dcf914458e92f92928d52bd89470bf |
| SHA1 | cfe743e325859af219cc91b3e375b9afed58a6a9 |
| SHA256 | c68227296b243230fa9cb2fc7a1d3eed54de34db04bf0a8fb6b7c04c77bf44c5 |
| SHA512 | c8ccfd2cbc84b227c89e95988c51ddec76d99dd7cb06460c01c999bbe65018cd51422d9a03efa327d7e31723e0745658e47da54950959ef4e4d8d8cc9e22272c |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\icudtl.dat
| MD5 | 2e7d2f6c3eed51f5eca878a466a1ab4e |
| SHA1 | 759bd98d218d7e392819107fab2a8fd1cfc63ddf |
| SHA256 | b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa |
| SHA512 | 0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\libEGL.dll
| MD5 | 7b77074945dfe5cf0b1c5a3748058d57 |
| SHA1 | fdea507ac2be491b8ad24ddc1030ea9980c94c0d |
| SHA256 | 994972c1bc515c199552d50e97ad217ae15a3eed16db06181c7df50e743e8a56 |
| SHA512 | d637b2c7d75723601af099317a39820d3edbd3cea1e1cb20b702deb6ca7fdb0b67e1351cc8fee1c7badff957fffb848a8dce18bb25bfd60c81a588da4f68c1fd |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\libGLESv2.dll
| MD5 | 8c93e19281992a00993fc0f09e272917 |
| SHA1 | 3a2d12bc85f829775ec8c5c1f8e35a783d37b7a7 |
| SHA256 | 1ebc1da8d7e463a5d3dc127a632989ef35cfbd94cb18bf1f8ee790f172d43703 |
| SHA512 | c4ec65378d83e6645c9128825853de2d3e82c0f430cd28fdc761eaf2d011267c3794b7c1dcef017750323873d7fe976656eebf9ed7c03582741d43738f3e0c7c |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\LICENSES.chromium.html
| MD5 | 4247afa6679602da138e41886bcf27da |
| SHA1 | 3bb8c83dc9d5592119675e67595b294211ddbf6e |
| SHA256 | bf59a74b4404aa0c893ca8bbe636498629b6a3acdff4acb84de692462fd626e4 |
| SHA512 | ad3103f7fd32f0ec652bc7fcb8c303796367292a366037acad8e1312775cdd92c2f36ed8c34a809251ad044508e1e7579b79847de61025baf8bda5ad578a0330 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\resources.pak
| MD5 | 99c5bf0dcd43f961aa3e177f7dc42d42 |
| SHA1 | 5618abd2e7b45c50400bb4aa0c455bb0b28bc472 |
| SHA256 | 75ff04d991c2a203105525a1ccb200a461717ce7b86ada4be092fe903d95cdc8 |
| SHA512 | 2e508c46eb266301f42ee6a7d63494f3856b422df61d0b605096bf4fc4943239d3fba15161adf8cb1cdcfd3bea8608102a0abce636999cc2a9e01bda51cc77ae |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\snapshot_blob.bin
| MD5 | c497639990ef3d4435fd721e8e855c9a |
| SHA1 | 85e7df364daab70730c756b8e24e81965d5a2255 |
| SHA256 | 5e15a82831965e521bee172e6878806bba51d410d1fdf1b4eb01385d1954502b |
| SHA512 | 63f2514d585dd7d3b988f0aaeed8106a06b67629eb54f2152e8b4a24276d9f56fc4650c8770d0ab44b4c57ca458856a0cce5f26f6226a56a807b38ce5615ead3 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a718c9b6e5e6563e23e450a0d01b932a |
| SHA1 | 95ccb1228f024f037259e759dbac464f3c27b8cf |
| SHA256 | 315f5ed966a1f3a89c94d1b78b9bf70e59a2869601cf6551b2c1fd3e3b008447 |
| SHA512 | b04512e95ab3997bc7d5c65e2f526e124bf1895b139eb2b6c6c7b4a4aa381cd408eb2bba01f44b09b1936d24752baae288f24a32ed84687d3e7e0681b5387d01 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\vulkan-1.dll
| MD5 | 25afbdf6701013c57b19b92225920915 |
| SHA1 | 009300dd4ab3b81794388ce7d126ae90ff97535f |
| SHA256 | 22bb65dd206ce7ee10c05557933a04a04144e1a8228d2a9d1e9d704b0b1b2f7c |
| SHA512 | 575e38b60948cb704c355ba9cf3457f2693c30f95e85f10f795e759652bf4317e18ba480bee8aafcea9108415e8e58f674b22c7513a9fabee765142486919a0e |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\vk_swiftshader.dll
| MD5 | 77f7b4f46cb3e06b53729fd1e562dfef |
| SHA1 | 223c09805220ff2b5c1dcbdd5c0396231ea34f11 |
| SHA256 | a648cd4671b12b469c4d2de20c2ba2429c9388c0f9d4b3d9d2244853d0e5acb5 |
| SHA512 | 6be9afda9320074c5842419cf8493d715ca65a3362d368d3a35e35a47d36f8197b0f19877485b41a06e21148613a77bb6275b0586c4a38da8a25efe6b5a6b571 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\am.pak
| MD5 | ebe0e7e0c78fac281a3f0196da22cee9 |
| SHA1 | 689864d898905d43b8a70bdf37c5b339daaf48eb |
| SHA256 | 08d86a45ff0a4b21e74b06509c376ab0f907cae72a3e0cbf5c17fc275d10ac5d |
| SHA512 | 89b6603e5db8ad53ee5623c2c0f7e81194278dbdf5ed49c7480049006b20744fd4642743c2b4a264cafa87e7f787d6d6cbf26f12ff2b851333b3ba7541ebd933 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\bg.pak
| MD5 | 5ed6adc6158f554e71bdac7dc9731b16 |
| SHA1 | 394c8396c566d2b92cef881c332624be812115fa |
| SHA256 | 0a3e79a6d270d212037ccb5a8730b7abfc45c6e9175dd7e17d997daed0985726 |
| SHA512 | 796f107698e82dfad9ec8d2ac1fc3f79b1f3a339a06eccd783dcd262ddb7399f8e3c093799f16640cf7a4488f1d2eb04ba6b7cb14ac9e9fcf87488cb8305b35d |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\ar.pak
| MD5 | 3a8a7a08fedb148ebee6d3300356e37a |
| SHA1 | 2e9ac1ea8b6396b909f823486538d5640ddcaa1a |
| SHA256 | 43636fc76a2da6ab562c4c3bcc1a5d548a169dc0e884484fb7e4341814c44c78 |
| SHA512 | 7951829cc7aa385bb5f8078a7af7d4f0b49fa8c05eecb2808eac3fb0e8700c63f92db888ad64f526d992a14d54948a6807bf06f9fb688aecea40311eaacea181 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\bn.pak
