Overview
overview
10Static
static
109c1a052b4f...c5.exe
windows7-x64
99c1a052b4f...c5.exe
windows10-2004-x64
9$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Ghostbane.exe
windows7-x64
10Ghostbane.exe
windows10-2004-x64
10LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/...dex.js
windows7-x64
1resources/...dex.js
windows10-2004-x64
1resources/....2.bat
windows7-x64
7resources/....2.bat
windows10-2004-x64
7resources/elevate.exe
windows7-x64
1resources/elevate.exe
windows10-2004-x64
1swiftshade...GL.dll
windows7-x64
1swiftshade...GL.dll
windows10-2004-x64
1swiftshade...v2.dll
windows7-x64
1swiftshade...v2.dll
windows10-2004-x64
1vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...7z.dll
windows7-x64
3Analysis
-
max time kernel
139s -
max time network
165s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12-04-2024 01:26
Static task
static1
Behavioral task
behavioral1
Sample
9c1a052b4f6fbbe3c6437b3af2a3f93f2218b3c175073e7daeb6361f999a94c5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9c1a052b4f6fbbe3c6437b3af2a3f93f2218b3c175073e7daeb6361f999a94c5.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240319-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Ghostbane.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Ghostbane.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
LICENSES.chromium.html
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
LICENSES.chromium.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
ffmpeg.dll
Resource
win7-20240215-en
Behavioral task
behavioral13
Sample
ffmpeg.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral14
Sample
libEGL.dll
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
libEGL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
libGLESv2.dll
Resource
win7-20240220-en
Behavioral task
behavioral17
Sample
libGLESv2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/index.js
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/index.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
resources/elevate.exe
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
resources/elevate.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
swiftshader/libEGL.dll
Resource
win7-20240215-en
Behavioral task
behavioral25
Sample
swiftshader/libEGL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral26
Sample
swiftshader/libGLESv2.dll
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
swiftshader/libGLESv2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
vk_swiftshader.dll
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
vk_swiftshader.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral30
Sample
vulkan-1.dll
Resource
win7-20231129-en
Behavioral task
behavioral31
Sample
vulkan-1.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win7-20240221-en
General
-
Target
Ghostbane.exe
-
Size
133.4MB
-
MD5
21dcf914458e92f92928d52bd89470bf
-
SHA1
cfe743e325859af219cc91b3e375b9afed58a6a9
-
SHA256
c68227296b243230fa9cb2fc7a1d3eed54de34db04bf0a8fb6b7c04c77bf44c5
-
SHA512
c8ccfd2cbc84b227c89e95988c51ddec76d99dd7cb06460c01c999bbe65018cd51422d9a03efa327d7e31723e0745658e47da54950959ef4e4d8d8cc9e22272c
-
SSDEEP
1572864:42HVo9Ck+yOBBdJAVwlymAETslfp409t:G9Ctx3tu
Malware Config
Signatures
-
Detects executables referencing combination of virtualization drivers 1 IoCs
Processes:
resource yara_rule behavioral7/files/0x0030000000015d8c-6.dat INDICATOR_SUSPICIOUS_VM_Evasion_VirtDrvComb -
Enumerates VirtualBox registry keys 2 TTPs 5 IoCs
Processes:
Ghostbane.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest Ghostbane.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse Ghostbane.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService Ghostbane.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF Ghostbane.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo Ghostbane.exe -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
Processes:
Ghostbane.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Ghostbane.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ Ghostbane.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ Ghostbane.exe -
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
Processes:
Ghostbane.exedescription ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions Ghostbane.exe -
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
Processes:
Ghostbane.exedescription ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools Ghostbane.exe -
Checks BIOS information in registry 2 TTPs 3 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
Ghostbane.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Ghostbane.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Ghostbane.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate Ghostbane.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Ghostbane.exeGhostbane.exedescription ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\International\Geo\Nation Ghostbane.exe Key value queried \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\International\Geo\Nation Ghostbane.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
Ghostbane.exedescription ioc Process Key opened \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\SOFTWARE\Wine Ghostbane.exe -
Loads dropped DLL 3 IoCs
Processes:
Ghostbane.exepid Process 2492 Ghostbane.exe 2492 Ghostbane.exe 2492 Ghostbane.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
reg.exedescription ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe" reg.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 5 ipinfo.io 6 ipinfo.io -
Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs
Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.
Processes:
Ghostbane.exedescription ioc Process File opened (read-only) \??\VBoxMiniRdrDN Ghostbane.exe -
Detects videocard installed 1 TTPs 1 IoCs
Uses WMIC.exe to determine videocard installed.
