epsilon | 85c79154a095574cbcba3c202050244f92768fd92837340f208472b50938f8d2

Analysis

max time kernel
1277s
max time network
1594s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
15/04/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

amazing-game.html
Size

21KB
MD5

5c43ff6d41b101f650e5a7f08f3cc6fd
SHA1

987423c597ac8f56c8b48352a70aca956d386f52
SHA256

85c79154a095574cbcba3c202050244f92768fd92837340f208472b50938f8d2
SHA512

7f0488771680d3fee1111fbed0f50c880c3d1d2995be52fd09a8ae714d61d58aba40af9f6484aa29625e20e661f3004a29cdb8691fc08488ae2fb05da415d83c
SSDEEP

384:bHc1Krf2+iD57im8RY0kufRZdldjiQi6K8XhDJNSJBfnW2KoA52T/dCdlONpRZdc:bHc1Krf2+iD5ObeGKs5JoJZyoA52T/do

Score

10^/10

epsilon discovery evasion persistence spyware stealer

Malware Config

Signatures

Epsilon Stealer
Information stealer.
stealer epsilon

Enumerates VirtualBox registry keys 2 TTPs 5 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo	UnityLibraryLinker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest	UnityLibraryLinker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse	UnityLibraryLinker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService	UnityLibraryLinker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF	UnityLibraryLinker.exe

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	UnityLibraryLinker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__	UnityLibraryLinker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__	UnityLibraryLinker.exe

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions	UnityLibraryLinker.exe

Downloads MZ/PE file

Looks for VMWare Tools registry key 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools	UnityLibraryLinker.exe

Checks BIOS information in registry 2 TTPs 3 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	UnityLibraryLinker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	UnityLibraryLinker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	UnityLibraryLinker.exe

Executes dropped EXE 31 IoCs

pid	Process
1664	DiscordSetup.exe
2592	Update.exe
1996	Discord.exe
1948	Discord.exe
3412	Update.exe
424	Discord.exe
1172	Discord.exe
2080	Update.exe
4864	UnityLibraryLinker.exe
3920	UnityLibraryLinker.exe
1172	UnityLibraryLinker.exe
864	UnityLibraryLinker.exe
1580	UnityLibraryLinker.exe
1992	Discord.exe
2512	Discord.exe
2944	Discord.exe
4932	Discord.exe
2316	Discord.exe
2508	Discord.exe
2784	UnityLibraryLinker.exe
5352	screenCapture_1.3.2.exe
5416	screenCapture_1.3.2.exe
3624	screenCapture_1.3.2.exe
5536	screenCapture_1.3.2.exe
4560	screenCapture_1.3.2.exe
3524	screenCapture_1.3.2.exe
1176	screenCapture_1.3.2.exe
4904	screenCapture_1.3.2.exe
3552	screenCapture_1.3.2.exe
6288	Discord.exe
7424	Discord.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000\SOFTWARE\Wine	UnityLibraryLinker.exe

Loads dropped DLL 37 IoCs

pid	Process
1996	Discord.exe
1948	Discord.exe
1172	Discord.exe
424	Discord.exe
424	Discord.exe
424	Discord.exe
424	Discord.exe
424	Discord.exe
4864	UnityLibraryLinker.exe
4864	UnityLibraryLinker.exe
4864	UnityLibraryLinker.exe
3920	UnityLibraryLinker.exe
3920	UnityLibraryLinker.exe
3920	UnityLibraryLinker.exe
864	UnityLibraryLinker.exe
1172	UnityLibraryLinker.exe
1172	UnityLibraryLinker.exe
1172	UnityLibraryLinker.exe
1172	UnityLibraryLinker.exe
1580	UnityLibraryLinker.exe
3920	UnityLibraryLinker.exe
1992	Discord.exe
2512	Discord.exe
1992	Discord.exe
2944	Discord.exe
4932	Discord.exe
2944	Discord.exe
2944	Discord.exe
2944	Discord.exe
2944	Discord.exe
2316	Discord.exe
2508	Discord.exe
2316	Discord.exe
2316	Discord.exe
2784	UnityLibraryLinker.exe
6288	Discord.exe
7424	Discord.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsUpdater.exe"	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
18	discord.com
59	discord.com
309	discord.com
680	discord.com
684	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
102	ipinfo.io
103	ipinfo.io

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	UnityLibraryLinker.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	Discord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
1448	WMIC.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery

T1057

pid	Process
3624	tasklist.exe
2424	tasklist.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
1912	taskkill.exe
3444	taskkill.exe
4216	taskkill.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9041\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9041\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\shell\open\command	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\shell\open	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9041\\Discord.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9041\\Discord.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\URL Protocol	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-8492748-3358837828-1435473090-1000_Classes\Discord\URL Protocol	reg.exe

Modifies registry key 1 TTPs 9 IoCs

Modify Registry

T1112

pid	Process
4768	reg.exe
3860	reg.exe
3552	reg.exe
4760	reg.exe
4912	reg.exe
2740	reg.exe
3132	reg.exe
4688	reg.exe
2936	reg.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\AmazingGame.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 745605.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2660	Winword.exe
2660	Winword.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
244	msedge.exe
244	msedge.exe
2084	identity_helper.exe
2084	identity_helper.exe
2112	msedge.exe
2112	msedge.exe
3032	msedge.exe
3032	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3528	msedge.exe
3528	msedge.exe
1996	Discord.exe
1996	Discord.exe
1996	Discord.exe
1996	Discord.exe
1996	Discord.exe
1996	Discord.exe
1996	Discord.exe
1996	Discord.exe
1996	Discord.exe
1996	Discord.exe
3920	UnityLibraryLinker.exe
3920	UnityLibraryLinker.exe
864	UnityLibraryLinker.exe
864	UnityLibraryLinker.exe
1580	UnityLibraryLinker.exe
1580	UnityLibraryLinker.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
2316	Discord.exe
2316	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
7424	Discord.exe
7424	Discord.exe
7424	Discord.exe
7424	Discord.exe
7424	Discord.exe
7424	Discord.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4680	OpenWith.exe
3352	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1996	Discord.exe
Token: SeCreatePagefilePrivilege	1996	Discord.exe
Token: SeShutdownPrivilege	1996	Discord.exe
Token: SeCreatePagefilePrivilege	1996	Discord.exe
Token: 33	1632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1632	AUDIODG.EXE
Token: SeSecurityPrivilege	4864	UnityLibraryLinker.exe
Token: SeShutdownPrivilege	3920	UnityLibraryLinker.exe
Token: SeCreatePagefilePrivilege	3920	UnityLibraryLinker.exe
Token: SeIncreaseQuotaPrivilege	4960	WMIC.exe
Token: SeSecurityPrivilege	4960	WMIC.exe
Token: SeTakeOwnershipPrivilege	4960	WMIC.exe
Token: SeLoadDriverPrivilege	4960	WMIC.exe
Token: SeSystemProfilePrivilege	4960	WMIC.exe
Token: SeSystemtimePrivilege	4960	WMIC.exe
Token: SeProfSingleProcessPrivilege	4960	WMIC.exe
Token: SeIncBasePriorityPrivilege	4960	WMIC.exe
Token: SeCreatePagefilePrivilege	4960	WMIC.exe
Token: SeBackupPrivilege	4960	WMIC.exe
Token: SeRestorePrivilege	4960	WMIC.exe
Token: SeShutdownPrivilege	4960	WMIC.exe
Token: SeDebugPrivilege	4960	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4960	WMIC.exe
Token: SeRemoteShutdownPrivilege	4960	WMIC.exe
Token: SeUndockPrivilege	4960	WMIC.exe
Token: SeManageVolumePrivilege	4960	WMIC.exe
Token: 33	4960	WMIC.exe
Token: 34	4960	WMIC.exe
Token: 35	4960	WMIC.exe
Token: 36	4960	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4960	WMIC.exe
Token: SeSecurityPrivilege	4960	WMIC.exe
Token: SeTakeOwnershipPrivilege	4960	WMIC.exe
Token: SeLoadDriverPrivilege	4960	WMIC.exe
Token: SeSystemProfilePrivilege	4960	WMIC.exe
Token: SeSystemtimePrivilege	4960	WMIC.exe
Token: SeProfSingleProcessPrivilege	4960	WMIC.exe
Token: SeIncBasePriorityPrivilege	4960	WMIC.exe
Token: SeCreatePagefilePrivilege	4960	WMIC.exe
Token: SeBackupPrivilege	4960	WMIC.exe
Token: SeRestorePrivilege	4960	WMIC.exe
Token: SeShutdownPrivilege	4960	WMIC.exe
Token: SeDebugPrivilege	4960	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4960	WMIC.exe
Token: SeRemoteShutdownPrivilege	4960	WMIC.exe
Token: SeUndockPrivilege	4960	WMIC.exe
Token: SeManageVolumePrivilege	4960	WMIC.exe
Token: 33	4960	WMIC.exe
Token: 34	4960	WMIC.exe
Token: 35	4960	WMIC.exe
Token: 36	4960	WMIC.exe
Token: SeShutdownPrivilege	3920	UnityLibraryLinker.exe
Token: SeCreatePagefilePrivilege	3920	UnityLibraryLinker.exe
Token: SeDebugPrivilege	1912	taskkill.exe
Token: SeDebugPrivilege	2424	tasklist.exe
Token: SeShutdownPrivilege	3920	UnityLibraryLinker.exe
Token: SeCreatePagefilePrivilege	3920	UnityLibraryLinker.exe
Token: SeDebugPrivilege	3444	taskkill.exe
Token: SeDebugPrivilege	4216	taskkill.exe
Token: SeDebugPrivilege	2592	Update.exe
Token: SeIncreaseQuotaPrivilege	2404	WMIC.exe
Token: SeSecurityPrivilege	2404	WMIC.exe
Token: SeTakeOwnershipPrivilege	2404	WMIC.exe
Token: SeLoadDriverPrivilege	2404	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe

Suspicious use of SendNotifyMessage 23 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe
1992	Discord.exe

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
4680	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
3352	OpenWith.exe
2660	Winword.exe
2660	Winword.exe
2660	Winword.exe
2660	Winword.exe
2660	Winword.exe
2660	Winword.exe
436	AmazingGame.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 244 wrote to memory of 872	244	msedge.exe	81
PID 244 wrote to memory of 872	244	msedge.exe	81
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1992	244	msedge.exe	82
PID 244 wrote to memory of 1184	244	msedge.exe	83
PID 244 wrote to memory of 1184	244	msedge.exe	83
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84
PID 244 wrote to memory of 1860	244	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\amazing-game.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffadda33cb8,0x7ffadda33cc8,0x7ffadda33cd8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2100 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6972 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,3085011998015941688,1523515785677467232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3528
- C:\Users\Admin\Downloads\DiscordSetup.exe
  "C:\Users\Admin\Downloads\DiscordSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:1664
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2592
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --squirrel-install 1.0.9041
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1996
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9041 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x550,0x55c,0x560,0x558,0x564,0x892900c,0x8929018,0x8929024
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Discord\Update.exe
        
        C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
        5⤵
        Executes dropped EXE
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1932 --field-trial-handle=1936,i,11329697388922335150,10390223694053757357,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:424
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2352 --field-trial-handle=1936,i,11329697388922335150,10390223694053757357,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1172
    - - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
        5⤵
        Adds Run key to start application
        Modifies registry key
        