| MD5 | ee25e9cf28fdd35846d8a9b3c4220eed |
| SHA1 | 702342cc207ced1bb585195abcf263cbc4ea0069 |
| SHA256 | 9994b9832bce803bee8c48a8176653099df7768074e3c54d09a18593376466b9 |
| SHA512 | 2b703cd07bacc9f70e36844f148c980cb112a806b4ca11f692b9bbe6995fd5636eb9bdc84c5cfaf79790dbbb1ecf7cf2b61a7d6ff89311eb4907c586e20b7dbd |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\ca.pak
| MD5 | 53e3fb38f84f60b98d23b337e4f03f92 |
| SHA1 | 42e435837dd36872d2a413518a299cd293ff8536 |
| SHA256 | b00bd41c1222b3ea078df5b92cec1946e41430be241d0d57dc9baa4c70c91f3a |
| SHA512 | 98d0328e7370b1fec9e15ad0cff9e1353686fc581e3df9a8896e3c2e62ced044c4c51ea63f35ec8b7eb3e7df5c83ef5157468979b7f20e85480597042c1ac192 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\da.pak
| MD5 | 22134b12d90fdc00f23a1e0a6fb04eec |
| SHA1 | 17c9fc2cacb6e5ccc393d1af9bdf3e8e63ecdaaa |
| SHA256 | 62020dd01b47b696e2e11d7f5598628c07782a96ea6bc013dc2ffe8c820b7c94 |
| SHA512 | 9cce6ffb2d84cedcc5ccf200080d6a2cab691468c042e8e48a5fdd809b5c0d067c322326e49d18f66da8e0b1d28adeda4cd03e12d7aa11350b72776737aa3427 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\cs.pak
| MD5 | f125738776a9fb8dbf25311fa3dadbcf |
| SHA1 | 3448b58d4810e69f5c1eca4e1484308c3ceff502 |
| SHA256 | 5d5089718677f9a4e677dec72058c376a5829921cd523ecb919d0da7766d3cd4 |
| SHA512 | ca5300e5fb73ed4ee8c108e875c66ce7f105693f3ba78cb00f33218febfdb3ea27fe26f118dff3fb2e4af66f722f8348760cb576aba48887be25fdfae4991776 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\el.pak
| MD5 | db449f218a705453eb10b5f418e28d7b |
| SHA1 | 7bc8fcc59c532bb086a7f081cd8d275a89dac835 |
| SHA256 | 73da35d01b91707846775bea7dc0331fc1caebd5c63d101aa8bb8bb58ca7f193 |
| SHA512 | 7dce45bc723d62498b335be0ab72dfc91c44c01f96f25c2314e9245a0eab28a92dcaa730b11f108b604545592445ed1612721416f60ae3bf55b1bd438bd04f78 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\es-419.pak
| MD5 | cadd9ec43e823609c4bbdc418da6009a |
| SHA1 | 91bdd44d5972a4763227ee7c127fe122aefe195f |
| SHA256 | 6c8d074047d57a79cf5cadf9caa6e9a64bce0895743a3dd89ed1350cc91c1e4c |
| SHA512 | 2b9eae4072e46024e33f000b1df1a64246f70498a557f4a03234d3dd47aadb04883b98ebf48eec21f0d6ca4c8a62065f675fdb352be680a56644ea3ae1db93a5 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\fi.pak
| MD5 | 4f323a2eb73ccd029e742cee4dfa9769 |
| SHA1 | b860372d21cc55eb7ddbbf9f5bac61fed39426de |
| SHA256 | e1888472c8e1330e70e514d0a1936749a7e5d39f67e7edc818661c2cbf3e301a |
| SHA512 | d07d0f74736cd32d73b3a33867e65a25b727b5c30cb743162908e23d958fb3ae97285f600a9ef8196e61be9d450da5903d1e468fceb3b05ced93aa600387fddb |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\gu.pak
| MD5 | 57cf11b4352e59f11b20b7ab754af031 |
| SHA1 | ca1716d419f175a2dd548929fd551dcbd1ef4bd7 |
| SHA256 | 55588f211c26e1deb47b04d39728ec051b99334c55d30252b94df57d0fba2f52 |
| SHA512 | c74360769323b3267aa218e994f49c7e135d4f320365a349a5362c1755c4b660050a070bec6c5446d4620be97a341270b6c01289db20ddf5199ece23117110a4 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\it.pak
| MD5 | a2b9cce245e754258ea187ceb3aa2670 |
| SHA1 | 50f84fbcabea10385714a3c3a2483247ac040c02 |
| SHA256 | b72f89e5d2cacbd2db7ce28ceae35faab8c4199ec993fea64e8c78df882032d0 |
| SHA512 | 5e9cca2605d4a86d4f2b39845c8396c37f88b6f1d08c8f0e2b6f0896d60754331a588d0c0fc59e9ad8fccf0d50100a2307fff2d9df784f91537b1d9e108727ad |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\lt.pak
| MD5 | 02e9c88d9d5e58d135c9a92effcce38d |
| SHA1 | 92421a5fac68d506fa904075ea7cf39a3da8efc3 |
| SHA256 | 38ad40532287da53fcdb6076b9cdb841bbb4f30162681707295bcab448149e65 |
| SHA512 | f0897d62e81eb6e2c56cf1a5b5ad5124521c345f70cab841071c7b70b16130984700d694a32dfa010460244d8b520ba1b217ffd76f75c074b5b3a9ccda26b02b |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\pl.pak
| MD5 | 41fd7c76e30b333027e86e20a65283a8 |
| SHA1 | 81afebdfd62255d0b0ca508141dcd7b67982f4c1 |
| SHA256 | 5de95dc2236f896e66debfe2cc7553a5bfeaa7ffea2820fe1f2f67368af84f7e |
| SHA512 | c59132dc329ee72fa8e9e9c653da597b5fa40a6eb0a7988cf62b1bdaa646a9f09f504219bfbc5af394a12c9ab6050a39740460a3e5c3ed0946b556c33f608219 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\sl.pak
| MD5 | cfb094955a5a8f655ce8a598d5a89706 |
| SHA1 | 181ace68b0c3be132ab73302ba7f7c8750f9adae |
| SHA256 | 15489195e92cf11354a9a02895aad2ba8f17aecb676dd77942054a4f3f0fd623 |
| SHA512 | a31e131663072c1192a4146321db5f0f457d27e14afc8ae40a92a4f255df4cd5302774534fed5247e145c73739a709dd5852af35750f35ecbab0fd4c1a612e2f |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\tr.pak
| MD5 | 4e7c047364c7c4809242741b98b28092 |
| SHA1 | 4ff1b303476cb75d8190568c346e8cc2e452da14 |
| SHA256 | 6a25be43b786ab853f8081c53012be623543830cce5ccd246ec040d98f22b852 |