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
Processes:
tasklist.exetasklist.exepid Process 2096 tasklist.exe 1556 tasklist.exe -
Suspicious behavior: CmdExeWriteProcessMemorySpam 3 IoCs
Processes:
csc.execsc.execsc.exepid Process 2552 csc.exe 2436 csc.exe 2588 csc.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
Ghostbane.exeGhostbane.exeGhostbane.exepid Process 2492 Ghostbane.exe 3004 Ghostbane.exe 2120 Ghostbane.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
WMIC.exetasklist.exeWMIC.exedescription pid Process Token: SeIncreaseQuotaPrivilege 2540 WMIC.exe Token: SeSecurityPrivilege 2540 WMIC.exe Token: SeTakeOwnershipPrivilege 2540 WMIC.exe Token: SeLoadDriverPrivilege 2540 WMIC.exe Token: SeSystemProfilePrivilege 2540 WMIC.exe Token: SeSystemtimePrivilege 2540 WMIC.exe Token: SeProfSingleProcessPrivilege 2540 WMIC.exe Token: SeIncBasePriorityPrivilege 2540 WMIC.exe Token: SeCreatePagefilePrivilege 2540 WMIC.exe Token: SeBackupPrivilege 2540 WMIC.exe Token: SeRestorePrivilege 2540 WMIC.exe Token: SeShutdownPrivilege 2540 WMIC.exe Token: SeDebugPrivilege 2540 WMIC.exe Token: SeSystemEnvironmentPrivilege 2540 WMIC.exe Token: SeRemoteShutdownPrivilege 2540 WMIC.exe Token: SeUndockPrivilege 2540 WMIC.exe Token: SeManageVolumePrivilege 2540 WMIC.exe Token: 33 2540 WMIC.exe Token: 34 2540 WMIC.exe Token: 35 2540 WMIC.exe Token: SeIncreaseQuotaPrivilege 2540 WMIC.exe Token: SeSecurityPrivilege 2540 WMIC.exe Token: SeTakeOwnershipPrivilege 2540 WMIC.exe Token: SeLoadDriverPrivilege 2540 WMIC.exe Token: SeSystemProfilePrivilege 2540 WMIC.exe Token: SeSystemtimePrivilege 2540 WMIC.exe Token: SeProfSingleProcessPrivilege 2540 WMIC.exe Token: SeIncBasePriorityPrivilege 2540 WMIC.exe Token: SeCreatePagefilePrivilege 2540 WMIC.exe Token: SeBackupPrivilege 2540 WMIC.exe Token: SeRestorePrivilege 2540 WMIC.exe Token: SeShutdownPrivilege 2540 WMIC.exe Token: SeDebugPrivilege 2540 WMIC.exe Token: SeSystemEnvironmentPrivilege 2540 WMIC.exe Token: SeRemoteShutdownPrivilege 2540 WMIC.exe Token: SeUndockPrivilege 2540 WMIC.exe Token: SeManageVolumePrivilege 2540 WMIC.exe Token: 33 2540 WMIC.exe Token: 34 2540 WMIC.exe Token: 35 2540 WMIC.exe Token: SeDebugPrivilege 2096 tasklist.exe Token: SeIncreaseQuotaPrivilege 3036 WMIC.exe Token: SeSecurityPrivilege 3036 WMIC.exe Token: SeTakeOwnershipPrivilege 3036 WMIC.exe Token: SeLoadDriverPrivilege 3036 WMIC.exe Token: SeSystemProfilePrivilege 3036 WMIC.exe Token: SeSystemtimePrivilege 3036 WMIC.exe Token: SeProfSingleProcessPrivilege 3036 WMIC.exe Token: SeIncBasePriorityPrivilege 3036 WMIC.exe Token: SeCreatePagefilePrivilege 3036 WMIC.exe Token: SeBackupPrivilege 3036 WMIC.exe Token: SeRestorePrivilege 3036 WMIC.exe Token: SeShutdownPrivilege 3036 WMIC.exe Token: SeDebugPrivilege 3036 WMIC.exe Token: SeSystemEnvironmentPrivilege 3036 WMIC.exe Token: SeRemoteShutdownPrivilege 3036 WMIC.exe Token: SeUndockPrivilege 3036 WMIC.exe Token: SeManageVolumePrivilege 3036 WMIC.exe Token: 33 3036 WMIC.exe Token: 34 3036 WMIC.exe Token: 35 3036 WMIC.exe Token: SeIncreaseQuotaPrivilege 3036 WMIC.exe Token: SeSecurityPrivilege 3036 WMIC.exe Token: SeTakeOwnershipPrivilege 3036 WMIC.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
Ghostbane.exepid Process 2492 Ghostbane.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Ghostbane.execmd.execmd.exedescription pid Process procid_target PID 2492 wrote to memory of 2668 2492 Ghostbane.exe 28 PID 2492 wrote to memory of 2668 2492 Ghostbane.exe 28 PID 2492 wrote to memory of 2668 2492 Ghostbane.exe 28 PID 2668 wrote to memory of 2540 2668 cmd.exe 30 PID 2668 wrote to memory of 2540 2668 cmd.exe 30 PID 2668 wrote to memory of 2540 2668 cmd.exe 30 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 2688 2492 Ghostbane.exe 31 PID 2492 wrote to memory of 3004 2492 Ghostbane.exe 32 PID 2492 wrote to memory of 3004 2492 Ghostbane.exe 32 PID 2492 wrote to memory of 3004 2492 Ghostbane.exe 32 PID 2492 wrote to memory of 2120 2492 Ghostbane.exe 33 PID 2492 wrote to memory of 2120 2492 Ghostbane.exe 33 PID 2492 wrote to memory of 2120 2492 Ghostbane.exe 33 PID 2492 wrote to memory of 1312 2492 Ghostbane.exe 35 PID 2492 wrote to memory of 1312 2492 Ghostbane.exe 35 PID 2492 wrote to memory of 1312 2492 Ghostbane.exe 35 PID 2492 wrote to memory of 844 2492 Ghostbane.exe 36 PID 2492 wrote to memory of 844 2492 Ghostbane.exe 36 PID 2492 wrote to memory of 844 2492 Ghostbane.exe 36 PID 2492 wrote to memory of 1272 2492 Ghostbane.exe 37 PID 2492 wrote to memory of 1272 2492 Ghostbane.exe 37 PID 2492 wrote to memory of 1272 2492 Ghostbane.exe 37 PID 1312 wrote to memory of 1864 1312 cmd.exe 41 PID 1312 wrote to memory of 1864 1312 cmd.exe 41
Processes
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"1⤵
- Enumerates VirtualBox registry keys
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Loads dropped DLL
- Checks for VirtualBox DLLs, possible anti-VM trick
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2492 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"2⤵
- Suspicious use of WriteProcessMemory
PID:2668 -
C:\Windows\System32\Wbem\WMIC.exewmic CsProduct Get UUID3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2540
-
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=gpu-process --field-trial-handle=996,18223505519922659402,161612540894844819,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1036 /prefetch:22⤵PID:2688
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=996,18223505519922659402,161612540894844819,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --mojo-platform-channel-handle=1288 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3004
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=996,18223505519922659402,161612540894844819,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1572 /prefetch:12⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:2120
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""2⤵
- Suspicious use of WriteProcessMemory
PID:1312 -