        PID:4912
    - - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:2740
    - - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:3132
    - - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe\",-1" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:4768
    - - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe\" --url -- \"%1\"" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:3860
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --squirrel-firstrun
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SendNotifyMessage
      PID:1992
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9041 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x54c,0x550,0x554,0x548,0x558,0x892900c,0x8929018,0x8929024
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2088 --field-trial-handle=2092,i,2052315387475448867,9084143886120336290,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=2756 --field-trial-handle=2092,i,2052315387475448867,9084143886120336290,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4932
    - - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3084 --field-trial-handle=2092,i,2052315387475448867,9084143886120336290,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=2092,i,2052315387475448867,9084143886120336290,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2508
    - - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:3552
    - - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe\",-1" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:2936
    - - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe\" --url -- \"%1\"" /f
        5⤵
        Modifies registry class
        Modifies registry key
        
        PID:4760
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "chcp"
        5⤵
        
        PID:7904
      - C:\Windows\SysWOW64\chcp.com
        
        chcp
        6⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=2092,i,2052315387475448867,9084143886120336290,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --enable-node-leakage-in-renderers /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3952 --field-trial-handle=2092,i,2052315387475448867,9084143886120336290,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --enable-node-leakage-in-renderers /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe
        
        "\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe" nvidia
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe
        
        "\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe" amd
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe
        
        "\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe" intel
        6⤵
        
        PID:7676
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c ""C:\Windows/System32/nvidia-smi.exe""
        6⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4028 --field-trial-handle=2092,i,2052315387475448867,9084143886120336290,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4132 --field-trial-handle=2092,i,2052315387475448867,9084143886120336290,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
        5⤵
        
        PID:4692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discordapp.com/handoff?rpc=6463&key=04f21a1a-f118-4767-9acb-ccb458febf24
        5⤵
        
        PID:6336
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0xfc,0x138,0x7ffadda33cb8,0x7ffadda33cc8,0x7ffadda33cd8
        6⤵
        
        PID:4764
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,13462690054605301059,3459641500224928391,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2036 /prefetch:2
        6⤵
        
        PID:7520
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,13462690054605301059,3459641500224928391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
        6⤵
        
        PID:7204
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,13462690054605301059,3459641500224928391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
        6⤵
        
        PID:6080
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13462690054605301059,3459641500224928391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
        6⤵
        
        PID:6272
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13462690054605301059,3459641500224928391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
        6⤵
        
        PID:7568
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,13462690054605301059,3459641500224928391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
        6⤵
        
        PID:5484
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,13462690054605301059,3459641500224928391,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4740 /prefetch:8
        6⤵
        
        PID:6588
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2024,13462690054605301059,3459641500224928391,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3636 /prefetch:8
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2928 --field-trial-handle=2092,i,2052315387475448867,9084143886120336290,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
        5⤵
        
        PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:864

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2504

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4680

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3352
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Discord\SquirrelSetup.log"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:2660

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe"
1⤵
- Executes dropped EXE
PID:2080

C:\Users\Admin\Downloads\AmazingGame\AmazingGame.exe
"C:\Users\Admin\Downloads\AmazingGame\AmazingGame.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:436
- C:\Users\Admin\Downloads\AmazingGame\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\AmazingGame\UnityCrashHandler64.exe" --attach 436 2536627703808
  2⤵
  PID:4820
- - C:\Users\Admin\Downloads\AmazingGame\UnityCrashHandler64.exe
    "C:\Users\Admin\Downloads\AmazingGame\UnityCrashHandler64.exe" "436" "2536627703808"
    3⤵
    PID:5104
- C:\Users\Admin\AppData\Local\Temp\UnityLibraryLinker.exe
  "C:\Users\Admin\AppData\Local\Temp\UnityLibraryLinker.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:4864
- - C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
    C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
    3⤵
    - Enumerates VirtualBox registry keys
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Looks for VirtualBox Guest Additions in registry
    - Looks for VMWare Tools registry key
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Loads dropped DLL
    - Checks for VirtualBox DLLs, possible anti-VM trick
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3920
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
      4⤵
      PID:2876
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic CsProduct Get UUID
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
      "C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\UnityLibraryLinker" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1820,10558349433459866857,890604160707821130,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
      "C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\UnityLibraryLinker" --mojo-platform-channel-handle=1936 --field-trial-handle=1820,10558349433459866857,890604160707821130,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:864
  - - C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
      "C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\UnityLibraryLinker" --app-path="C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2356 --field-trial-handle=1820,10558349433459866857,890604160707821130,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1580
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
      4⤵
      PID:3504
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /IM chrome.exe /F
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:1912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
      4⤵
      PID:2948
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
        5⤵
        
        PID:4692
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
      4⤵
      PID:3680
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
        5⤵
        
        PID:2076
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
      4⤵
      PID:3432
    - - C:\Windows\system32\tasklist.exe
        
        tasklist
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2424
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM DiscordSetup.exe /F"
      4⤵
      PID:4088
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /IM DiscordSetup.exe /F
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3444
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Discord.exe /F"
      4⤵
      PID:4416
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /IM Discord.exe /F
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4216
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\DiscordSetup\Update.exe --processStart DiscordSetup.exe"
      4⤵
      PID:4640
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
      4⤵
      PID:4632
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2404
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
      4⤵
      PID:908
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        5⤵
        Detects videocard installed
        
        PID:1448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
      4⤵
      PID:4784
    - - C:\Windows\system32\cmd.exe
        
        cmd /c chcp 65001
        5⤵
        
        PID:4640
      - C:\Windows\system32\chcp.com
        
        chcp 65001
        6⤵
        
        PID:2412
    - - C:\Windows\system32\netsh.exe
        
        netsh wlan show profiles
        5⤵
        
        PID:756
  - - C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
      "C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\UnityLibraryLinker" --mojo-platform-channel-handle=2868 --field-trial-handle=1820,10558349433459866857,890604160707821130,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2784
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f"
      4⤵
      PID:4624
    - - C:\Windows\system32\reg.exe
        
        C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsUpdater /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsUpdater.exe /f
        5⤵
        Adds Run key to start application
        
        PID:1664
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
      4⤵
      PID:1448
    - - C:\Windows\system32\tasklist.exe
        
        tasklist
        5⤵
        Enumerates processes with tasklist
        
        PID:3624
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-cioa87.goosg.jpg" "
      4⤵
      PID:4576
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
        5⤵
        
        PID:3144
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES13C5.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC235B0DE030E9446CBB53BFE888DE044.TMP"
        6⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-cioa87.goosg.jpg"
        5⤵
        Executes dropped EXE
        
        PID:1176
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1r91w29.pge8.jpg" "
      4⤵
      PID:756
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
        5⤵
        
        PID:3432
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2113.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC82319C31F9E54A09B456886AAC7BF4.TMP"
        6⤵
        
        PID:5240
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ea31to.8r0m.jpg" "
      4⤵
      PID:5004
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
        5⤵
        
        PID:7944
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1AAB.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC932E39192C44644B2DECC68B543BA51.TMP"
        6⤵
        
        PID:5252
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-188t128.wtvv.jpg" "
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-188t128.wtvv.jpg"
        5⤵
        Executes dropped EXE
        
        PID:4904
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-j0jj6a.319f.jpg" "
      4⤵
      PID:7612
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
        5⤵
        
        PID:8132
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2E52.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCEA73D85018274738A6BCD7B78447FD.TMP"
        6⤵
        
        PID:7200
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1004iid.hyhzf.jpg" "
      4⤵
      PID:7656
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
        5⤵
        
        PID:7928
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES175F.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCFC96FB7EC1BA47C38750EA585E31F9.TMP"
        6⤵
        
        PID:1016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-83d3u9.rdxms.jpg" "
      4⤵
      PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-83d3u9.rdxms.jpg"
        5⤵
        Executes dropped EXE
        
        PID:3624
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15if2tv.wx5jl.jpg" "
      4⤵
      PID:7892
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
        5⤵
        
        PID:1212
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2D58.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSC6B00430D274040618FC9E7F4921BEB82.TMP"
        6⤵
        
        PID:7248
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-hy8uc1.1mv2.jpg" "
      4⤵
      PID:7960
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
        5⤵
        
        PID:5228
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FAA.tmp" "c:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC94CEC682C68483CA79553DD9E03F37.TMP"
        6⤵
        
        PID:5656
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-t9ky9l.ns4un.jpg" "
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-t9ky9l.ns4un.jpg"
        5⤵
        Executes dropped EXE
        
        PID:5352
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-169rzhg.50yn.jpg" "
      4⤵
      PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-169rzhg.50yn.jpg"
        5⤵
        Executes dropped EXE
        
        PID:3524
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wgla8c.qlo1g.jpg" "
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wgla8c.qlo1g.jpg"
        5⤵
        Executes dropped EXE
        
        PID:5416
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6xtrl8.atep8.jpg" "
      4⤵
      PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6xtrl8.atep8.jpg"
        5⤵
        Executes dropped EXE
        
        PID:3552
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1smpte3.4n0x.jpg" "
      4⤵
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1smpte3.4n0x.jpg"
        5⤵
        
        PID:7132
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-krvq7r.ebee.jpg" "
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-krvq7r.ebee.jpg"
        5⤵
        Executes dropped EXE
        
        PID:4560
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1vt9igd.ofzy.jpg" "
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1vt9igd.ofzy.jpg"
        5⤵
        Executes dropped EXE
        
        PID:5536
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-crqcki.hxdg6.jpg" "
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-crqcki.hxdg6.jpg"
        5⤵
        
        PID:6672
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1f0vie4.1oai.jpg" "
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1f0vie4.1oai.jpg"
        5⤵
        
        PID:3088
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1839ibz.1dhfj.jpg" "
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1839ibz.1dhfj.jpg"
        5⤵
        
        PID:5512
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-k4p1ac.4he7.jpg" "
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-k4p1ac.4he7.jpg"
        5⤵
        
        PID:6868
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1kvjz92.67aq.jpg" "
      4⤵
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1kvjz92.67aq.jpg"
        5⤵
        
        PID:6792
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-v590x5.dxv1l.jpg" "
      4⤵
      PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-v590x5.dxv1l.jpg"
        5⤵
        
        PID:6844
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-binvhn.hzmqo.jpg" "
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-binvhn.hzmqo.jpg"
        5⤵
        
        PID:6208
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-vjio9d.unvpl.jpg" "
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-vjio9d.unvpl.jpg"
        5⤵
        
        PID:1896
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-cabnc9.sgi9k.jpg" "
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-cabnc9.sgi9k.jpg"
        5⤵
        
        PID:6084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1infq5v.4u2w.jpg" "
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1infq5v.4u2w.jpg"
        5⤵
        
        PID:6712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ob26w4.suwv.jpg" "
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ob26w4.suwv.jpg"
        5⤵
        
        PID:5148
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ca7ko4.udc1d.jpg" "
      4⤵
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ca7ko4.udc1d.jpg"
        5⤵
        
        PID:7108
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1yjrj13.qwmd.jpg" "
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1yjrj13.qwmd.jpg"
        5⤵
        
        PID:7804
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1c7ws1s.m9re.jpg" "
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1c7ws1s.m9re.jpg"
        5⤵
        
        PID:8144
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ruq92o.tib6f.jpg" "
      4⤵
      PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ruq92o.tib6f.jpg"
        5⤵
        
        PID:1448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1f8d49v.45osf.jpg" "
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1f8d49v.45osf.jpg"
        5⤵
        
        PID:5668
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ynyr0l.tg25j.jpg" "
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ynyr0l.tg25j.jpg"
        5⤵
        
        PID:8084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1q4bqyc.tggm.jpg" "
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1q4bqyc.tggm.jpg"
        5⤵
        