| SHA512 | 4624cec04114c15a72a804fa4966fe61303effe97039337273ed0dc99e8a6a685ca5cf5fa901a84c8b219d443f1a89e6e7cbe09eb21e7ecff662301067a6cefb |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\zh-TW.pak
| MD5 | 03ade5ba27cd3ae9bab6ab3a5cb721c2 |
| SHA1 | a747311a5f6c2e0e535efd52bc96f3c4d12d5c3f |
| SHA256 | 0c4abf7a66026068cd4f458d504cb04f3e04cf9fae45419ddc2d592f24899a2a |
| SHA512 | 33e122328773039595248a85dc0940841a1e273957ec9a4e175871b3ada48008b608ca6569b495275abb8e2a8844ee0c4d90b48af915a3f5a6aa44f3c37e51f3 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\zh-CN.pak
| MD5 | 20b6d54de42cf9c56f0a85fdc27d82e8 |
| SHA1 | cecb82b4afe8544876f443fcf578453358ab59a8 |
| SHA256 | 4140caf95939f116993ecd8bc5f7681991f96735d2397c9c7b4c66e3013eed24 |
| SHA512 | 646af407dfb85863f4555961f37f706c18b5c1e68b3111eda9f9b531ba2bb60cf67211ad634037b872156f0ddd04d50d68c49173a27a78ce59f75cbc2bb6c3bf |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\vi.pak
| MD5 | 98cb45f0555aee1985710196db17d72e |
| SHA1 | 1362238c253bc2a0e50c8dde6c95deb027fd6348 |
| SHA256 | 39a130557fea33a9c899f347fa3ed455e58bd51acc0b3b4586f76694b0f34646 |
| SHA512 | 93125310ade0c7029f0406aab291c35d2b7d1941f85bfd3d6071f85ff347c46e793a5ef164c08ebfcba252269a4aa84bf7a3b8779a36ee2f3da303411becc27d |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\uk.pak
| MD5 | 33f02db055c3f91148feee375acabfb7 |
| SHA1 | ca1dc284f41bc55cf35f94a4039008df9970d411 |
| SHA256 | 1968e9ed7722089330e7a8ae2c08f241aa106ed2be8948461439e6a92c330688 |
| SHA512 | ad16973e4103ced979276c6de175eb600241491ec9c441168e6375f68f8867d3f0eba422dd0ef6404208564015119f1e5e2500d5cf4ff2d8da45d713ed8c251d |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\th.pak
| MD5 | 96212a5191b7062d1620388acf1d09cd |
| SHA1 | d3616b6c4649dcfa347df0473e64219ccd63e63a |
| SHA256 | fa5f97bf433df481a6257fa39ef8dcc7961c5d5a83008b02c9773836d7bfc96c |
| SHA512 | 5192c36317c3a50696796c7286f77b1a02b7a0f83abb16ff7d47ec94281b85ee2fb29b9ddff7c4ad8b28a2a757772bd2bc726b10c19658ab672966679d391508 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\te.pak
| MD5 | 93edec428bdaa1f84f5c9478f440997a |
| SHA1 | e03f6bd50b0e0d888f9dfbdc87c98ff567e6a91a |
| SHA256 | a499f50e452ca02ea476fab8954e7ff58d2ee0c6263b8a4657b6ebddeecd2520 |
| SHA512 | ae34e29f1e8d23dacca66036e355b12ebb1117ec6e5e99413c792a0dc8b772eb63578b2406730b014fb4ffe32b05dfd9fab8adcf38ab3f5b9bfd0cf054ed09f7 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\ta.pak
| MD5 | 8a1a245b43af1f174f262d8f53014d59 |
| SHA1 | 655045f5c71aa2589851a66d5387d4125bbce1ec |
| SHA256 | 85d8ef6fb5fdbd1d689aa6cdbbb768376b08b03ff39f7528a3804a3b4bd82af1 |
| SHA512 | d71b73fd2b5658acf5825f142130c49c278c801fd8beb5fb2039a3c209a1214a9cc00fb6896735fa4d020bc2279afca1577f35fb0a96a315631d46656d2055d3 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\sw.pak
| MD5 | 70510abd3079bf26caf327989e810216 |
| SHA1 | ea640cb8b3c63d71d9b3a0d377fef5540b04fe81 |
| SHA256 | a11017a3e0e7f48338d4515ec9e79c1764387232a0d9a05fecc4b594bff40091 |
| SHA512 | ecbc97397557e27e66536a97ddf78a744c104b258d40d6f31972e6e5c6615699dd24eb02144ae0d3d53764da0f83a06f561ba95bbf08da4bf4a548b0e7f8c052 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\sv.pak
| MD5 | 773fc8c89b093c40191fc233730188c1 |
| SHA1 | 28001794144bdb76f62044d57e2d52c8ae1635c6 |
| SHA256 | 6aab29795a36a0234c6d447fb1fdd9011da505c348b934346a27b6a2ddb92ff3 |
| SHA512 | f9bfd3e72955104b922c34352ec16d56939eea634b9abd549d4a3342dd72f8768c85bff59814e419aee6469f6521f4f71fcfe9b8a81c1824187ba818f6d6caac |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\sr.pak
| MD5 | f4041623ce5e06d2dea58d532edb120a |
| SHA1 | 2d7ee3ef60b39e3508427c7bc12e046d7bf5e928 |
| SHA256 | f2f80d7325d259811afea1e7648c42d3ef3eebfeddaec27ee2817f4e68ab541b |
| SHA512 | 18691f4cee3eeaa2305d1c978d803fdf757d9c4e87e88e36d7b1fff482cfddd820568b39a1108065f61dd2cf10d7219c27813aad4d64e71695ab91084ec3c694 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\sk.pak
| MD5 | befec33f564454253ad90d6cc06ecf62 |
| SHA1 | 1fa0e082c89f9aa397551421a35b7dfc941f5250 |
| SHA256 | 9db30eeac7f1814158283affa0af6451c6f7966896cd6d6df8eab14a37e58c9f |
| SHA512 | a581faf67311eb8d81b481d1e3348f579745331f87523650a4fc35ddbe6d5033e726feab0ca3911ef76a21aceabc3e2122d16333d1b7840a933b5231a9e2d157 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\ru.pak
| MD5 | fd441a4b72397f5d76915ebcdef45aa1 |
| SHA1 | 94a0ab5704e7303c6ef1c2ee5be0b6f4a52d146e |
| SHA256 | df41fb92e4d682d47b5adf942600b4f23c1aa5274b31b844cd4c4b6f0ec86a86 |
| SHA512 | 5fab517ec0141bb67b4b5ac868100b770fc0b7773b94f977af9205294da9305a2079327a4ece1ff1d9a3b3c805c8d8676c2b0505bf190d1c57c4ed0c14a1cfdb |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\ro.pak
| MD5 | 4d1ed9e347de9351454d11132c06e916 |