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"3⤵PID:1864
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"2⤵PID:844
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath3⤵PID:2256
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist"2⤵PID:1272
-
C:\Windows\system32\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2096
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"2⤵PID:2276
-
C:\Windows\System32\Wbem\WMIC.exewmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"2⤵PID:2248
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_VideoController get name3⤵
- Detects videocard installed
PID:1916
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"2⤵PID:1184
-
C:\Windows\system32\cmd.execmd /c chcp 650013⤵PID:2008
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:432
-
-
-
C:\Windows\system32\netsh.exenetsh wlan show profiles3⤵PID:2304
-
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=gpu-process --field-trial-handle=996,18223505519922659402,161612540894844819,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 /prefetch:22⤵PID:2160
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1n0gd4e.aeudj.jpg" "2⤵PID:2844
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2552 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC776.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC5D6F7217FD204877865DA758E4B1085.TMP"4⤵PID:1200
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"2⤵PID:872
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f3⤵
- Adds Run key to start application
PID:1592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "tasklist"2⤵PID:2848
-
C:\Windows\system32\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
PID:1556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-rsy1pl.22ojk.jpg" "2⤵PID:1892
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2436 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC778.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC526CEC1745AE4811854ADA77AAD04D.TMP"4⤵PID:1620
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=gpu-process --field-trial-handle=996,18223505519922659402,161612540894844819,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2408 /prefetch:22⤵PID:2512
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1aj8lkf.ciroi.jpg" "2⤵PID:1472
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2588 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC774.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC59DFE27AB1704E24A55C2756F512C2A3.TMP"4⤵PID:2388
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-rcxxs3.6z7o.jpg" "2⤵PID:2560
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:2808
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC777.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCDB4AEAB85A39417F9856A0DEC46B1E3A.TMP"4⤵PID:2432
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe"C:\Users\Admin\AppData\Local\Temp\Ghostbane.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=996,18223505519922659402,161612540894844819,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Ghostbane" --mojo-platform-channel-handle=1700 /prefetch:82⤵PID:1632
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-d19vbs.ohle9.jpg" "2⤵PID:2288
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:2276
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBA1B.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC24D5593AAC79419B96AF27D183D0F028.TMP"4⤵PID:2832
-
-
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-d19vbs.ohle9.jpg"3⤵PID:3208
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ds5kan.350bl.jpg" "2⤵PID:328
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:1796
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC775.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC6C984D123C634A0E8C9E1264E93EB86A.TMP"4⤵PID:1600
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1gr84zs.efspe.jpg" "2⤵PID:892
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:2296
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC779.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC69E4253FABE48DCA9D9C311EDD49B16.TMP"4⤵PID:2668
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-pjleoz.p9evq.jpg" "2⤵PID:332
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:820
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF3B2.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC7440698BDAED4151B2559583AFE63F.TMP"4⤵PID:1220
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1h9drcs.k17y.jpg" "2⤵PID:396
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:1380
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF19F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC42ED0218B3148EBAF15CC67B1BAAACF.TMP"4⤵PID:1812
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-vb2qsn.dy3bj.jpg" "2⤵PID:2308
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:844
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF789.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCBB227794F6AD44819F18719EF3F979C1.TMP"4⤵PID:2456
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-130p6rs.0dv5.jpg" "2⤵PID:1184
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:1864
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF45D.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC6CD4A23C615E41AA86E13F793B0CBE.TMP"4⤵PID:2220
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1b60a0c.35plf.jpg" "2⤵PID:1536
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:2860
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF788.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCBF8F1A46FC5E488791D81FB8C1DBEF8.TMP"4⤵PID:2520
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1oj11q7.xz4c.jpg" "2⤵PID:940
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:924
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF3A2.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC959BD40BB764DA7B3A9113584DAFDB4.TMP"4⤵PID:2664
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1rf8vn3.loblf.jpg" "2⤵PID:2024