        PID:7960
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-14xguw6.m6scf.jpg" "
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-14xguw6.m6scf.jpg"
        5⤵
        
        PID:7644
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ov3yn5.i4txh.jpg" "
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ov3yn5.i4txh.jpg"
        5⤵
        
        PID:7908
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-m8ln1j.hhaxh.jpg" "
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-m8ln1j.hhaxh.jpg"
        5⤵
        
        PID:6028
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yyd8fi.24tsb.jpg" "
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yyd8fi.24tsb.jpg"
        5⤵
        
        PID:5224
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1b84i6o.tcpr.jpg" "
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1b84i6o.tcpr.jpg"
        5⤵
        
        PID:2192
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-12i2tob.3o2z.jpg" "
      4⤵
      PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-12i2tob.3o2z.jpg"
        5⤵
        
        PID:5004
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1g9v9yy.50p7.jpg" "
      4⤵
      PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1g9v9yy.50p7.jpg"
        5⤵
        
        PID:7144
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1s0kwip.56hu.jpg" "
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1s0kwip.56hu.jpg"
        5⤵
        
        PID:5664
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-totbok.mx3f.jpg" "
      4⤵
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-totbok.mx3f.jpg"
        5⤵
        
        PID:5848
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1sxw72o.ggmc.jpg" "
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1sxw72o.ggmc.jpg"
        5⤵
        
        PID:1180
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-tgqqc7.h3k3s.jpg" "
      4⤵
      PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-tgqqc7.h3k3s.jpg"
        5⤵
        
        PID:5620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-oo26d.j9hjag.jpg" "
      4⤵
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-oo26d.j9hjag.jpg"
        5⤵
        
        PID:7432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1fw6u1z.lyct.jpg" "
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1fw6u1z.lyct.jpg"
        5⤵
        
        PID:6808
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1wx9rib.6ma4.jpg" "
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1wx9rib.6ma4.jpg"
        5⤵
        
        PID:7860
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1a3tzk.w67k7.jpg" "
      4⤵
      PID:252
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1a3tzk.w67k7.jpg"
        5⤵
        
        PID:908
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1hybxxa.1rfv.jpg" "
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1hybxxa.1rfv.jpg"
        5⤵
        
        PID:6092
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1hafoy6.reuyj.jpg" "
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1hafoy6.reuyj.jpg"
        5⤵
        
        PID:7908
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-66bei1.h5oda.jpg" "
      4⤵
      PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-66bei1.h5oda.jpg"
        5⤵
        
        PID:7140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-41w0xe.np23r.jpg" "
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-41w0xe.np23r.jpg"
        5⤵
        
        PID:7496
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-dzmyc6.dr03k.jpg" "
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-dzmyc6.dr03k.jpg"
        5⤵
        
        PID:5560
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-10zas1g.fgct.jpg" "
      4⤵
      PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-10zas1g.fgct.jpg"
        5⤵
        
        PID:5692
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-11hv3hd.4fl2.jpg" "
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-11hv3hd.4fl2.jpg"
        5⤵
        
        PID:8092
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-16l2913.8kuy.jpg" "
      4⤵
      PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-16l2913.8kuy.jpg"
        5⤵
        
        PID:5132
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-gpf29x.uin8c.jpg" "
      4⤵
      PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-gpf29x.uin8c.jpg"
        5⤵
        
        PID:7052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1dpdanh.ul8z.jpg" "
      4⤵
      PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1dpdanh.ul8z.jpg"
        5⤵
        
        PID:6984
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-9jjjob.w9v6c.jpg" "
      4⤵
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-9jjjob.w9v6c.jpg"
        5⤵
        
        PID:5372
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-xjdqdw.6xbv.jpg" "
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-xjdqdw.6xbv.jpg"
        5⤵
        
        PID:6288
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-sdtncq.xl1zb.jpg" "
      4⤵
      PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-sdtncq.xl1zb.jpg"
        5⤵
        
        PID:7756
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ufeokn.gamco.jpg" "
      4⤵
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ufeokn.gamco.jpg"
        5⤵
        
        PID:6340
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-es3xj2.9x6n.jpg" "
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-es3xj2.9x6n.jpg"
        5⤵
        
        PID:7612
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-17k8jnw.vbt1.jpg" "
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-17k8jnw.vbt1.jpg"
        5⤵
        
        PID:8100
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ms43qt.qw4gq.jpg" "
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ms43qt.qw4gq.jpg"
        5⤵
        
        PID:5328
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1a0ue3a.jn4w.jpg" "
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1a0ue3a.jn4w.jpg"
        5⤵
        
        PID:6800
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1qre0q4.wpoz.jpg" "
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1qre0q4.wpoz.jpg"
        5⤵
        
        PID:2312
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1un9pps.pxys.jpg" "
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1un9pps.pxys.jpg"
        5⤵
        
        PID:6808
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ku560u.ppedh.jpg" "
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ku560u.ppedh.jpg"
        5⤵
        
        PID:6948
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-12kdppp.5r34.jpg" "
      4⤵
      PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-12kdppp.5r34.jpg"
        5⤵
        
        PID:7088
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ngg8py.ckxbo.jpg" "
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ngg8py.ckxbo.jpg"
        5⤵
        
        PID:7864
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1v7a449.jzwu.jpg" "
      4⤵
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1v7a449.jzwu.jpg"
        5⤵
        
        PID:1508
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-12db2j.v6857.jpg" "
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-12db2j.v6857.jpg"
        5⤵
        
        PID:5532
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1pw021q.tpfx.jpg" "
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1pw021q.tpfx.jpg"
        5⤵
        
        PID:3952
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1mptlb3.jeio.jpg" "
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1mptlb3.jeio.jpg"
        5⤵
        
        PID:280
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13ihfye.ypxk.jpg" "
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13ihfye.ypxk.jpg"
        5⤵
        
        PID:7404
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-rexmyn.fv6j.jpg" "
      4⤵
      PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-rexmyn.fv6j.jpg"
        5⤵
        
        PID:6476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xmcch9.leew.jpg" "
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xmcch9.leew.jpg"
        5⤵
        
        PID:5952
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wu74d9.zpp9r.jpg" "
      4⤵
      PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wu74d9.zpp9r.jpg"
        5⤵
        
        PID:1212
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-j6ee8k.d5tn.jpg" "
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-j6ee8k.d5tn.jpg"
        5⤵
        
        PID:6224
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13jtaik.m3dw.jpg" "
      4⤵
      PID:7540
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13jtaik.m3dw.jpg"
        5⤵
        
        PID:6612
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1b571z9.zebe.jpg" "
      4⤵
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1b571z9.zebe.jpg"
        5⤵
        
        PID:7924
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ram83v.h56ck.jpg" "
      4⤵
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ram83v.h56ck.jpg"
        5⤵
        
        PID:5848
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15osiws.2s15.jpg" "
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15osiws.2s15.jpg"
        5⤵
        
        PID:5160
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6d8ukm.5lmhx.jpg" "
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6d8ukm.5lmhx.jpg"
        5⤵
        
        PID:1948
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1i3y9ag.mbw5h.jpg" "
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1i3y9ag.mbw5h.jpg"
        5⤵
        
        PID:3504
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-10mmvtw.wkt.jpg" "
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-10mmvtw.wkt.jpg"
        5⤵
        
        PID:2904
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wma15y.4f5b.jpg" "
      4⤵
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wma15y.4f5b.jpg"
        5⤵
        
        PID:7288
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13az1mh.a4xhf.jpg" "
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13az1mh.a4xhf.jpg"
        5⤵
        
        PID:6212
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6m0d0g.wus7b.jpg" "
      4⤵
      PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6m0d0g.wus7b.jpg"
        5⤵
        
        PID:8008
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-mc5qxi.yckqr.jpg" "
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-mc5qxi.yckqr.jpg"
        5⤵
        
        PID:5984
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-16jiw1p.0cfh.jpg" "
      4⤵
      PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-16jiw1p.0cfh.jpg"
        5⤵
        
        PID:7160
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-pp9mwb.wcua.jpg" "
      4⤵
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-pp9mwb.wcua.jpg"
        5⤵
        
        PID:7628
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1fqgcu8.1pvl.jpg" "
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1fqgcu8.1pvl.jpg"
        5⤵
        
        PID:5516
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-183gm41.g7pe.jpg" "
      4⤵
      PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-183gm41.g7pe.jpg"
        5⤵
        
        PID:4464
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-162bw4n.0uc3.jpg" "
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-162bw4n.0uc3.jpg"
        5⤵
        
        PID:7604
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-gvrgq4.cycw.jpg" "
      4⤵
      PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-gvrgq4.cycw.jpg"
        5⤵
        
        PID:6740
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-tkv9fo.p9e9a.jpg" "
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-tkv9fo.p9e9a.jpg"
        5⤵
        
        PID:7788
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1n1yw9i.ctv7.jpg" "
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1n1yw9i.ctv7.jpg"
        5⤵
        
        PID:5048
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1mbackf.kdgo.jpg" "
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1mbackf.kdgo.jpg"
        5⤵
        
        PID:5956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xqsnwc.97qb.jpg" "
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xqsnwc.97qb.jpg"
        5⤵
        
        PID:3780
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-180j980.oli5.jpg" "
      4⤵
      PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-180j980.oli5.jpg"
        5⤵
        
        PID:6108
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15kpty9.bu9j.jpg" "
      4⤵
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15kpty9.bu9j.jpg"
        5⤵
        
        PID:676
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-mfumk8.6cfi.jpg" "
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-mfumk8.6cfi.jpg"
        5⤵
        
        PID:6124
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zdcdbp.lrud.jpg" "
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zdcdbp.lrud.jpg"
        5⤵
        
        PID:1972
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xg5ar0.o8k3g.jpg" "
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xg5ar0.o8k3g.jpg"
        5⤵
        
        PID:1448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1z03to6.miyxf.jpg" "
      4⤵
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1z03to6.miyxf.jpg"
        5⤵
        
        PID:7388
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15xkvfq.321w.jpg" "
      4⤵
      PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15xkvfq.321w.jpg"
        5⤵
        
        PID:7764
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zbesds.409q.jpg" "
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zbesds.409q.jpg"
        5⤵
        
        PID:6440
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-du37as.eymhq.jpg" "
      4⤵
      PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-du37as.eymhq.jpg"
        5⤵
        
        PID:4812
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wi369k.dy05t.jpg" "
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wi369k.dy05t.jpg"
        5⤵
        
        PID:7836
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-vnive6.ut8de.jpg" "
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-vnive6.ut8de.jpg"
        5⤵
        
        PID:1764
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15voug4.i6le.jpg" "
      4⤵
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15voug4.i6le.jpg"
        5⤵
        
        PID:6728
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1lqe25m.x85gg.jpg" "
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1lqe25m.x85gg.jpg"
        5⤵
        
        PID:8164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-jpoykk.uys2b.jpg" "
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-jpoykk.uys2b.jpg"
        5⤵
        
        PID:756
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1tvlblh.wfku.jpg" "
      4⤵
      PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1tvlblh.wfku.jpg"
        5⤵
        
        PID:3896
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-l18l38.d40a.jpg" "
      4⤵
      PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-l18l38.d40a.jpg"
        5⤵
        
        PID:5660
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15gkzu0.mcgr.jpg" "
      4⤵
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15gkzu0.mcgr.jpg"
        5⤵
        
        PID:5900
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1musnx2.h073.jpg" "
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1musnx2.h073.jpg"
        5⤵
        
        PID:5932
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-xhyyk4.kfzcm.jpg" "
      4⤵
      PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-xhyyk4.kfzcm.jpg"
        5⤵
        