| SHA1 | e3734d17a579ac423ec5fdc5829a211c7b76e049 |
| SHA256 | 57dc80c76c535c645893c9d3b4d0c4779aaa877445383abec79e32cf02c41276 |
| SHA512 | bd3d0841678879a24eb6f2f15c27bcb64a5d7ad171debbb51e7601a3898b830b1985b365363a01d22967969d4d4ddf89a130a5a33ff6a94cef6410b0e89f1849 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\pt-PT.pak
| MD5 | e9f8bc9fd1e845551fe3bb63c9149726 |
| SHA1 | 0bfbe46e8ffd62493c019e890a30ebc666838796 |
| SHA256 | 50cadb4da4e61fc335d145374511c34e5a0e40f9c26363614cd907cc7942a777 |
| SHA512 | 1d3761caadc3ac750c0a89c64db472bcb0764fc1c4b1108a9443fa71633ec7fdd945120a6f05e76221d9c58103cc9865b4857877d57d60b623f92a0235ed15fb |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\pt-BR.pak
| MD5 | 3b70cbf1aa47436b78a5e8c7672ce775 |
| SHA1 | ff9f2820e5782f9eae0ea1d5ede61665fa62cc06 |
| SHA256 | 8b4a8a3b8741610c279283a6cb843cb274223f720edac1c73296340b02569fbe |
| SHA512 | 41e3b3264d8034edf9ee1ab696ca4612ee6ef4e8537b4598805362c4a250f81274425cfa2c9c62330fed73a683e6d3b2ff537b51d869d7da19c4422728da7c0a |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\nl.pak
| MD5 | a17bff141aec095625d0420c7a609b08 |
| SHA1 | edf3746b20ff9e3bdbf09b195e7781da1f799a91 |
| SHA256 | 7482c28c2a42a94615118b6b8cc7d002415923ca104ef86a95a4ad05c8db36b9 |
| SHA512 | 903c50c39160e40920bdcce0dc337e83b03bba00481f82ebc8ac1cf6927ebfaa75b1f9791038a71632c5e79bf7331bbf7468cc626e303929801c08f54d092c8b |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\nb.pak
| MD5 | e5546ac3407546d6b786e24c7bc21ab1 |
| SHA1 | 7a9e44a525ae005d0b41020c403c4e1e49d237b7 |
| SHA256 | 751521cbf27777bc99f2039b987686f921cb27e02c959f6cbeb976799e45066e |
| SHA512 | becf51540db5a0893e6f44d588be98142bab5c2a0f37c0212348e3cf39da52def2fd104c039229b52767a9345890f5768ed897b4bde5c6feccd75036d8b4f363 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\ms.pak
| MD5 | 0bb952597b170dd4dd76e9d9d546ac3d |
| SHA1 | 101aafdf6a4ac0cdba7bd88538e7ac395e715e3e |
| SHA256 | f6721ce0d4d601ffeff011d652a9bf2518386cd8c1d2317763e37512451534ff |
| SHA512 | 46c9b63273d6ea30ee63ff230d6b5600018ae54032e04a6707f5873ebd383d0d59645f8d0b44b8ce9a4d40d5acd3453b618b9c4fd3c1b958adb5aefba3465464 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\mr.pak
| MD5 | fd3452d812a6129b8b6db620423adca0 |
| SHA1 | 9bfe47a0e9f1843c90875f28d8873d592098024c |
| SHA256 | c9704a3e528092ef676be4a653cb14b906e7c32424d59c8e4f22981014bd9111 |
| SHA512 | 7ec30343e985f7bdc6a64fc13d50bfe58ae098b03e18afeaeb4c89073059698cdf40477f2323a52c5e8f07f37b28608c54734501d14ad6ae0c9a0f2f4ab0e689 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\ml.pak
| MD5 | 21aee42070f9eace2a8e14759526f05f |
| SHA1 | fedd83251a3fdb1846bf0e7e49a3a78cd77fae02 |
| SHA256 | 393d2dcd5c7c33945626fcf10ea4457649fa7b4c100c039898385133c26395cc |
| SHA512 | 60cc85a5a638d370710680bd39a6946d04660a0856bde49190fbc0002acf91617cfc3f3087a37cf592c047550ed2c5b73c2a769fbdffcacf4ad3ffa129c929e3 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\lv.pak
| MD5 | 7313fab584b7561b1fa63de07b972118 |
| SHA1 | 3a44d445f57a78867d37638a80ab39add3fcaa4a |
| SHA256 | 7b92238240c31c197029d41fdffc244f68caeb8002854f65ee3125bd95643598 |
| SHA512 | 05b067847a63c0419298616278678ade6a4fec4008323121ace5a09e22f6dae409494474f5a88adc703833691a7d4810546d012d4311e176fe58812f166b8ae3 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\ko.pak
| MD5 | f21c6033fa73bc7d3358c2467c9048d2 |
| SHA1 | 939f209f00e6664294872e0dc3b33a9015a2f1fb |
| SHA256 | d19cfa8ae07f23b81c0d40d7e751628844fc1aafb83d4bb4dcbe71caecf6ea2e |
| SHA512 | a4a4909ca56d3d924639cf1adab6d9ee512132c99c8e3dd37f2b949a1c816ab29ce81c01c658022e680344516201fdb0440abb97e577e6946e2731411674566d |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\kn.pak
| MD5 | 90107e2353e707a6d071c9aabb5adefa |
| SHA1 | e4dfe445ca7830b3a56af38af1d73e3cb94abc73 |
| SHA256 | 9155b06ccaefbea6461f5c51e25ce25d85ca7bd557e76dae00a4d6a09a4bc424 |
| SHA512 | dead3b94638afbf4ef27e1cb5283ad2d0af73ab8996e7d2e8202ad174796121799992f577c974fc0ec53fe2b8f6fb4d37c3bef70b72c29b5b721377a0cf3b093 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\ja.pak
| MD5 | e720738027460b044429705f7ea1d25c |
| SHA1 | 851b59efad4ae074849fe41f40a56c5534caaf72 |
| SHA256 | c78fde77efbca1b3cc0cd12bda718d1a113bf6b6f3ed558b5c9a452dc974edfa |
| SHA512 | 08b0fd0ceff7ddfed26985bf84b54d75cead1f6fd4d5971da9e40996af6dc5fe9455c402f62e758020a6ccdb1ee0213cc2a5ddfa28a2bfb1e8064c6a4401c3a2 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\id.pak
| MD5 | b5e4e0092bd1063e8bd68d0b539ab005 |
| SHA1 | 5e3d12a6fb497687df81ed64de17b0502ea84f2a |
| SHA256 | 8d7ef1377d39fb6045c9d4b1bb064c329bd789ee33b6de530c187f1e713dd7f0 |
| SHA512 | 52b535a143bc13a03804cfda2d3f2f81f036b8d24897d1ef4a657ed290ba14e43d7cfe92c868cdef6b093b09b90119f7e50e8496eaf347c8e4fdfc13c5e306a2 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\hu.pak