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:1868
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2D86.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC1E03C699AFB147608C7AFF505862DF55.TMP"4⤵PID:3432
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-njqp5h.utgc.jpg" "2⤵PID:288
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:2744
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5D7B.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC9CC5ACC7BC6441A19360DD3F92C7CF5E.TMP"4⤵PID:4660
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-tqry5z.y2na.jpg" "2⤵PID:2968
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:2700
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2B54.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC23C0CFF4B2D745DA8FEB45CE2FB9B0.TMP"4⤵PID:3220
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-5q1lcn.lllnu.jpg" "2⤵PID:800
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:1688
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES22EC.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCE2A9E164B7B84E7EB75C18B1227DE257.TMP"4⤵PID:3776
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1dsb4ii.z2rjf.jpg" "2⤵PID:1680
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:1996
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3266.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC85E797E48F774E368D18D43219F811F1.TMP"4⤵PID:1220
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-gxt1rq.iqv1o.jpg" "2⤵PID:2548
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:2616
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5C63.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCF2729A4CBCBE4746881B4B32B874B961.TMP"4⤵PID:4596
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1dan43k.kaca.jpg" "2⤵PID:2848
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:2484
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES21F2.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCAADD3AD76B8E45E088ED5CDDEF185E3.TMP"4⤵PID:3768
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1y5pof5.zbb9j.jpg" "2⤵PID:1748
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:1704
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2C1F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC30787F04164CCB9D611AC55A59320.TMP"4⤵PID:3204
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-3hsadg.stu3g.jpg" "2⤵PID:2468
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-3hsadg.stu3g.jpg"3⤵PID:4052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1d9x30k.ppft.jpg" "2⤵PID:2732
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1d9x30k.ppft.jpg"3⤵PID:3076
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1uje1ly.mabtl.jpg" "2⤵PID:1764
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1uje1ly.mabtl.jpg"3⤵PID:3092
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-fybxlb.b8ivb.jpg" "2⤵PID:2164
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-fybxlb.b8ivb.jpg"3⤵PID:3120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ksdpv9.7por.jpg" "2⤵PID:1364
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ksdpv9.7por.jpg"3⤵PID:3108
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1v5u2a8.pdpi.jpg" "2⤵PID:1740
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1v5u2a8.pdpi.jpg"3⤵PID:3128
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ejsgly.nwzo5.jpg" "2⤵PID:680
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ejsgly.nwzo5.jpg"3⤵PID:3332
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1qrts1.fgl1l.jpg" "2⤵PID:896
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1qrts1.fgl1l.jpg"3⤵PID:2276
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-qe3u1n.awr2.jpg" "2⤵PID:2108
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-qe3u1n.awr2.jpg"3⤵PID:3300
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-jdyc9u.f2es.jpg" "2⤵PID:872
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-jdyc9u.f2es.jpg"3⤵PID:3184
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-156v1nm.kbiq.jpg" "2⤵PID:2440
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-156v1nm.kbiq.jpg"3⤵PID:3136
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1mvjq4s.7dd5.jpg" "2⤵PID:1488
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1mvjq4s.7dd5.jpg"3⤵PID:3192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1dedsyt.mezk.jpg" "2⤵PID:2944
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"3⤵PID:2660
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1FEF.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC638607BCE9704B018D67E4277F32BBCB.TMP"4⤵PID:3760
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1orqe7v.hmrx.jpg" "2⤵PID:1508
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1orqe7v.hmrx.jpg"3⤵PID:3844
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1r8rfh2.rjl4.jpg" "2⤵PID:1096
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1r8rfh2.rjl4.jpg"3⤵PID:3872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-10dnlh4.xesh.jpg" "2⤵PID:760
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-10dnlh4.xesh.jpg"3⤵PID:3828
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1glw2ij.ton4h.jpg" "2⤵PID:1592
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1glw2ij.ton4h.jpg"3⤵PID:3864
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-8ze3i6.t2tb.jpg" "2⤵PID:1476
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-8ze3i6.t2tb.jpg"3⤵PID:3292
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1behqi7.cumng.jpg" "2⤵PID:2924
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1behqi7.cumng.jpg"3⤵PID:3248
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1aecnks.44j5.jpg" "2⤵PID:2200
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1aecnks.44j5.jpg"3⤵PID:3916
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1dfuirk.id19.jpg" "2⤵PID:2204
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1dfuirk.id19.jpg"3⤵PID:3956
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-7rg6ji.v9wyl.jpg" "2⤵PID:1584