        PID:6432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-p3w2jy.otd2o.jpg" "
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-p3w2jy.otd2o.jpg"
        5⤵
        
        PID:8092
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-g3m1iq.i7v4b.jpg" "
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-g3m1iq.i7v4b.jpg"
        5⤵
        
        PID:6920
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1fkgvjo.914d.jpg" "
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1fkgvjo.914d.jpg"
        5⤵
        
        PID:5464
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-14d78km.aq3y.jpg" "
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-14d78km.aq3y.jpg"
        5⤵
        
        PID:7888
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1j041cu.82sb.jpg" "
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1j041cu.82sb.jpg"
        5⤵
        
        PID:7680
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1czjc9c.kvxa.jpg" "
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1czjc9c.kvxa.jpg"
        5⤵
        
        PID:2720
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1h5ucur.b9qz.jpg" "
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1h5ucur.b9qz.jpg"
        5⤵
        
        PID:7492
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1n50d2.zvymw.jpg" "
      4⤵
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1n50d2.zvymw.jpg"
        5⤵
        
        PID:2604
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-o2sq8q.ezud.jpg" "
      4⤵
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-o2sq8q.ezud.jpg"
        5⤵
        
        PID:7428
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zue7xh.149c.jpg" "
      4⤵
      PID:7916
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:408
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zue7xh.149c.jpg"
        5⤵
        
        PID:1972
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xhhnx8.1t6e.jpg" "
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xhhnx8.1t6e.jpg"
        5⤵
        
        PID:5528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1qprdbn.jwe9.jpg" "
      4⤵
      PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1qprdbn.jwe9.jpg"
        5⤵
        
        PID:7480
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-147rggi.71jd.jpg" "
      4⤵
      PID:656
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-147rggi.71jd.jpg"
        5⤵
        
        PID:7564
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1t0gbaq.fr8y.jpg" "
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1t0gbaq.fr8y.jpg"
        5⤵
        
        PID:7476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-vy0i6s.8ke1.jpg" "
      4⤵
      PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-vy0i6s.8ke1.jpg"
        5⤵
        
        PID:7760
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-k8u0f8.77jds.jpg" "
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-k8u0f8.77jds.jpg"
        5⤵
        
        PID:2424
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ngj9b0.8715.jpg" "
      4⤵
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ngj9b0.8715.jpg"
        5⤵
        
        PID:5960
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1bjxsa4.qznv.jpg" "
      4⤵
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1bjxsa4.qznv.jpg"
        5⤵
        
        PID:7708
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-120xmg9.ae6o.jpg" "
      4⤵
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-120xmg9.ae6o.jpg"
        5⤵
        
        PID:5976
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-7goprm.2nid8.jpg" "
      4⤵
      PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-7goprm.2nid8.jpg"
        5⤵
        
        PID:6928
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1h87as9.gvnz.jpg" "
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1h87as9.gvnz.jpg"
        5⤵
        
        PID:7980
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1dqwenh.ygnm.jpg" "
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1dqwenh.ygnm.jpg"
        5⤵
        
        PID:7508
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zvre3g.m3kci.jpg" "
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zvre3g.m3kci.jpg"
        5⤵
        
        PID:6984
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-gr2eql.k21em.jpg" "
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-gr2eql.k21em.jpg"
        5⤵
        
        PID:6172
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-oby4f.ro06ae.jpg" "
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-oby4f.ro06ae.jpg"
        5⤵
        
        PID:5612
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1dfwoih.0e2.jpg" "
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1dfwoih.0e2.jpg"
        5⤵
        
        PID:3088
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-17un1b1.nmqv.jpg" "
      4⤵
      PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-17un1b1.nmqv.jpg"
        5⤵
        
        PID:7392
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1r1o61r.0t57.jpg" "
      4⤵
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1r1o61r.0t57.jpg"
        5⤵
        
        PID:5212
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1jjtze3.1s8c.jpg" "
      4⤵
      PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1jjtze3.1s8c.jpg"
        5⤵
        
        PID:6916
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-10i8keq.8oan.jpg" "
      4⤵
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-10i8keq.8oan.jpg"
        5⤵
        
        PID:3532
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-4zbc1h.nrgn9.jpg" "
      4⤵
      PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-4zbc1h.nrgn9.jpg"
        5⤵
        
        PID:6640
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-9quo2r.zjrsa.jpg" "
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-9quo2r.zjrsa.jpg"
        5⤵
        
        PID:5872
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-9cdmav.id5gu.jpg" "
      4⤵
      PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-9cdmav.id5gu.jpg"
        5⤵
        
        PID:7796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-701em0.2oo0i.jpg" "
      4⤵
      PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-701em0.2oo0i.jpg"
        5⤵
        
        PID:7964
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-8gfolq.ufptn.jpg" "
      4⤵
      PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-8gfolq.ufptn.jpg"
        5⤵
        
        PID:4760
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1tjkhqv.xrbg.jpg" "
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1tjkhqv.xrbg.jpg"
        5⤵
        
        PID:6436
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-o37byi.56wp8.jpg" "
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-o37byi.56wp8.jpg"
        5⤵
        
        PID:6072
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1p3teq6.nbmq.jpg" "
      4⤵
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1p3teq6.nbmq.jpg"
        5⤵
        
        PID:3712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-eo52t9.er5m.jpg" "
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-eo52t9.er5m.jpg"
        5⤵
        
        PID:5528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-macn02.fahv.jpg" "
      4⤵
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-macn02.fahv.jpg"
        5⤵
        
        PID:3504
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-e8vv00.npp8o.jpg" "
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-e8vv00.npp8o.jpg"
        5⤵
        
        PID:1056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-xd9nhz.kh5uc.jpg" "
      4⤵
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-xd9nhz.kh5uc.jpg"
        5⤵
        
        PID:6292
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-xdgo9q.q3zjm.jpg" "
      4⤵
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-xdgo9q.q3zjm.jpg"
        5⤵
        
        PID:4180
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13pbqay.nkup.jpg" "
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13pbqay.nkup.jpg"
        5⤵
        
        PID:6084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1o2tie8.og74.jpg" "
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1o2tie8.og74.jpg"
        5⤵
        
        PID:3432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-19brfr.6jbn6.jpg" "
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-19brfr.6jbn6.jpg"
        5⤵
        
        PID:5136
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-3y77hh.eddl2.jpg" "
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-3y77hh.eddl2.jpg"
        5⤵
        
        PID:8112
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1qf3m51.izf3.jpg" "
      4⤵
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1qf3m51.izf3.jpg"
        5⤵
        
        PID:7360
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-hd4z35.qs6u7.jpg" "
      4⤵
      PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-hd4z35.qs6u7.jpg"
        5⤵
        
        PID:6516
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-2182wj.fpxig.jpg" "
      4⤵
      PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-2182wj.fpxig.jpg"
        5⤵
        
        PID:6448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1513g45.9euu.jpg" "
      4⤵
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1513g45.9euu.jpg"
        5⤵
        
        PID:7660
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1vk0dlc.lsmci.jpg" "
      4⤵
      PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1vk0dlc.lsmci.jpg"
        5⤵
        
        PID:5900
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-pis6lz.rsavs.jpg" "
      4⤵
      PID:7976
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-pis6lz.rsavs.jpg"
        5⤵
        
        PID:6036
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-11ext99.pf5ii.jpg" "
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-11ext99.pf5ii.jpg"
        5⤵
        
        PID:7828
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yl8sd.nxryw.jpg" "
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yl8sd.nxryw.jpg"
        5⤵
        
        PID:5480
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-e4r04v.i8y9w.jpg" "
      4⤵
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-e4r04v.i8y9w.jpg"
        5⤵
        
        PID:2084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ztopr6.1iybj.jpg" "
      4⤵
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ztopr6.1iybj.jpg"
        5⤵
        
        PID:5816
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6vjj9z.gr63a.jpg" "
      4⤵
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6vjj9z.gr63a.jpg"
        5⤵
        
        PID:7256
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-107awxk.d8gq.jpg" "
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-107awxk.d8gq.jpg"
        5⤵
        
        PID:6860
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-vlux1z.oupj.jpg" "
      4⤵
      PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-vlux1z.oupj.jpg"
        5⤵
        
        PID:4208
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1vb6lmr.27l.jpg" "
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1vb6lmr.27l.jpg"
        5⤵
        
        PID:4792
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-bpow2b.kzrxj.jpg" "
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-bpow2b.kzrxj.jpg"
        5⤵
        
        PID:7468
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ozx91i.fwurr.jpg" "
      4⤵
      PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ozx91i.fwurr.jpg"
        5⤵
        
        PID:7640
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1wclvkd.ya72.jpg" "
      4⤵
      PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1wclvkd.ya72.jpg"
        5⤵
        
        PID:5316
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-14k8m7x.zm3e.jpg" "
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-14k8m7x.zm3e.jpg"
        5⤵
        
        PID:5604
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1nhvfj9.348u.jpg" "
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1nhvfj9.348u.jpg"
        5⤵
        
        PID:5636
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-mldgyz.dl1v.jpg" "
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-mldgyz.dl1v.jpg"
        5⤵
        
        PID:2024
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zeuh2q.95qoe.jpg" "
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zeuh2q.95qoe.jpg"
        5⤵
        
        PID:8176
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-120wg28.jsxsj.jpg" "
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-120wg28.jsxsj.jpg"
        5⤵
        
        PID:5888
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-kmnp8a.w68d.jpg" "
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-kmnp8a.w68d.jpg"
        5⤵
        
        PID:7764
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-kkq783.yhit.jpg" "
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-kkq783.yhit.jpg"
        5⤵
        
        PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe
      "C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\UnityLibraryLinker.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\UnityLibraryLinker" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3796 --field-trial-handle=1820,10558349433459866857,890604160707821130,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:5704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1c5bl98.xdim.jpg" "
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1c5bl98.xdim.jpg"
        5⤵
        
        PID:4512
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-4p2lf3.ip61l.jpg" "
      4⤵
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-4p2lf3.ip61l.jpg"
        5⤵
        
        PID:4244
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13la4x4.pd8q.jpg" "
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13la4x4.pd8q.jpg"
        5⤵
        
        PID:5304
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1itwqt4.i1co.jpg" "
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1itwqt4.i1co.jpg"
        5⤵
        
        PID:1200
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-uxdqh5.ps2fs.jpg" "
      4⤵
      PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-uxdqh5.ps2fs.jpg"
        5⤵
        
        PID:7664
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1j60q8p.ft6pl.jpg" "
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1j60q8p.ft6pl.jpg"
        5⤵
        
        PID:2060
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1fhblsx.dexe.jpg" "
      4⤵
      PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1fhblsx.dexe.jpg"
        5⤵
        
        PID:6648
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-5xznit.ezrx.jpg" "
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-5xznit.ezrx.jpg"
        5⤵
        
        PID:6760
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-g2mrl7.34b6k.jpg" "
      4⤵
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-g2mrl7.34b6k.jpg"
        5⤵
        
        PID:5560
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-16wht2l.8ie6.jpg" "
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-16wht2l.8ie6.jpg"
        5⤵
        
        PID:7048
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-161e162.vqg9.jpg" "
      4⤵
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-161e162.vqg9.jpg"
        5⤵
        
        PID:7144
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1pq8bdz.s8rtg.jpg" "
      4⤵
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1pq8bdz.s8rtg.jpg"
        5⤵
        
        PID:5352
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-a43ufw.2cbdn.jpg" "
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-a43ufw.2cbdn.jpg"
        5⤵
        