| MD5 | ae13d7ddfeb82df9950c71a4ea0bd10f |
| SHA1 | 7b55315628060668f444b110031b1fc4715bda11 |
| SHA256 | 17758e2bc746f6d770fca8969ed0aa2d00658d68792d2e8bae94d7b58665d83f |
| SHA512 | f94247fecc4fda5bdbe9732f151cdffed337eee01f59aaab6e6452c570a549dfb87c0528484c1879a04af134ac883a21043c582d0a642e185e4e64e3aff830be |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\hr.pak
| MD5 | feea1754a955eb61cd41763be4e5ae2e |
| SHA1 | bb6252fec9ada8bf9ed7b81f59843d5abfcac80d |
| SHA256 | 787680ecb5d5ece246894481834b30145919c22b04d2dcad2f6ea2b2254abafb |
| SHA512 | 3d24c9ccb83f6ecf976df5cf00fdb0b46d53f09c1cb08ab68bb8d9944452785f40a761a152605708d7672f7dcb24e0b7cad1cfc14b267bf5fc1393cfd05ae4d0 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\hi.pak
| MD5 | 34bcb12c154075510d9d3066ad4a8d1f |
| SHA1 | 6a3c062221db4f391f8505892f584647b05a410a |
| SHA256 | 83c6c411d75ec5c5de6984b21fdecb07c9b926c66b67c5c99380605f6fdd8928 |
| SHA512 | aba38e4a8039bbdc46b510a8370c82d3b199b4a02da7751c162c941e6d893a9cdfc0ce92db4144ecc2b2644d58b0bc6cc7cceb0533c62c131cc55be0258c3a7f |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\he.pak
| MD5 | 6010987755f300c7984dd3f72f518ab2 |
| SHA1 | eb85f0849a86aa5fb585efaa070d2d7300b197a3 |
| SHA256 | 1c84a575e28e9a72335ed13409d6861995bd9859fd57a4d9509fe912db4a56a9 |
| SHA512 | 4b77f74d986c16524a3a6c7f60cdbe53ac5be59418737835a7fa186e4b6ee853cce8317cce352fe4064c75a7d27bf1303d76eabc53993ff1e4b7758a8ccc6228 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\fr.pak
| MD5 | e609419893f1d885a2f17f94805a441c |
| SHA1 | 31083ac114fa4077a7da7c796ab3744873fb893f |
| SHA256 | 8d71c36d04f2d6062458aa2614f7ce223b2ee9b4665556803f764f384b191091 |
| SHA512 | 77f965f436a009a5aacebed3cc15adde5a1054e1c699b8a50b947a7e78a97cf43317d50b0ab7a42532c77d320b7393007e47199f31c58f7acb6f462f98fdd4c4 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\fil.pak
| MD5 | 693abd21a6855aeaa31f6c738c6b6fc9 |
| SHA1 | bb1fa375a9f0c682d9913b1c1610535eb2b4028d |
| SHA256 | f0bb231c710c025ad4643e2128867de6e111da867384082e7dc2d0769976b6ce |
| SHA512 | 03c68c45e3144a73251d950a8c7695e5b9c2c66711134016543ac07ee6eded723324d5312fad4624d35d0bfe9861ca4b7440d2445e6d3d6cff4a1a3cd5263c98 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\fa.pak
| MD5 | e3f56d4b0fa2878ed6847631d3b05dea |
| SHA1 | 627f48d5423afcb3cade0789f058d60867419041 |
| SHA256 | 2ee67a38cce9ffae1a639be17c0ef7ed7c763d9c15c9621f300bf634e1f25a64 |
| SHA512 | e29c28717f31dc57c2294857680a439acec25478913ea425b0c7b6e50f3343b21fb7983c15352f9e3c001ffa0c8e500d92a1924acde32a4b5bf3f5b6c60c4142 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\et.pak
| MD5 | fcdea2954549e5d8f1e7a5de36ae4f74 |
| SHA1 | 41dcdcefbbab3e0e908d98ec9b6bac7eacecbb99 |
| SHA256 | d875bca2e8800657306727902f4f5fceec7415ea530bfa780ece0f016f792569 |
| SHA512 | 37ea008078083a36b07b1f5d0ca6e16f62b06a19266d8042efc796bf33c53200f37d3a37f5b48d024dbfab9e6689ec9c3f22d6e37e3898fa7deb61ace1fb2df3 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\es.pak
| MD5 | 39288ea031009bb9db582cbd93c7d534 |
| SHA1 | 467f76d33e39526a4d8cb6068eaf8e2791b3a9ee |
| SHA256 | 6cd39669df96b4b5b9047f7689338d3beb9ad7f8be2fddc595ef1ecbc47481c2 |
| SHA512 | 4a635e969cf2b09aab5f8723a3380c5e226bf0546019506d18de65c1e4a599d268b9ee2e03a65b245075f899a09697b7b535f1055c19344a411100c8f29d93b2 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\en-US.pak
| MD5 | 0dcd84e9e50a3e0819d5875ea889ced4 |
| SHA1 | 7c47f6e4e0cafec3a13c07d689d1dd6ff6516b1e |
| SHA256 | 699b6d7f05a484e76d3e1197a656247863e570f03cc02634c9dc42078a5c5007 |
| SHA512 | 153fc15f676d78d5d0f3a6862fc7eaa60c2a659c25ce87485f0253c321d9407a9b799b959104c27a8e7b5487f0de926ae8f375e2c3d313329112e48f2d001a17 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\en-GB.pak
| MD5 | 074d3dd44706502de7c33e791794b23a |
| SHA1 | 564a73ffad9232052c692eb94f560d6b17227c47 |
| SHA256 | 9c3954a5ca2cf126370a1152e9281f41a7ca97c69293f556a2c79ea6729324ae |
| SHA512 | 6e1296d04b16534274fa438643ecee6e37d17ed935623f73d5a8f3510a194e0efda9ca60fac8d51d25763c4818050e23c306f9ee18284b8600610d14f7768d98 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\locales\de.pak
| MD5 | fceb00caf7e76e688007665feae99e83 |
| SHA1 | 06fece84cf7028b3871f144258b8d084faf8745b |
| SHA256 | 80e63ef1950b8438813271365a7b6a3f3aba0bacc179f5675654249f31c06a3c |
| SHA512 | 08c14eb299a035949e6b64a069cadee66c420b7d66bb00d65d6a1a08fbee08a57ab08f8e77c44387f0fe02b47aeb0bf2709a1979025613cb51af4ab82fc3b6d5 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\resources\app.asar
| MD5 | 45521cfdc0f0979a1fde10a1bf163b64 |
| SHA1 | 4f736d4fc78020a8a8df6fba1de46c95ea0c50be |
| SHA256 | b2c42f78307d22cede05b010e4cffaaa70e9ee469c8279a3399a6f497d8cde24 |