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-7rg6ji.v9wyl.jpg"3⤵PID:3948
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-pq66ej.v6v0j.jpg" "2⤵PID:1552
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-pq66ej.v6v0j.jpg"3⤵PID:3940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1cvnw8f.u72v.jpg" "2⤵PID:320
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1cvnw8f.u72v.jpg"3⤵PID:3924
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-29z0sq.aqh5q.jpg" "2⤵PID:3156
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-29z0sq.aqh5q.jpg"3⤵PID:3932
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-3c910p.6ifdv.jpg" "2⤵PID:3252
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-3c910p.6ifdv.jpg"3⤵PID:3260
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1rvcczp.3jt2.jpg" "2⤵PID:3356
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1rvcczp.3jt2.jpg"3⤵PID:3236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ybci04.5teoi.jpg" "2⤵PID:3448
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ybci04.5teoi.jpg"3⤵PID:3228
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-4sgfmi.qmoe5.jpg" "2⤵PID:3520
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-4sgfmi.qmoe5.jpg"3⤵PID:3244
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1mclab6.ab5ij.jpg" "2⤵PID:3624
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1mclab6.ab5ij.jpg"3⤵PID:3308
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-759k8m.kjjbe.jpg" "2⤵PID:3656
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-759k8m.kjjbe.jpg"3⤵PID:3340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-r43y39.e5ci.jpg" "2⤵PID:3664
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-r43y39.e5ci.jpg"3⤵PID:3816
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-qh279r.4jiv.jpg" "2⤵PID:3684
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-qh279r.4jiv.jpg"3⤵PID:2456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-r3ike7.xriac.jpg" "2⤵PID:3696
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-r3ike7.xriac.jpg"3⤵PID:3400
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1agenn8.crlx.jpg" "2⤵PID:3712
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1agenn8.crlx.jpg"3⤵PID:3404
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-b1w6gz.4w75k.jpg" "2⤵PID:3740
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-b1w6gz.4w75k.jpg"3⤵PID:3408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1hzkqkl.c9e3l.jpg" "2⤵PID:3784
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1hzkqkl.c9e3l.jpg"3⤵PID:3752
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-12exom7.f1kj.jpg" "2⤵PID:3792
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-12exom7.f1kj.jpg"3⤵PID:3428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1kclv60.x9eg.jpg" "2⤵PID:3820
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1kclv60.x9eg.jpg"3⤵PID:2996
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-29lwur.m2hjq.jpg" "2⤵PID:3856
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-29lwur.m2hjq.jpg"3⤵PID:3344
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-e33gmc.y3yvr.jpg" "2⤵PID:2080
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-e33gmc.y3yvr.jpg"3⤵PID:3536
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-wyupi1.hkins.jpg" "2⤵PID:1296
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-wyupi1.hkins.jpg"3⤵PID:2600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-gq6p69.q1c5c.jpg" "2⤵PID:3460
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-gq6p69.q1c5c.jpg"3⤵PID:4116
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1htkj6f.raj2.jpg" "2⤵PID:2668
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1htkj6f.raj2.jpg"3⤵PID:4216
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-15ecm36.1dif.jpg" "2⤵PID:1796
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-15ecm36.1dif.jpg"3⤵PID:4428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-a5ub4x.uvl8.jpg" "2⤵PID:2568
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-a5ub4x.uvl8.jpg"3⤵PID:4308
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1i4l4o6.038u.jpg" "2⤵PID:2540
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1i4l4o6.038u.jpg"3⤵PID:4300
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-9t6etm.vgwo.jpg" "2⤵PID:1708
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-9t6etm.vgwo.jpg"3⤵PID:4276
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-81nzei.diti.jpg" "2⤵PID:1520
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-81nzei.diti.jpg"3⤵PID:4316
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-2i429a.9bjg2.jpg" "2⤵PID:2248
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-2i429a.9bjg2.jpg"3⤵PID:4332
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-16m3di1.vd18.jpg" "2⤵PID:2000
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-16m3di1.vd18.jpg"3⤵PID:4324
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1uele68.j76n.jpg" "2⤵PID:2880
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1uele68.j76n.jpg"3⤵PID:4340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-sybdby.6sfz.jpg" "2⤵PID:4180
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-sybdby.6sfz.jpg"3⤵PID:4404
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1xoo0l5.c4joi.jpg" "2⤵PID:4236
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1xoo0l5.c4joi.jpg"3⤵PID:4460
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-u7ftvk.9qrj.jpg" "2⤵PID:4392
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-u7ftvk.9qrj.jpg"3⤵PID:4616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ukaqr8.q2z7.jpg" "2⤵PID:4500
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ukaqr8.q2z7.jpg"3⤵PID:4668
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-glcoz7.fq93.jpg" "2⤵PID:4548
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-glcoz7.fq93.jpg"3⤵PID:4632
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-l4twz8.idz0f.jpg" "2⤵PID:4692
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-l4twz8.idz0f.jpg"3⤵PID:4740