        PID:4924
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-154f7bx.hqrr.jpg" "
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-154f7bx.hqrr.jpg"
        5⤵
        
        PID:3536
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13ft2f1.roxog.jpg" "
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-13ft2f1.roxog.jpg"
        5⤵
        
        PID:3524
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-440zze.i2lft.jpg" "
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-440zze.i2lft.jpg"
        5⤵
        
        PID:5224
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-prtm0p.6c16.jpg" "
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-prtm0p.6c16.jpg"
        5⤵
        
        PID:6932
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1hi7m06.s73km.jpg" "
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1hi7m06.s73km.jpg"
        5⤵
        
        PID:6752
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-alau0l.78pip.jpg" "
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-alau0l.78pip.jpg"
        5⤵
        
        PID:6580
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1o4j9tp.kbfc.jpg" "
      4⤵
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1o4j9tp.kbfc.jpg"
        5⤵
        
        PID:5244
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-whrvvc.0prg.jpg" "
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-whrvvc.0prg.jpg"
        5⤵
        
        PID:7872
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1s2o4gn.j0o6.jpg" "
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1s2o4gn.j0o6.jpg"
        5⤵
        
        PID:2324
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-st87op.aqeb7.jpg" "
      4⤵
      PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-st87op.aqeb7.jpg"
        5⤵
        
        PID:6584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-b515jn.7x3w.jpg" "
      4⤵
      PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-b515jn.7x3w.jpg"
        5⤵
        
        PID:8032
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ipyom2.2rhdf.jpg" "
      4⤵
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ipyom2.2rhdf.jpg"
        5⤵
        
        PID:5288
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-q84gh8.pc80m.jpg" "
      4⤵
      PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-q84gh8.pc80m.jpg"
        5⤵
        
        PID:1140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-5eqsri.0wj3k.jpg" "
      4⤵
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-5eqsri.0wj3k.jpg"
        5⤵
        
        PID:6256
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-152hjn8.zzc4.jpg" "
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-152hjn8.zzc4.jpg"
        5⤵
        
        PID:6164
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1cvcb5b.p4gl.jpg" "
      4⤵
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1cvcb5b.p4gl.jpg"
        5⤵
        
        PID:6724
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-29is7t.4ajx4.jpg" "
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-29is7t.4ajx4.jpg"
        5⤵
        
        PID:6044
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-v73udt.se21.jpg" "
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-v73udt.se21.jpg"
        5⤵
        
        PID:6292
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-11q7ugw.hrrw.jpg" "
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-11q7ugw.hrrw.jpg"
        5⤵
        
        PID:3432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wgoruu.67k6s.jpg" "
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wgoruu.67k6s.jpg"
        5⤵
        
        PID:2788
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-fhhqiz.f6ws8.jpg" "
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-fhhqiz.f6ws8.jpg"
        5⤵
        
        PID:7532
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-127hswn.yr8ul.jpg" "
      4⤵
      PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-127hswn.yr8ul.jpg"
        5⤵
        
        PID:5740
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-i2yqhn.cm6o.jpg" "
      4⤵
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-i2yqhn.cm6o.jpg"
        5⤵
        
        PID:4692
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-142xva0.59ig.jpg" "
      4⤵
      PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-142xva0.59ig.jpg"
        5⤵
        
        PID:768
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1fvz8id.q8vp.jpg" "
      4⤵
      PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1fvz8id.q8vp.jpg"
        5⤵
        
        PID:8016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1vu2c3j.3w6mi.jpg" "
      4⤵
      PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1vu2c3j.3w6mi.jpg"
        5⤵
        
        PID:8156
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-y0erfw.urd2.jpg" "
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-y0erfw.urd2.jpg"
        5⤵
        
        PID:5820
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-16hukvk.k05v.jpg" "
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-16hukvk.k05v.jpg"
        5⤵
        
        PID:2904
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-n1faea.f07ug.jpg" "
      4⤵
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-n1faea.f07ug.jpg"
        5⤵
        
        PID:6916
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-tos9j6.qnxs.jpg" "
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-tos9j6.qnxs.jpg"
        5⤵
        
        PID:6884
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ai5l4p.cravd.jpg" "
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ai5l4p.cravd.jpg"
        5⤵
        
        PID:5368
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1mno37d.j0m9.jpg" "
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1mno37d.j0m9.jpg"
        5⤵
        
        PID:6228
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-i7lqpb.8jnyj.jpg" "
      4⤵
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-i7lqpb.8jnyj.jpg"
        5⤵
        
        PID:4780
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yp1xb4.m02ym.jpg" "
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yp1xb4.m02ym.jpg"
        5⤵
        
        PID:5072
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1gxd2s.snchy.jpg" "
      4⤵
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1gxd2s.snchy.jpg"
        5⤵
        
        PID:3152
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6welky.795xr.jpg" "
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6welky.795xr.jpg"
        5⤵
        
        PID:2948
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1f1w385.unr.jpg" "
      4⤵
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1f1w385.unr.jpg"
        5⤵
        
        PID:5636
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1l0e2md.p7q5.jpg" "
      4⤵
      PID:7400
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1l0e2md.p7q5.jpg"
        5⤵
        
        PID:1972
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yciayr.lvq7g.jpg" "
      4⤵
      PID:6856
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yciayr.lvq7g.jpg"
        5⤵
        
        PID:1212
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-10alpih.yy3u.jpg" "
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-10alpih.yy3u.jpg"
        5⤵
        
        PID:6188
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1t3o8iw.ag5w.jpg" "
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1t3o8iw.ag5w.jpg"
        5⤵
        
        PID:1948
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6s0ee9.0pw2n.jpg" "
      4⤵
      PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6s0ee9.0pw2n.jpg"
        5⤵
        
        PID:7116
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-9v468z.ic9e.jpg" "
      4⤵
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-9v468z.ic9e.jpg"
        5⤵
        
        PID:1200
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1k5aeas.gux5.jpg" "
      4⤵
      PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1k5aeas.gux5.jpg"
        5⤵
        
        PID:6664
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1g3atut.ubga.jpg" "
      4⤵
      PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1g3atut.ubga.jpg"
        5⤵
        
        PID:3052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1iy1lkg.rgq7.jpg" "
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1iy1lkg.rgq7.jpg"
        5⤵
        
        PID:4560
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-18yzs8w.dfhq.jpg" "
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-18yzs8w.dfhq.jpg"
        5⤵
        
        PID:2620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1d0edgq.dzj9.jpg" "
      4⤵
      PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1d0edgq.dzj9.jpg"
        5⤵
        
        PID:1380
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-14zlngj.3j7k.jpg" "
      4⤵
      PID:2848
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-14zlngj.3j7k.jpg"
        5⤵
        
        PID:5320
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1139xla.eo67.jpg" "
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1139xla.eo67.jpg"
        5⤵
        
        PID:7644
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-185yyoj.gh77.jpg" "
      4⤵
      PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-185yyoj.gh77.jpg"
        5⤵
        
        PID:6056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6q2kue.h1egn.jpg" "
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6q2kue.h1egn.jpg"
        5⤵
        
        PID:6804
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ohh5fi.v9ay.jpg" "
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ohh5fi.v9ay.jpg"
        5⤵
        
        PID:4540
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1sv4qj5.1dd9.jpg" "
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1sv4qj5.1dd9.jpg"
        5⤵
        
        PID:6012
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1hi0b1e.tsi6.jpg" "
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1hi0b1e.tsi6.jpg"
        5⤵
        
        PID:7112
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1gt1gkv.jq0r.jpg" "
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1gt1gkv.jq0r.jpg"
        5⤵
        
        PID:6152
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-m0tqas.qvvkd.jpg" "
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-m0tqas.qvvkd.jpg"
        5⤵
        
        PID:5496
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ylqae7.ypk2i.jpg" "
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ylqae7.ypk2i.jpg"
        5⤵
        
        PID:6264
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-uln6in.rwep.jpg" "
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-uln6in.rwep.jpg"
        5⤵
        
        PID:7024
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yhc8nt.yecq.jpg" "
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yhc8nt.yecq.jpg"
        5⤵
        
        PID:6300
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-m5e01.fv356a.jpg" "
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-m5e01.fv356a.jpg"
        5⤵
        
        PID:4500
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-o5kfgz.zwp7.jpg" "
      4⤵
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-o5kfgz.zwp7.jpg"
        5⤵
        
        PID:3152
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1g0jrh9.m7iv.jpg" "
      4⤵
      PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1g0jrh9.m7iv.jpg"
        5⤵
        
        PID:7836
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-rd9zxa.pgyqr.jpg" "
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-rd9zxa.pgyqr.jpg"
        5⤵
        
        PID:5528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-7hy6py.n39kp.jpg" "
      4⤵
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-7hy6py.n39kp.jpg"
        5⤵
        
        PID:820
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-we6fiz.7j92.jpg" "
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-we6fiz.7j92.jpg"
        5⤵
        
        PID:6808
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-n81abd.3d6sc.jpg" "
      4⤵
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-n81abd.3d6sc.jpg"
        5⤵
        
        PID:7712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-3i8taw.d6fpi.jpg" "
      4⤵
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-3i8taw.d6fpi.jpg"
        5⤵
        
        PID:8120
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-157jfdk.5rbz.jpg" "
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-157jfdk.5rbz.jpg"
        5⤵
        
        PID:6628
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-14goc9g.wjhm.jpg" "
      4⤵
      PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-14goc9g.wjhm.jpg"
        5⤵
        
        PID:7088
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-gn05fi.b5nli.jpg" "
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-gn05fi.b5nli.jpg"
        5⤵
        
        PID:7532
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-qlsmi4.ihnvf.jpg" "
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-qlsmi4.ihnvf.jpg"
        5⤵
        
        PID:6076
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1r8ln9s.zgei.jpg" "
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1r8ln9s.zgei.jpg"
        5⤵
        
        PID:584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1jvdys.8iche.jpg" "
      4⤵
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1jvdys.8iche.jpg"
        5⤵
        
        PID:6220
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-jkynuq.v04fh.jpg" "
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-jkynuq.v04fh.jpg"
        5⤵
        
        PID:7180
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ddgkbq.xgkh.jpg" "
      4⤵
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ddgkbq.xgkh.jpg"
        5⤵
        
        PID:7764
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1t96beh.mcz6.jpg" "
      4⤵
      PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1t96beh.mcz6.jpg"
        5⤵
        
        PID:1140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ip2244.h5qdd.jpg" "
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ip2244.h5qdd.jpg"
        5⤵
        
        PID:5812
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yy68q4.gio2.jpg" "
      4⤵
      PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-yy68q4.gio2.jpg"
        5⤵
        
        PID:6680
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1oeqdov.cfr6.jpg" "
      4⤵
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1oeqdov.cfr6.jpg"
        5⤵
        
        PID:3432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-gtzxv6.sxkvb.jpg" "
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-gtzxv6.sxkvb.jpg"
        5⤵
        
        PID:5356
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1sige8s.58ct.jpg" "
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1sige8s.58ct.jpg"
        5⤵
        
        PID:1176
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15d3koz.g60c.jpg" "
      4⤵
      PID:2168
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15d3koz.g60c.jpg"
        5⤵
        
        PID:7316
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1p6chtw.toba.jpg" "
      4⤵
      PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1p6chtw.toba.jpg"
        5⤵
        
        PID:5608
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-5uo3ax.zto55.jpg" "
      4⤵
      PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-5uo3ax.zto55.jpg"
        5⤵
        