| SHA512 | d8fe5278fadd3610cd379c352c2dfd6f16f01f3e3512c364dbebc8c9fddbc933203a5e424df65f6678243f8796bc0c5b509f1c648a11989c740a5dfbb52baf31 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
| MD5 | d226502c9bf2ae0a7f029bd7930be88e |
| SHA1 | 6be773fb30c7693b338f7c911b253e4f430c2f9b |
| SHA256 | 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f |
| SHA512 | 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat
| MD5 | da0f40d84d72ae3e9324ad9a040a2e58 |
| SHA1 | 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f |
| SHA256 | 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b |
| SHA512 | 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest
| MD5 | 8951565428aa6644f1505edb592ab38f |
| SHA1 | 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2 |
| SHA256 | 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83 |
| SHA512 | 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 1e401ccda5b723ab8a595a54f7d2531c |
| SHA1 | 127716680dd16f776b19c2306d716935e54c5100 |
| SHA256 | c167a458174e2a280c39d7af31bd109e8e2921032a687097b584653adc33ab21 |
| SHA512 | 1f2f35021f338aa7c5a0ae83c196217fbca6b1d017ac1bb4f1eebb93bd6e18c5d74c1a14bd4899d7a91d054b0139b2c4fc3271c35148ad1d8b71139aff0132fc |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | be1b6fe26a1b5a3e1302c26ce5ce53f3 |
| SHA1 | c3cac08e89c4cc91eae1cc87e33a1dea723f1d78 |
| SHA256 | 162abe61314e720384d8cdd43190a89df8a96de52f3ede7b6c58998f615d8546 |
| SHA512 | 07dca111391dfb6b7e90d4be02071bc625128eeca0b9d9a3cebdc7916baec9f95cbbf906f2533befd6b62b9bbc69488ffa720f8d40c9710dd3b7d540d9dcaa55 |
C:\Users\Admin\AppData\Local\Temp\nst14BA.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\c7485255-0bf6-4b28-8e4b-5a5595930bc4.tmp.node
| MD5 | e4c111d47eb54b62dab8cb12540b9e39 |
| SHA1 | 09be3e7d9eec1853dc628c8c3b90e7b670921029 |
| SHA256 | a05338fe1e0eb08230717ad2f3587a5c1cb4bd10a673c40a3059f70ae0e7e6b1 |
| SHA512 | f9ec1e62c08425382b48320d2fb1a7fa412dea84825cc49b0297d5c6cfdcb80f32c54de28ac59e7a4c7557ae9900a8d3860fc7d23e486bcc28e603787d9f0f79 |
\Users\Admin\AppData\Local\Temp\e0301b87-10e4-4744-97aa-7fb34f2b3c89.tmp.node
| MD5 | f1e751eb4dbfa4a1b5f4903315fc535a |
| SHA1 | 85e1166819678f839954c473d7eb363a99e24a96 |
| SHA256 | b8c24de2fa870ceb677f30da0eabdf20745d0a9ebed98f49c52d881383c75096 |
| SHA512 | 2349745a84bc2b2f9c2b96999d48e37242a6c3627d7898cd9a36e682e36ec12553713db7167b3a9cd20ec308ce11d84f09f06beb3e971823d8b4a959f457b182 |
memory/2188-574-0x0000000000060000-0x0000000000061000-memory.dmp
\Users\Admin\AppData\Local\Temp\2etPjvlaTb83Ft04XhkAGWkFvCm\Ghostbane.exe
| MD5 | 5c44c82d3407df14938e0437d3dc8b36 |
| SHA1 | d4cf67d6b9ff1e746e29ddf0aeed467aa1f6ed4e |
| SHA256 | 7faa65bd532cdb32a1abf7c81714ff7acb045d7e204ac7e2fc1b41e5ae486fdb |
| SHA512 | 4e41a3d3220edacb85b67d07bee452783c29dcbf173f91a480318196d3ab51295b0bdbf14715a576ec4bae06eba76e82df679b420a1bd34b40d074f800504222 |
memory/2152-584-0x0000000002470000-0x0000000002471000-memory.dmp
\Users\Admin\AppData\Local\Temp\b76d5887-ee87-465a-8a97-11037ff8b8cb.tmp.node
| MD5 | d4e6004197508892d18fc47645b25f62 |
| SHA1 | 1afceda2531e593c00de7ab994f928a150de5b4d |
| SHA256 | dc29d32decbd161ea4ff1e645d3fdf7a1ce3db0ee25e5485bc19fc775922b71c |
| SHA512 | 0be017eaba3764eb9f38e78248528a9e025958e713a8eb4a8f9b03d087267e107ceef8525a4ecfcbb684b077145fb0161e5dbe05f9fd95f8f94a140fe3ceb8a4 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt
| MD5 | dec2be4f1ec3592cea668aa279e7cc9b |
| SHA1 | 327cf8ab0c895e10674e00ea7f437784bb11d718 |
| SHA256 | 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc |
| SHA512 | 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt
| MD5 | 810ae82f863a5ffae14d3b3944252a4e |
| SHA1 | 5393e27113753191436b14f0cafa8acabcfe6b2a |
| SHA256 | 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c |
| SHA512 | 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112 |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
| MD5 | 7a14f78602561a44440165d40066710d |
| SHA1 | cd26a56520bec202550b923fbc3c75b1e10df9fd |
| SHA256 | 584cf876c103fca4b438a95e62c70cdb9987b8392df16f8eff460a0c15bc2bb4 |
| SHA512 | 5dd8a652e72e763910682702b64de2ef7b15d3793e7b62c88bd6c7ca42b6ea3aaaed8bfdc7b11358d5b090ee1687392438e553599db7b8065e6a4f46fc529d51 |
C:\Users\Admin\AppData\Local\Temp\RES472E.tmp
| MD5 | 3ca29012180bf3e18c6a77936226ce47 |
| SHA1 | 4dd6ff27772cd1cee8e03cf3f1c472776407880f |
| SHA256 | 9935ac6a2a3aef204ee388945272a6d6e16d9599740e87242dac3ca658d8e8d2 |
| SHA512 | fd5ffbf7955b26198fdbfe055815bb02a8495d17c45db3f0a71722c9c4e771f5895d831db0ea66809b47d877c55550c46be16952ac48025281fcbf9ce610d010 |
C:\Users\Admin\AppData\Local\Temp\RES473D.tmp
| MD5 | d9969353ce443e5922617a0968241958 |
| SHA1 | 7e83cce6df4729e7b192a3cb1a2f824860755e24 |