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1unp0cw.pqxs.jpg" "2⤵PID:4776
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1unp0cw.pqxs.jpg"3⤵PID:4844
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-wboqz6.6d0t.jpg" "2⤵PID:4876
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-wboqz6.6d0t.jpg"3⤵PID:4952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1hvjxce.4w3c.jpg" "2⤵PID:4916
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1hvjxce.4w3c.jpg"3⤵PID:1372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-16lv3hb.a1ca.jpg" "2⤵PID:4988
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-16lv3hb.a1ca.jpg"3⤵PID:3924
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-tiy6as.kstp.jpg" "2⤵PID:5012
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-tiy6as.kstp.jpg"3⤵PID:4164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1etasne.k8no.jpg" "2⤵PID:5028
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1etasne.k8no.jpg"3⤵PID:4400
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1o8klxl.n7hj.jpg" "2⤵PID:5048
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1o8klxl.n7hj.jpg"3⤵PID:1968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-yrizf.ilewwh.jpg" "2⤵PID:5088
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-yrizf.ilewwh.jpg"3⤵PID:844
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-qdahor.tt7g.jpg" "2⤵PID:5104
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-qdahor.tt7g.jpg"3⤵PID:2868
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-w89oi9.pv3a.jpg" "2⤵PID:636
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-w89oi9.pv3a.jpg"3⤵PID:2304
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ny87vr.dk0w.jpg" "2⤵PID:1792
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ny87vr.dk0w.jpg"3⤵PID:2272
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1olgzjh.qaqt.jpg" "2⤵PID:4100
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1olgzjh.qaqt.jpg"3⤵PID:4628
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-gtxw8u.pwxxb.jpg" "2⤵PID:4452
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-gtxw8u.pwxxb.jpg"3⤵PID:3132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-t007bx.ksc2o.jpg" "2⤵PID:1228
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-t007bx.ksc2o.jpg"3⤵PID:4764
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-136m6r7.61py.jpg" "2⤵PID:4444
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-136m6r7.61py.jpg"3⤵PID:4788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-19s4vpe.5v4t.jpg" "2⤵PID:924
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-19s4vpe.5v4t.jpg"3⤵PID:2592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1z0zfop.cr6x.jpg" "2⤵PID:4700
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1z0zfop.cr6x.jpg"3⤵PID:5452
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1tfmjxe.ok6b.jpg" "2⤵PID:2204
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1tfmjxe.ok6b.jpg"3⤵PID:4624
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1wumml5.3ebi.jpg" "2⤵PID:3480
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1wumml5.3ebi.jpg"3⤵PID:1108
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-b8nn1z.w54zf.jpg" "2⤵PID:1668
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-b8nn1z.w54zf.jpg"3⤵PID:3856
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-12v9aka.ehbw.jpg" "2⤵PID:3864
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-12v9aka.ehbw.jpg"3⤵PID:432
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-w0r0z4.vmjs9.jpg" "2⤵PID:3272
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-w0r0z4.vmjs9.jpg"3⤵PID:4944
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-hmh30i.xa4aj.jpg" "2⤵PID:4932
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-hmh30i.xa4aj.jpg"3⤵PID:3888
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-l12gpb.bq0qh.jpg" "2⤵PID:4864
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-l12gpb.bq0qh.jpg"3⤵PID:3552
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-f5yrgm.suex.jpg" "2⤵PID:5040
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-f5yrgm.suex.jpg"3⤵PID:296
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-hbstqf.4uiwq.jpg" "2⤵PID:4900
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-hbstqf.4uiwq.jpg"3⤵PID:396
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-10pw00q.3q7q.jpg" "2⤵PID:5068
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-10pw00q.3q7q.jpg"3⤵PID:4760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-10yj727.4xdm.jpg" "2⤵PID:2444
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-10yj727.4xdm.jpg"3⤵PID:4756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-40hezj.5ref6.jpg" "2⤵PID:1096
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-40hezj.5ref6.jpg"3⤵PID:1880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1l6ngqz.pegq.jpg" "2⤵PID:1064
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1l6ngqz.pegq.jpg"3⤵PID:1048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-evpnfw.mg5r.jpg" "2⤵PID:4212
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-evpnfw.mg5r.jpg"3⤵PID:2388
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-hk8ayy.w5uvo.jpg" "2⤵PID:3992
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-hk8ayy.w5uvo.jpg"3⤵PID:2268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ajehy3.mlt1k.jpg" "2⤵PID:584
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ajehy3.mlt1k.jpg"3⤵PID:3920
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1yd1vwr.swtv.jpg" "2⤵PID:3932
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1yd1vwr.swtv.jpg"3⤵PID:1596
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1vd387m.slcf.jpg" "2⤵PID:3532
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1vd387m.slcf.jpg"3⤵PID:3312
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-12ok7wp.fg1ll.jpg" "2⤵PID:4584
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-12ok7wp.fg1ll.jpg"3⤵PID:4812
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-zesah9.ho2w.jpg" "2⤵PID:1908