        PID:4052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-10hnkwm.vc27.jpg" "
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-10hnkwm.vc27.jpg"
        5⤵
        
        PID:6588
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ykx8ga.jaofg.jpg" "
      4⤵
      PID:568
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ykx8ga.jaofg.jpg"
        5⤵
        
        PID:6944
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1qptha.6xog6.jpg" "
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1qptha.6xog6.jpg"
        5⤵
        
        PID:7644
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-irlds7.pqcro.jpg" "
      4⤵
      PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-irlds7.pqcro.jpg"
        5⤵
        
        PID:7492
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1yoijxz.p01x.jpg" "
      4⤵
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1yoijxz.p01x.jpg"
        5⤵
        
        PID:3848
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zuti0p.ak8a.jpg" "
      4⤵
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-zuti0p.ak8a.jpg"
        5⤵
        
        PID:5620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1a7wwj7.5dgfl.jpg" "
      4⤵
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1a7wwj7.5dgfl.jpg"
        5⤵
        
        PID:7000
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-uc353q.ym40o.jpg" "
      4⤵
      PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-uc353q.ym40o.jpg"
        5⤵
        
        PID:7616
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1m80col.6kmn.jpg" "
      4⤵
      PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1m80col.6kmn.jpg"
        5⤵
        
        PID:6512
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wrhdhy.6qnji.jpg" "
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-wrhdhy.6qnji.jpg"
        5⤵
        
        PID:5852
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ycs5o9.5ixoe.jpg" "
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ycs5o9.5ixoe.jpg"
        5⤵
        
        PID:5220
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1t96ocu.tytw.jpg" "
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1t96ocu.tytw.jpg"
        5⤵
        
        PID:7516
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-cthu2m.lsw9p.jpg" "
      4⤵
      PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-cthu2m.lsw9p.jpg"
        5⤵
        
        PID:4180
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1f0xiau.yfy6.jpg" "
      4⤵
      PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1f0xiau.yfy6.jpg"
        5⤵
        
        PID:1360
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-vhgyxe.cn66.jpg" "
      4⤵
      PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-vhgyxe.cn66.jpg"
        5⤵
        
        PID:5644
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-cilas8.0ysiv.jpg" "
      4⤵
      PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-cilas8.0ysiv.jpg"
        5⤵
        
        PID:5136
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-16d2mx6.kc8b.jpg" "
      4⤵
      PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-16d2mx6.kc8b.jpg"
        5⤵
        
        PID:6544
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ddtn9l.kuuw.jpg" "
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ddtn9l.kuuw.jpg"
        5⤵
        
        PID:7776
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ctruhb.uj2t.jpg" "
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ctruhb.uj2t.jpg"
        5⤵
        
        PID:6424
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-5ja68p.e5204.jpg" "
      4⤵
      PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-5ja68p.e5204.jpg"
        5⤵
        
        PID:2192
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1foyxao.1zxw.jpg" "
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1foyxao.1zxw.jpg"
        5⤵
        
        PID:2836
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-bu80zr.68q0h.jpg" "
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-bu80zr.68q0h.jpg"
        5⤵
        
        PID:5636
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-4xkc1v.9zkn7.jpg" "
      4⤵
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-4xkc1v.9zkn7.jpg"
        5⤵
        
        PID:4184
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1kvtlnx.uy01.jpg" "
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1kvtlnx.uy01.jpg"
        5⤵
        
        PID:5956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ucyqug.valj.jpg" "
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ucyqug.valj.jpg"
        5⤵
        
        PID:572
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1d4fzfr.9rl4.jpg" "
      4⤵
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1d4fzfr.9rl4.jpg"
        5⤵
        
        PID:6476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xvqe6k.ygr6g.jpg" "
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xvqe6k.ygr6g.jpg"
        5⤵
        
        PID:6044
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-df3v1y.3tgx.jpg" "
      4⤵
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-df3v1y.3tgx.jpg"
        5⤵
        
        PID:6344
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15tug8r.k60wg.jpg" "
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-15tug8r.k60wg.jpg"
        5⤵
        
        PID:5728
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1nm6fa9.i824.jpg" "
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1nm6fa9.i824.jpg"
        5⤵
        
        PID:6244
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-17tktks.w8ng.jpg" "
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-17tktks.w8ng.jpg"
        5⤵
        
        PID:5132
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-152p4sg.j00u.jpg" "
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-152p4sg.j00u.jpg"
        5⤵
        
        PID:6232
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ul6rvd.542q.jpg" "
      4⤵
      PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ul6rvd.542q.jpg"
        5⤵
        
        PID:7576
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xr6pkz.n0xu.jpg" "
      4⤵
      PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1xr6pkz.n0xu.jpg"
        5⤵
        
        PID:5860
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6gm5tx.4tv6y.jpg" "
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-6gm5tx.4tv6y.jpg"
        5⤵
        
        PID:5844
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-xvr3fx.ek218.jpg" "
      4⤵
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-xvr3fx.ek218.jpg"
        5⤵
        
        PID:5732
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-s0g2dw.90t8e.jpg" "
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-s0g2dw.90t8e.jpg"
        5⤵
        
        PID:6660
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ezn3gy.vhadd.jpg" "
      4⤵
      PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-ezn3gy.vhadd.jpg"
        5⤵
        
        PID:6832
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-171trx0.pq83i.jpg" "
      4⤵
      PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-171trx0.pq83i.jpg"
        5⤵
        
        PID:7864
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1kv5b5w.py6di.jpg" "
      4⤵
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1kv5b5w.py6di.jpg"
        5⤵
        
        PID:6924
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-eq3u12.kcq8n.jpg" "
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-eq3u12.kcq8n.jpg"
        5⤵
        
        PID:4012
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1pdi6ve.nga0i.jpg" "
      4⤵
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1pdi6ve.nga0i.jpg"
        5⤵
        
        PID:7912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ylzq5p.q7jk.jpg" "
      4⤵
      PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
        
        screenCapture_1.3.2.exe "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ylzq5p.q7jk.jpg"
        5⤵
        
        PID:4692
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-18ge0p3.xksf.jpg" "
      4⤵
      PID:2040
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1l1nyug.q9ax.jpg" "
      4⤵
      PID:2168
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\Admin\AppData\Local\Temp\2024315-3920-1w28rw2.uf5q.jpg" "
      4⤵
      PID:4724

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7428
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\modules\discord_desktop_core-1\discord_desktop_core\index.js"
  2⤵
  PID:2036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5548
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\modules\discord_desktop_core-1\discord_desktop_core\core.asar"
  2⤵
  PID:6572

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:7960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:476
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\modules\discord_desktop_core-1\discord_desktop_core\index.js"
  2⤵
  PID:5080

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6500
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\modules\discord_desktop_core-1\discord_desktop_core\index.js"
  2⤵
  PID:7496

C:\Users\Admin\Downloads\AmazingGame\AmazingGame.exe
"C:\Users\Admin\Downloads\AmazingGame\AmazingGame.exe"
1⤵
PID:7980
- C:\Users\Admin\Downloads\AmazingGame\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\AmazingGame\UnityCrashHandler64.exe" --attach 7980 2152099942400
  2⤵
  PID:5520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\93e7f05821b87c7e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\Discord.exe

Filesize
134.5MB

MD5
8967de355a2817125d1bba42ff6aec5e

SHA1
75caee8ae01a39ae586ae9b5fbe54e27241abe7e

SHA256
08d785f01b9b79e1f988d486536b6433f9825cabe4ab6ac7f9bb74954f3ae13e

SHA512
59e408dc3609478ce196178056f20d1fb006a9707ccbec072b76b069686a67fd738f04d1e24f15a5222bb62d997fe913c0b7cfeb137ed7a2029b172468001b89

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\d3dcompiler_47.dll

Filesize
3.9MB

MD5
08ac37f455e0640c0250936090fe91b6

SHA1
7a91992d739448bc89e9f37a6b7efeb736efc43d

SHA256
2438b520ac961e38c5852779103734be373ee2b6d1e5a7a5d49248b52acc7c4d

SHA512
35a118f62b21160b0e7a92c7b9305da708c5cbd3491a724da330e3fc147dde2ca494387866c4e835f8e729b89ee0903fd1b479fcc75b9e516df8b86a2f1364c8

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\ffmpeg.dll

Filesize
3.2MB

MD5
e25a4f69815d61632c43a7dacd33636d

SHA1
f1cd2eb38828e86e5c0a3192bfc0e0e0fb90b214

SHA256
3247c0cc44863845734bb76acddcb7f8bbc1a6ec76fc484db54f683b6392354c

SHA512
36cbb8da287a124ebfda5e5da908e2a9fb494fc3d74a91455cd4986e31b545d2783268aca93501a7243a1306c9bbb4d1cc80e2b241c538b4170df57479d0c24c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\libglesv2.dll

Filesize
6.4MB

MD5
793c32d65a356607ba89088ff0808060

SHA1
48e1fbf8a9004029cdbe04c1afee3f83cc80a249

SHA256
a19881a4876955ee223d884a5d04d85c04e54de900ae5c22b7cd4ac60ba17a81

SHA512
dd5e4941f513d6910412cd1eb9325edd16dadf32f0c38a6906cf38a0c96511191278695d79be112005fd391307e4a3988342093d160f65b68d8c163d7aa72184

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\resources.pak

Filesize
5.1MB

MD5
e9056386a2b4edac9f0ffa829bc0cfa0

SHA1
f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e

SHA256
546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c

SHA512
c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\resources\app.asar

Filesize
6.3MB

MD5
18c82fef289b0aa9fff73ce8489c69f5

SHA1
76999d747423ef5cd9cc0a1fa039a7fad6c89763

SHA256
c5e9c322296f97c42132aa29cf9e94e372e9de3b83e2fd1266340ab476b2d821

SHA512
529bb2a0c8c399b4815740928a1b74bbce23d04f9cffeb2be2d12b46f3d3aad00d4498ba95fad0e8d82e52850f6b5395041b65931c63123ab5c95c15d5a82a26

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\resources\build_info.json

Filesize
83B

MD5
2f27f5cafc72ffc221daaf89a1518c09

SHA1
ef8c63f368b9a7d77d7d85d29fa13d0e3bbd873d

SHA256
5d8b039e0fbd4a675ab5fd6eaf9c301cab7b3ee2d13393e29cebb45fe9dd2977

SHA512
2846ef41ea6f0f5da24dc690998ec657d8e99aedf878e6f16417ae3372cf054693ac96a4dbab42a634cd18cc42a86efb50c1bd11f05012c10914b35f45d6713d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9041\v8_context_snapshot.bin

Filesize
631KB

MD5
5e59b98c444e66f981b8605636e88efd

SHA1
78ce5d12ef8d76e5de09873eec59657a5b3964ee

SHA256
457167b96cf7cb9d80bf5f74976314b465439adb0563ed820be15d848f3daf66

SHA512
9401047fb86cd7d9b9aeea72bc3b7981b834e914d7ecc19ef2f787ccf946548a95241b89d508372caad6a7cc157e2be6fa931d952f836404b7c0c5abe4ca614b

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\1637bf576c2c3cfa0e666162530e04ea294850381bf5762f5143d0e2a0633981

Filesize
1.6MB

MD5
edebd81c591f277e03c816acf5118cd7

SHA1
9e3e9a3ee657e285d19425e0b401f8a1f5753906

SHA256
1637bf576c2c3cfa0e666162530e04ea294850381bf5762f5143d0e2a0633981

SHA512
c984f22331b8f4a4b6522557e28acda4aac0b28e81d9d86bcc2affd16bd0ced53e7cb2d207feac5ec82079074d7350172374ec6b3bfb2046c37addeaf6b2d59e