| SHA256 | 493b7739081d0b06f40c98f852e4e244a26a90ca115cce7a9204d47360608ae3 |
| SHA512 | 526ed2126c00eaf914638c9c46951e761437b2eb0a4ab52f96b7fb034e6420bf41e505b6dff3d7d030e4f1fc9111bfc563fbfcef0510d4eddba335f4b30adef3 |
\??\c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCFF2EB0A19848B3A841B35225F08F9A.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
memory/2976-687-0x0000000001120000-0x000000000112A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024311-2152-fx27lx.umvcw.jpg
| MD5 | 798109142156c471e4b1abce4974622b |
| SHA1 | 4ab34c0b767e717e5c40794ce1c8c6b5fd9f2075 |
| SHA256 | a2ecfc45b8f993ff326326187bf3570282a6888c3400ab9f205d721fc8702896 |
| SHA512 | a6b1cd599c0184ac297523687a29a0674ce56a6bc3c352e54967b2002ff8ecdb9e8fee11a4c25d97ae7861560321be051867bfcc7bfe7d5796d03b982abf954d |
memory/1540-713-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/1540-708-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/1444-707-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/1448-715-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/1448-722-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/768-728-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/1444-703-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2976-700-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2212-699-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/688-698-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/768-731-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/3068-736-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/1312-744-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2232-745-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/1312-750-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2232-752-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/1640-779-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/1184-778-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2976-768-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2592-787-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2540-796-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2388-804-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2332-807-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2872-825-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/3068-826-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2340-827-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2584-832-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/656-836-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/1840-837-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/1840-844-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2584-840-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2724-852-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/1128-856-0x0000000000100000-0x000000000010A000-memory.dmp
memory/1128-857-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/1128-860-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2724-849-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2872-813-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/1520-862-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2332-812-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/1520-865-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2540-805-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2592-793-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2720-871-0x0000000000260000-0x000000000026A000-memory.dmp
memory/2388-795-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/668-872-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2720-877-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/1640-765-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/656-756-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/1312-887-0x00000000010A0000-0x00000000010AA000-memory.dmp
memory/1312-888-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/1312-891-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/1684-894-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/1684-899-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2340-900-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2132-908-0x00000000011B0000-0x00000000011BA000-memory.dmp
memory/2132-909-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2792-906-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2132-912-0x000007FEF4250000-0x000007FEF4C3C000-memory.dmp
memory/2792-901-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2532-915-0x00000000013C0000-0x00000000013CA000-memory.dmp
memory/2532-916-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
memory/2532-920-0x000007FEF3860000-0x000007FEF424C000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win10v2004-20240226-en