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-zesah9.ho2w.jpg"3⤵PID:5072
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-se5lpi.9n6q.jpg" "2⤵PID:3060
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-171xkhy.r9x4.jpg" "2⤵PID:988
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-171xkhy.r9x4.jpg"3⤵PID:5460
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1uj3rqe.ftea.jpg" "2⤵PID:3604
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1uj3rqe.ftea.jpg"3⤵PID:3292
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1qrjxgu.p2ef.jpg" "2⤵PID:3612
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1qrjxgu.p2ef.jpg"3⤵PID:3264
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-17hifqb.kca1l.jpg" "2⤵PID:3644
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ewu6c4.w3msf.jpg" "2⤵PID:2472
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ewu6c4.w3msf.jpg"3⤵PID:4288
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-lh7366.dgkap.jpg" "2⤵PID:3684
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-143javq.4z12.jpg" "2⤵PID:3112
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-143javq.4z12.jpg"3⤵PID:3360
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-v1fk9x.e7xji.jpg" "2⤵PID:4980
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-11sf65r.tg2q.jpg" "2⤵PID:3168
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-11sf65r.tg2q.jpg"3⤵PID:3912
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ypjfp2.wt77e.jpg" "2⤵PID:2168
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ypjfp2.wt77e.jpg"3⤵PID:3824
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1i4tmr1.di7fi.jpg" "2⤵PID:3528
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1tz07fs.jy9u.jpg" "2⤵PID:1876
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1tz07fs.jy9u.jpg"3⤵PID:5336
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-d52cck.0savs.jpg" "2⤵PID:4020
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-d52cck.0savs.jpg"3⤵PID:5344
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1fjxmgn.nwwk.jpg" "2⤵PID:3456
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1fjxmgn.nwwk.jpg"3⤵PID:5352
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-14b1ngw.o062.jpg" "2⤵PID:5132
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-14b1ngw.o062.jpg"3⤵PID:5360
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1671qw2.7i7k.jpg" "2⤵PID:5148
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1671qw2.7i7k.jpg"3⤵PID:5368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-yjqsq4.nwl4c.jpg" "2⤵PID:5268
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-yjqsq4.nwl4c.jpg"3⤵PID:4716
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-b62mca.mo9bk.jpg" "2⤵PID:5276
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1cyvqh6.hzh8.jpg" "2⤵PID:5476
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-9h4l85.7k8aq.jpg" "2⤵PID:5512
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-f4zioa.nxx7w.jpg" "2⤵PID:5532
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1kj1whr.66fe.jpg" "2⤵PID:5548
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-59why5.dzxpf.jpg" "2⤵PID:5568
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-cv6ktq.r3y46.jpg" "2⤵PID:5588
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1sym48.q42sj.jpg" "2⤵PID:5604
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-165xldr.bhn5g.jpg" "2⤵PID:5624
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ymfe1s.w1zg.jpg" "2⤵PID:5656
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1qvj09k.u21d.jpg" "2⤵PID:5676
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ywqg90.lkfhc.jpg" "2⤵PID:5692
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ywqg90.lkfhc.jpg"3⤵PID:4132
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-dtxw0u.5c9hu.jpg" "2⤵PID:5712
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-dtxw0u.5c9hu.jpg"3⤵PID:5324
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1hnpi0h.rjqr.jpg" "2⤵PID:3908
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-8exo5m.xh5gt.jpg" "2⤵PID:5496
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1a7g868.yyc7.jpg" "2⤵PID:4144
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-l0jsdq.54n2.jpg" "2⤵PID:3080
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ocaz17.8p6um.jpg" "2⤵PID:6644
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-ocaz17.8p6um.jpg"3⤵PID:3776
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-9eplgg.t7jrh.jpg" "2⤵PID:6652
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1ql0ant.o5yp.jpg" "2⤵PID:4616
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-pyofgl.b43d.jpg" "2⤵PID:4576
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-75dqoc.ozusy.jpg" "2⤵PID:2712
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-6lc04o.5nib3.jpg" "2⤵PID:6472
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-nle9k8.t1j1.jpg" "2⤵PID:6640
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-nle9k8.t1j1.jpg"3⤵PID:5528
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1houl9l.hjob.jpg" "2⤵PID:3300
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1houl9l.hjob.jpg"3⤵PID:4268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-fxo0ks.6b7t.jpg" "2⤵PID:2164
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-fxo0ks.6b7t.jpg"3⤵PID:604
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-u925gs.tq86.jpg" "2⤵PID:3784
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-u925gs.tq86.jpg"3⤵PID:1164
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1rqyb8k.b9uo.jpg" "2⤵PID:6400
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1rqyb8k.b9uo.jpg"3⤵PID:4820
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1sch6u7.d5m1.jpg" "2⤵PID:4412
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1sch6u7.d5m1.jpg"3⤵PID:4544
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-suj9ho.mwhm.jpg" "2⤵PID:1156
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-suj9ho.mwhm.jpg"3⤵PID:4824
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1lk64s.nempb.jpg" "2⤵PID:4332