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\25ff6fab418300e0a78bc4103c430491bc25797c5a0f47a51deed5f82d3618ad

Filesize
9.4MB

MD5
e59ca00d4f9c69ca99739cb1e988c0f7

SHA1
2ec235b27cb41c0d7c8277f9e1dedd0191052b59

SHA256
25ff6fab418300e0a78bc4103c430491bc25797c5a0f47a51deed5f82d3618ad

SHA512
fb3c65812ff11b89d0967a1c07c42ab1567ed6f3ffba146e2a7f279fd66c39318986336bc62633c0958c604b2c5a94d8924f49c2a4d36f1e6132008cc61de92e

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\478d3fcdfcf4c0d6478ea49e919c896cb79e0b2d7baef95cb937c41cb41fb145

Filesize
420KB

MD5
41af7c3f7ef8a087b553b366932a0e12

SHA1
92a3ed4fd95760acbc23d0057ac32c7a2ace1a54

SHA256
478d3fcdfcf4c0d6478ea49e919c896cb79e0b2d7baef95cb937c41cb41fb145

SHA512
d5d52aa1c776586f3ec23c95ada6d5a2ff7f891cfd1ed92b1ef5f1e715cd20afe204ffeaa883ee5f2b62a0218b5cd243173d3d33e9104f83ff5bb70b4837989c

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\4de85d703d324992d9f89ffea9051139c89d8fe09bedb44736d7ced570ce97b1

Filesize
1.6MB

MD5
0fe78890812a98a3bbb113f158550b33

SHA1
fe6a8e02537a30426e566008fe88125f1f5a85e8

SHA256
4de85d703d324992d9f89ffea9051139c89d8fe09bedb44736d7ced570ce97b1

SHA512
a6cca91e2ad86547ab43d810d3f47b61be0d9b1634085cf512666e3a09ee51c6e41319cab0cf0b6dd0fe8728299fcaa52738b0312e884c899a851e1fbf4cde43

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\65cedd39364363b654b841ab2d4090983db3b1435b15cae9b1645fc096cdae48

Filesize
1.4MB

MD5
4bc13fe890456654225810eb460f5744

SHA1
d2da685e3446feb1e96677dc22927d9d48944ab4

SHA256
65cedd39364363b654b841ab2d4090983db3b1435b15cae9b1645fc096cdae48

SHA512
f8c0d811b322b71fc37613dfd0394568a4dd54595cc75532ff4cdda7c626c4ada2177db84f641131f9a737f1be7b5e4aec7bd42de2ddebe19ba5decd42127c83

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\65f3c960d881e7d32ab34e9907d82eb30e3c454896ac7b4883376d1207dee534

Filesize
31KB

MD5
2b13de8be0df71e70ae712841b63c49d

SHA1
562b4006501c75ade4d20d4226d48692dd43c4c2

SHA256
65f3c960d881e7d32ab34e9907d82eb30e3c454896ac7b4883376d1207dee534

SHA512
0b400db59a1ddc9b32f020098f76cbaf9c099e5d7e17d37e5d427972795356274b7faca0a4302a99001e662fe265d3d476c10c4301471f853e2089de75606f5e

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\73c3006f781d25c225f7d853876b214663eb06507d7835b56c9d2e38656b770c

Filesize
379KB

MD5
efebec9710f2c85a3606cc40b2f6ef7d

SHA1
8ae636465e51a1dc9cd6a8566b6af820168fde6d

SHA256
73c3006f781d25c225f7d853876b214663eb06507d7835b56c9d2e38656b770c

SHA512
d02d75d82025e0c7a2dcd9e126ee8c98d99886941230f4c7223ef7f0262d334b583bb9dd756cbbf84fd0589b1f88dc9e6ee47d510f6e7130e142cbe3015f8adb

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\858081645dd6a2649dff9012220c07123fe4aa33929aa2ef73944efda81240f7

Filesize
14.9MB

MD5
fa48307d401da4ae47c448fbb1027e8f

SHA1
da1cd7fc40dad25b61276a348972056bd37c95ab

SHA256
858081645dd6a2649dff9012220c07123fe4aa33929aa2ef73944efda81240f7

SHA512
ff8567d0fd656cb9c21dca709048fa9e0ee8a3f1a28814baa0e740a32be9da4c6991e06af715df59d67adca9fc84da96ff5b5b54095150e93f07240261c40f9f

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\9f79e16231fb796ad22ddda6ea8451c67ebfb8914733c61b828300d01afc01ac

Filesize
277KB

MD5
bd54fbe98a8d502ace269d4e7b343222

SHA1
11a1db527ef09b71ac104b8f12980090c0af131b

SHA256
9f79e16231fb796ad22ddda6ea8451c67ebfb8914733c61b828300d01afc01ac

SHA512
c7ff71133b2bc1d130c0b56a5883b8f27ca32eba209a365187b8346dfb4906cc48e800404a0801850e82b72f0bdfc63af2e6aec0df7307366f592df77d562684

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\d84b0656d58ea50e930f9ac8ffd9951a1d82293d1a27ef416e575a0f66172e0b

Filesize
194KB

MD5
e4e8526ed59131790915666e5553fb83

SHA1
8c3bb7e028f47ff4974e44b781994e085ed6c6ee

SHA256
d84b0656d58ea50e930f9ac8ffd9951a1d82293d1a27ef416e575a0f66172e0b

SHA512
7fdfbc4ede4c3fe893b8f036d0c0e7223b57545d8e606d8954a41ed8a6139e4da21d09ecfa248ed129a996b00600f3232ee911c3238c967f8b6e0725ec93edf9

Download Submit
C:\Users\Admin\AppData\Local\Discord\installer.db

Filesize
216KB

MD5
95c4c7caeb3399c8cc98fa748e5d73c1

SHA1
2136c876edece7a772e047cb0b682421cc4990ab

SHA256
691dba8c15393705fbf47661b337610b834358e07148f0e41e55e88e72fb7178

SHA512
7447e68d7b50875d44a06371f81a7d1dd3dfac67beec86d0c9ec69a39ad24a4b0479d0a01178f6aafc509e9c9d0a7442e2e05e8b5adcc70dd38bc348732ad89c

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\RELEASES

Filesize
73B

MD5
efc8bf77b8eb77effdfc676b901a85bc

SHA1
f2ceb8578df01d1211b94c1c45270e4b8b657037

SHA256
146ec790e7a4012738dbdcd52d861cf416572c9da8993595a1709f79f62b363d

SHA512
1244f2db8c776c0cbd9a9ad2de41581f1fe3aecf19fc45261748964c8b8c4b020ea74e00ce2954a299bbaa4c42cae605127642ff8e772d6a1b708a6d8dc5ac6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
43379e1fd46bbf81afb4fa093257a7b9

SHA1
a1aa383ab51d42dadb4d670b2f8cf3cd942b6172

SHA256
ff0fb0aba84da291dd911ea4776d4e1d61d300b655644196f8c53923c39506f5

SHA512
5db08aa2770fd4ed60407be5014cd602327ec66860e7c034b635c4c7a84bc8a5cae698ea807fabee1b05f36eb5759ad65958e54a8dc01a79bf908957dbbfcea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4f1a90dc02a050c79a9bdea8fbd6ce7

SHA1
ac50dbfc70a3ad07e21187c5960154bd45a3b310

SHA256
ecd401d3711f1dce0f9c1be691de314cd165c8333a5c1d0244214375e36f152e

SHA512
864b4463c3a5c9268c24233e0f872311b1427c8005a1585664eb2ac29fd0ae7fd902b7ef9d0ab9f5bd9b1583225985bf2319e4bfc55dfc40b03d668eee09c071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b3cd5e4894701b66c8551a435ee29ec2

SHA1
ac29ae9a2fc83b817e559ff6391d671122d34af4

SHA256
96f9e5444a3e9c3149465940f2254ba89befa89504edc3af41023a8e7a8c2640

SHA512
d3979c1b7d6d4d06b575e7adb7c6843224e826263272b1c3fbcad0ee8a2f3fba257ed12bc6ed60740fe815ea2fa1373749e8b63049a92d1a173340f81d9f9fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8bed19ca-1bb9-456d-8103-f9b9e40b66c3.tmp

Filesize
6KB

MD5
7b8b2b7c32ff45189c62052302c0d1da

SHA1
982ecb12204674eb3bd499c535f89845f09b9762

SHA256
928875b65dc74b92434d1b16f24b025186205d0d289ce4175b5ccbd9dcfcccf1

SHA512
d774c9dd06e9c09f26847dc85b9336f50c41b9c99df4b894bbe131005089883025ede5f63261efb9cdd92e79e6682f98a7c9f9a37d6379743c29a643682acb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
9b074f07266ca529d3e03706cf28bbb8

SHA1
9ea72f010095d3c8960e2c6b19325199386a816d

SHA256
a98f44e2c4b41f06a74b63031d067240800423a6bcc930e25c075847c12dd245

SHA512
88e40ccc8a94250bb18febf02f563b5044ccec040aceb65cd11bac8a17a729c6ad649113b4bc7504e69e3cba2768dafa41e70d2807119355fe80c46359ae30bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
47b867c4608aa35610d2ace20b08cf8d

SHA1
0ea7c64a0bb1529ed6f7854a013afc2a57a9fd41

SHA256
9cabf5120a754ae57e2cdafa98ac7509bc143006f2f3437f222d5ffee8eaeef7

SHA512
24e4370bc079d67617e94ce4fa81f52777f7e20f38d68354b9cfc70606e78e941e972dc702a6067153fac97563233d721474a37bcb1eac78efe0b8aee20cddd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3c96cd837285c60630c91ac62b15dee8

SHA1
ea63e8abc5fc050187e2ba94b78e6bc37fa97313

SHA256
01a1f89129371eada96faf05e1d968fd3234d0261869aac284793c97f47552bd

SHA512
8ed679bb6ece1c0dd26bfed5d1b13a995608357065e7c88b0e198689d59221226d1aa5c7c0470cc3233ee4b6075efa6836c6f66ab34a780a15087abe8dc96e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3ee69bc09c19be2bea50a36270284baf

SHA1
d948877ad52bdb4e6fb974db75a4f90236495419

SHA256
e115c2c7635d166fe0e6da60f3c33eff56caac724e010ce5a43acb44b555dc63

SHA512
3b771dd2faf65de94827484a5049a54115ddc410e6e2b11f79676cf9dcb7f0edcb7f5ff4063aeeb4918cec60a38f65297ba1ef4a3d0040ef4bd72ee886ce9666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b4cdf0b6a08e08e0da3d060757204c1a

SHA1
8ef510dffaab917c630219417b06d11eac2846fb

SHA256
99a615ea798404047d5f3073bf65f43b8f6894efb37082ebbcfe66962f0ad432

SHA512
9421e01c056e1c6b1777865df3d06447bd25f853c204b6479821bb9e2bce068a0f0937ae2b06c360b030694ac62292bba9938b5381946aad1aa28cf20d4cc12c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
921B

MD5
95a5c409fa8fd660f00681cf0a067aa7

SHA1
848037eee62899b08cbc746f569be6790c32e571

SHA256
126d690adf7aa7d9e326ffbdea7078cd1147ad7a6f334c6ae787695eb55896da

SHA512
4f65d397231eb84576241520d0d9f868340e2c67944d4224badc9e3ad1b6bb90e1b077801637b88d0aa501a30395cc7bde7324bb556151ba9329e0917687f89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7100b43f7c4dde52192b4991a17a0eaf