Max time kernel
147s
Max time network
155s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:39
Platform
win7-20240221-en
Max time kernel
118s
Max time network
132s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDEAC.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC71DCCF196AD442449D4720A0573BF1B.TMP"
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe
Network
Files
\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC71DCCF196AD442449D4720A0573BF1B.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
C:\Users\Admin\AppData\Local\Temp\RESDEAC.tmp
| MD5 | 74880ce1738add00fb680ce3599c53ca |
| SHA1 | 63b8827d46abf3a9c8d38a03bb117fe612a8564f |
| SHA256 | ffdfb62a547dec319ec1443ecaab2975ccf7970c613ae44073bc67c6a43ba340 |
| SHA512 | 475561e9b0db3b9361b36939ff3268b492f73c9d08752d0943e93d88d2dfbf4316f7c0f095a628aea24f4d766e4ccbba63e8dee7d3b906444553055d91bf5bbf |
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
| MD5 | e7b84e1ef4ea952e9d5a271e2bcdd66d |
| SHA1 | fe1875c3f747d6acd7808214a437fcf4fe57a2f8 |
| SHA256 | 66859df5e4468c9450f898d04de0302a44c0de2ef7817bf04ade132718fe7abb |
| SHA512 | a5a0fa1021819b5fc5c56021c012c878401b1bf5a9e5f672710228815bae47fea5a595d443f52af465f3e3c87b0c573a9ef4c6d54316f56dbcfda11790587bae |
memory/2332-8-0x0000000000BD0000-0x0000000000BDA000-memory.dmp
memory/2332-9-0x000007FEF6170000-0x000007FEF6B5C000-memory.dmp
memory/2332-10-0x000007FEF6170000-0x000007FEF6B5C000-memory.dmp
Analysis: behavioral30
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240221-en
Max time kernel
118s
Max time network
124s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2020 wrote to memory of 2360 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2020 wrote to memory of 2360 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2020 wrote to memory of 2360 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2020 -s 88
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240221-en
Max time kernel
118s
Max time network
125s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 224
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:39
Platform
win10v2004-20240226-en
Max time kernel
173s
Max time network
174s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa450946f8,0x7ffa45094708,0x7ffa45094718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12788872467214399116,7454101412066455125,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4668 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0764f5481d3c05f5d391a36463484b49 |
| SHA1 | 2c96194f04e768ac9d7134bc242808e4d8aeb149 |
| SHA256 | cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3 |
| SHA512 | a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224 |
\??\pipe\LOCAL\crashpad_2256_AEMEVHQVVSCWYYCN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e494d16e4b331d7fc483b3ae3b2e0973 |
| SHA1 | d13ca61b6404902b716f7b02f0070dec7f36edbf |
| SHA256 | a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165 |
| SHA512 | 016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 97f478e704124d0bb85416a9176ed693 |
| SHA1 | d20ed95033b1f329198a0045ece2d5ada4708bff |
| SHA256 | cb87d0a0efc315bc9407b43b3b62143c195679537ccb234243a13550c92918ea |
| SHA512 | fa063a21470a21fb97289153e26e3ef1656f9a2af10eb6dcc5f7acc0dc80cdf1870deca60b62d8732834d2a969b1c7deeb396b7288ba96724f438d6a61e19a3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4dc9ba6c17041b9846cf48a8b2c45c73 |
| SHA1 | 1364cd086a70926d04fda1d810ebf1939c629b1a |
| SHA256 | ea3996b03e78ad8869ac623937b0113bcfe3895438eeaa38761607d97694b9cd |
| SHA512 | 814083b072c878562895ba5585badc4e751832c72a89f85e54ed3f5be19bf6dc62dfc4338f2775281a4783666669fc20e92c8e6f3a7990e0eda2e97565c3001c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5bb958b905b6fe46d20a2d5741ce0ee8 |
| SHA1 | 1288526ba0dc3d32b45b57b56145acc83197a0fb |
| SHA256 | 065edc4b2670d5415dadb8104166c6e3a98f47382093c81aa4cd1944a5c840da |
| SHA512 | 35e5cb6dcacc8b17e557f404e6ce07f70e0b93c4d8d0a6005da01a2dcde4c5cb65638ca317c6096af300116062e950a4aaefaad54842957e7727a1b65127605e |
Analysis: behavioral16
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240221-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1908 wrote to memory of 2576 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1908 wrote to memory of 2576 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1908 wrote to memory of 2576 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1908 -s 88
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20240221-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-04-11 08:34
Reported
2024-04-11 08:38
Platform
win7-20231129-en
Max time kernel
117s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1