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1lk64s.nempb.jpg"3⤵PID:2652
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-qqgiyt.rcxdb.jpg" "2⤵PID:2976
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-vj3609.gjjx.jpg" "2⤵PID:2428
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1xplt5l.9trh.jpg" "2⤵PID:2332
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-m6k89c.qvzpc.jpg" "2⤵PID:2080
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-c0833m.3en4.jpg" "2⤵PID:7352
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024312-2492-lyx5jz.ntw17.jpg" "2⤵PID:7368
-
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-1c0i2fk.zppek.jpg"1⤵PID:4376
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-rsh9gb.cxq0r.jpg"1⤵PID:6200
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-12qldp.svy6j.jpg"1⤵PID:3760
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-9muoxa.6yl7.jpg"1⤵PID:6292
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-17wj6pc.2w1u.jpg"1⤵PID:3988
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-zdlxwe.ejx6n.jpg"1⤵PID:6964
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-11fv76a.xdpk.jpg"1⤵PID:6744
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-omqmkv.4qwg8.jpg"1⤵PID:4236
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-tnjbny.g7z8.jpg"1⤵PID:6920
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-otch8h.8k2f.jpg"1⤵PID:4488
-
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exescreenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024312-2492-3qk8zj.rd9il.jpg"1⤵PID:5824
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD5e0a3f6c161cfb321d6586a8856a7b2c6
SHA1c1e686b34205dff903a8e4be1beca8f05fcfe536
SHA256a9b602cb6fef293791b61a09b910809377766775064dcc6b43bdfe91cd0bf8c1
SHA5123a4536b8c5a614942c0c5f473272820a13ee438eeb0dcc72fcfd5a2cd14b395209cc9f2297ddcd9966f2c2ab8771e669e1b966651f71d98bf33513f8558d52de
-
Filesize
1KB
MD58e4794231d1dd67ce5341edc68a739d6
SHA15f5c7679e006b6625f2a4b219cd5d4c496e72054
SHA2560275bfe9424de4f034e0dac4cc3f0269696e5b7d2fb16681ea77af5f92734a88
SHA512079ad8bb9c490b9bc1e4fe56f80a78b9e82fbf564df7241dc75028b482370d284d75abcc977d27c24cdd0eb6cff728e5200f52428063a239a7880b5bccb6f09d
-
Filesize
1KB
MD5dd19e97db626e711cac9913e34913340
SHA1ad5fca917c5179e5e81776894d612d5051882af5
SHA256efb6e6662ad19e6a94f3398b0dc13212ffaddbe617698985c0ca29e391a80dfe
SHA5124e0355028ec99190259bd3568ebde677dbbecbfcdffeba44c8ddba7fac43014daf80bf5eb696e0e2b8ce1a475c1f3daccd0839745bd4494d94b8b131d1474455
-
Filesize
1KB
MD5a679f930ae4031b632d2648d550e000b
SHA1865686073adfe4ae0635f17694c69eff30534325
SHA256b40d0144ad533e8e01261a642d16a8bb5de303bc270ec702fccde075b7dc6c4a
SHA512de011e27fc47135f89d29f6128bbd6005fc37614e3e95471b45e21762c993f71cfbc4641052b5750c0ff0d0699bcd6732e9379a43d5f8dff11473d4699db4527
-
Filesize
1KB
MD56d30676b93be639f4b03a7022e55d901
SHA1083d17f8c817430a18e97b1c77780c13cd2017cf
SHA25634e83484fc4dab72bdfb715b80326e639c0e93b93a86d81035fcf0728d74b8eb
SHA512e7682ad39ca6bac9f8c529bdf4effc5fe80fd3ee1e3c4ed0d64195eaac8716e4715d7b640d28caf89656e177d4b147c0851c6d477cf2efa92ac5ae9a1079580e
-
Filesize
1KB
MD5a8f126697da79e8b2f77639259bbc719
SHA11285b8805f18eb22784deb2faba5da96b98770a4
SHA256d84dcd6080055610a83c2e1a485ab0fb467a2bfbddc3bcedcd7253931a73f29b
SHA512c5622b93a89f63708a56c81ce70f89747a993ca8c52309bd19f9db34e130235d19d8341540d16997b830594c62f772c34ea23d0af6357cd21d23197b33f6859c
-
Filesize
1KB
MD5a72f21f06f9323d85fb958c82678c25f
SHA1eacc91fbf4ea4c58af3a6f6f930e0698de318124
SHA2568c293da88ed3afe812723fe3cd55bdc4ebcf68bdf819c8cccff5ffb662c56114
SHA5125dfb53aaddffdc09e6acbc8d38b357088a592cdf969ebf036d532db914c373cd52134d2a046c42111e0cec3e671fc7489b5c36a3d33238dff146d5d72efd539e
-
Filesize
240B
MD5810ae82f863a5ffae14d3b3944252a4e
SHA15393e27113753191436b14f0cafa8acabcfe6b2a
SHA256453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c
SHA5122421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112
-
Filesize
231B
MD5dec2be4f1ec3592cea668aa279e7cc9b
SHA1327cf8ab0c895e10674e00ea7f437784bb11d718
SHA256753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc
SHA51281728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66
-
Filesize
1KB
MD5a6f2d21624678f54a2abed46e9f3ab17
SHA1a2a6f07684c79719007d434cbd1cd2164565734a
SHA256ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344
SHA5120b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676
-
Filesize
13KB
MD5da0f40d84d72ae3e9324ad9a040a2e58
SHA14ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA51230b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9
-
Filesize
12KB
MD5c4c5118116860e39a2f3e5e67073f07c
SHA1d9d4e88931832f7e64f9efc462272a7f1677d4da
SHA25658feb3e1cee0756fcdb1a3daec78c1ab7660794ff1aca761c5d01a17527bf934
SHA5124170875439788c089b290401eebf43ca988578aa187ada140d63cd82229039c275ce1e1a2c028cb21f103c152503fc57c35b16b6d629bc0a6c0a0f7a07b1834c
-
Filesize
350B
MD58951565428aa6644f1505edb592ab38f
SHA19c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA2568814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA5127577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5
-
Filesize
2.7MB
MD5d4e6004197508892d18fc47645b25f62
SHA11afceda2531e593c00de7ab994f928a150de5b4d
SHA256dc29d32decbd161ea4ff1e645d3fdf7a1ce3db0ee25e5485bc19fc775922b71c
SHA5120be017eaba3764eb9f38e78248528a9e025958e713a8eb4a8f9b03d087267e107ceef8525a4ecfcbb684b077145fb0161e5dbe05f9fd95f8f94a140fe3ceb8a4
-
Filesize
163KB
MD5f1e751eb4dbfa4a1b5f4903315fc535a
SHA185e1166819678f839954c473d7eb363a99e24a96
SHA256b8c24de2fa870ceb677f30da0eabdf20745d0a9ebed98f49c52d881383c75096
SHA5122349745a84bc2b2f9c2b96999d48e37242a6c3627d7898cd9a36e682e36ec12553713db7167b3a9cd20ec308ce11d84f09f06beb3e971823d8b4a959f457b182
-
Filesize
652KB
MD5e4c111d47eb54b62dab8cb12540b9e39
SHA109be3e7d9eec1853dc628c8c3b90e7b670921029
SHA256a05338fe1e0eb08230717ad2f3587a5c1cb4bd10a673c40a3059f70ae0e7e6b1
SHA512f9ec1e62c08425382b48320d2fb1a7fa412dea84825cc49b0297d5c6cfdcb80f32c54de28ac59e7a4c7557ae9900a8d3860fc7d23e486bcc28e603787d9f0f79