SHA1
1f50e0e173a0a9f154c0535c610ca4d179709a18

SHA256
67d3bb613e55031539c4f0a8d7ad61f6b31b2c52e8c4646886608966125f2590

SHA512
74ffe7d7873a6eace6f236f69a87d838e19c37d467a6681e7a59065af284f5c8296f4ca9f29fe8416c22aa6c7e2a096732a6cb5097211924fa605584a852b941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a3bef4a502c660c1ae81539e4949586d

SHA1
3b8d2670392624de177cdd44e9e42d4bbb84ec37

SHA256
4ffcadcc6e3f976200d2df2c00c0d314e4ec93ee4b9a253becd3d5a0f38af314

SHA512
6b30a44a2104194013011064220f72fabfab46bcf7218cd18ca4cdd798cc4f7bad6b95daa2105babc2ae3e80599a21a2f96b5ff133635889a4153fa225cb797d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0bdfc66ff50726afd6243635904ed279

SHA1
30aec4fc4e4ac23b737e994bce77e3f87065e2a1

SHA256
521c5f591feaa8e99da6d7390d5476674b77d9e0a790c495b5455ac9b82a84fc

SHA512
b6c50d5daa6b4bfba40909b0ab34152c3cdd80d5bfdf326a4fc658bdfe309e248d0a6e00c38536a5546f4be3f9b0e40e3eb195693c2e5928089c033e82ac7787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f5006b9a9b912ffa46589ea3eaa8fbfa

SHA1
1f861ba742873cda75b15e88e6fa13ca836978c2

SHA256
f83c3f73f9efeae3c9f2056281166ea87ed1c567d498b44a1f2973035210d056

SHA512
143fa3edf2cdc56a58c550c59e7cfee4ef7a02cb9a950d97a25cf3b0a1b0a23f9a7194c90d36e089e8f4684b0ba93859d14d86f53dc17026f71336d1246f0abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
07c5e764ac0bad30a511b9f60b338eab

SHA1
6060ce1ce9254ba566a71e8705b3abbb4a1dba09

SHA256
2fd3ebcdfb988e7e6683cf9d6208b63e2c688d05f105d83f3da644c19f202f0a

SHA512
6e7325eefc5ab409720704cbf15621536f461d2dc4162e6bf6fc85e86e11e238ce4180defe7e195f1fe621c51870c80d80429fb8b5707ff0a65eabcedb35ad21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94c521852d62eca96f99516328cc0a81

SHA1
c572efe593fa02a912e37330df0e0fec9a37f8b5

SHA256
98d999acfb98b8c2279a1149fcc2d042d597fd75819e7ddd9775a05529dc07eb

SHA512
af3a6f20727ff203f8e47b259ab244d54acb5b0be3ed62f606e2a3c5f0d3a667ec45538115241653eeba6f188c19f57edba9eed0760d7a7d39adcfc31f5215d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6440543e8eb30de7d055c1ef8b987040

SHA1
e0c1344c1c0f3930e0f64a1b6fde80f7801a5016

SHA256
c712dc45d2b562eb0755c3777c9899c74d1fda2f43772b36a1f87cbd2d4697ed

SHA512
a12b92372abc6c14a8eeeb9d3f6b3e3f65e4e2798834ec7f929a38e10597895f4c539201e6301ee1a3ce8f30355246ca0128367b54b0860d15b94cda62d4717a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0fdf8eaa75b118e28b87f7ebfb78e66

SHA1
a492f72a98b55d717febfa15bd3f4d74ac239c31

SHA256
e0722b86f27b94061be5f8d827d56389eb7f896649f1e31d85da7036261df44f

SHA512
f1922fe71bc83f6837ad4c816ac668388df11673358d6beb6ab9599f86fa64460f7aca0a879e7a3aa578528bcb60291717234302f986537700da948f5685dbfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1650f633202cb669fc0a6ec1bed524c1

SHA1
0798b0261456e355b6ac68410c3cf5470619fc3b

SHA256
e1239d92f88d125ccce658e569d65ba06017a762d9dd70d0e8285e8bdc24f467

SHA512
792ff3cf5dc7bbda9619261cd89eaaf2e1f2d2048708a9d8990f2a44dd72f50b64c2f8d5f822f4a7ed27d763ca43fc37ff40fed7c86692841ab84429ce56a331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0b95e7fe0e0ce9271fdcbf57150efa1

SHA1
0b1d8bd057d54f8d28c7ec82cff9eeeab04dbad5

SHA256
cd31566cf629fea5dc50b6a4ef21b8460ac1e9746468465540c16625fdba861d

SHA512
55003517d615c29ad82d6b6aacbd873d3c30cf89daf7b7933875b9fe0f2931a048fbc068a0c5e0aaffe774a67c3945b77e2e81341770338f06ab0faf5fd54e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2349cff96383ff325dda2cda36b4ea4b

SHA1
65d689f63e34c2a49ffdc9208a3f37039994f532

SHA256
32807e36f8c90909ba88da2148396ba68b09cb471483c222bee2a7dc802e780d

SHA512
621287efdcf4d46fb5482bde38764f06866bb27d5e9153daea64e701d9f571dab1bfcae16ea213cca842bde03fd8a611f805b03db472e52a012a76bb32f53752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
666bbb64b2e40ff9210840bd4219f134

SHA1
62a8e1deae4acf60895b51b4c0e9739025a8e542

SHA256
30e5d42bbd4ad1f854f1108e6c65cee5160f9866c7460db239b350e0563253c2

SHA512
d5c1f5727e504ca5c1c1e1a31f77fbd5f9b2d9166cadc697a7ddf482641cd9f5adb1bc5cd0463de8a6ecd5c84fdc14a0313cc27763aa561038a54d1b40f35aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5845795287b67e7698c675aff830c9ff

SHA1
477e0624a6a55e4d9a28cf1889cb97517b39d92b

SHA256
93fb405de98c94e2827721a672791023100934fec7b262223f10efe203e24307

SHA512
5d95c89e48bd7a049e5455bb42ba5b5950eb94eb9da49422695f1d99f55b31b05cbab5ba03b6ef70fdb69ce587ea5074bd29e0ad6208abf6068b97cf058b3f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590ecb.TMP

Filesize
367B

MD5
9b3517287a88ecfa7a501f2ea4b66b84

SHA1
7c4d178c81c2182042c19e99a293a923e6610abc

SHA256
9cd02eb76a84e9a8041ff9d295d74829a4cca4843c62a5ae578db9540822e35b

SHA512
3129c20d848f5c347fcb44efa682149c21324f28ef4b5c6a95b33876ed2f998f94723f17c5b273bf9542d0ae0470d0481dcd9403614cdb83ea0e5dfb8a6cfa86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e086f6f7d98925014b11e559b6a19174

SHA1
0894a57b818999f9175281b914eb5a85d9500263

SHA256
f4a04b80c1972ffa702c10b2299ab2524d487967e621d278c66094d0dd23c66f

SHA512
01b19e1e6cd616142461598ee25771c81921063a99e3cb7d93a4f3535b27e8dfd8326f7e02e247b3f9c7091d32dce942e3939ba20ab1bb12d0b563beadeeff8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9daa8212e1c2bdfd570aa50ef5d49255

SHA1
91c8f37a66891d0243cd17809fe851763c3a69c8

SHA256
2c977d4feeaaf540818bcf265519559e65f39869cdd4453b7e09eeb786b65d21

SHA512
5689da105c1ac4fd5b14804b1d94c81adc9631fe5f50d0609efe5ef20c4768c1edb4faf5fa8607e048b38d7c92d17719855021663e166e58fc11544864da15a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3a1af7c16a93d436fba513ea0f45d482

SHA1
c2e197359adbb69abd3b7de9bdeef94ebf2877ca

SHA256
5a1f3f7ac79b60bcb18c228f547cf990967f44f19ea4dc36eb4f161dd949fdba

SHA512
488a058c0496df99b551a296dbfb060a1487d764716e9bc48b97c041d9dd00461903c55d28a291840dfca797940512eb86e23f676c91731bff92c6ac5deccb83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
941a7b011583ca64c7b3ae35546c1649

SHA1
207d8dac4f888df4d2a740bbeed8bcc1f0fb53c3

SHA256
e39f70d3345ff4f21a1a59f60c66f4de3168d5cfbfb6ecd83acc39e9cabc16cd

SHA512
39d63444eaec7b34f3b3612bdb7d225fad43056d9085475c0c7570e68c00f160ac41428fad75d21b3088140f64328e2503fcb9cab3f53fb56d4395882262f2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyEventActivityStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9041-full.nupkg

Filesize
93.7MB

MD5
a21fe91ed2f33eadfa91b90e0d059e7f

SHA1
0aaca1dee7e20f7128a8ad80df591e226cd0f15c

SHA256
d2a8905caebf3eebd1dcd65e2355a9e7ee0907db1ecd76bf684d2d043f3c0529

SHA512
dc7ed2cc159a8730822278a42c72619ad5a11d69d922e8fe60f758a548890a8158f3b88467768e3bf6da274a2d76c5575821ba1c0ee01f0c199c11efdb6c6999

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
b71b21a55e4c2df7f59b859ad53df8ca

SHA1
7ada856dff2f674bcccf15631d52c6810566001a

SHA256
a7e593dc9d0650c80b1bf832f1f3e4e9dd90bbc1a72542b365b465fc2a9ab9ca

SHA512
162427d5d28c3d57a1ffc6868f7dec11477e449e65bccaaccab92bf51a20570974823cc2018b00b192ea90566a5de78ba9d86315ced63c0db2ee2b29beb96c56

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
fd988e2394d4059658b3d8a7e1cd8ab0

SHA1
69d723757a09037ad86315f50a108e9691639b8a

SHA256
a6fbc7feaacd4f26db275871e82adb6a211a0cadf8ef885a448f0a7dfabcbe36

SHA512
7533cfcb75e9a86020e958ed8a7bbb12a45fc9920a92b72bece6e81e1ceb22129eaec64489f2c76bacc37ef3bff1025d346c29cc1cfd4c912d867f47cfacdd66

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-15gkzu0.mcgr.jpg

Filesize
57KB

MD5
2366e347154312e9ff58119d8a26aecf

SHA1
cceced01181cbcf68936f0348c03ef8cd189bd37

SHA256
e6226fb30051dcb8873d9828b631042ed70794c497183107a626e2003828e3b7

SHA512
3b66073812c21beac759da9efc5eeb99731376fa9cf31de5b682f4b1e095772b2556865c4ce7a0ededc032b5167eb3ec1b6126517e0d7eea333a7ed5267045ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-162bw4n.0uc3.jpg

Filesize
92KB

MD5
eda683189d65f685274cc22d8c40882a

SHA1
7b2db615dd4843cfb04066e594a7cf8dc959be6c

SHA256
b1a9eb09488e0ea1b71e9b4a192f122c90024413da95115725daccec7086a71e

SHA512
135ffd535f0633efa33d7f5fa6f9677fec8d7b306a0958fd03f1c0ff109aafb1e4ed095557e6653caa15dd2afb5a7f174724a931c105c0c53c1c16edfb182ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-1839ibz.1dhfj.jpg

Filesize
64KB

MD5
d4c44fab69922fce4a69f474a1432875

SHA1
7b22fc3f9324e3677a3c3657d7f782454633b921

SHA256
e7f261a9235ad964b0388244423f4c55dd62708ec01c6ed8f3191f22009baa0b

SHA512
0c01430a924aa51ad6492eaaf9367db6bfdff52d7ee145f916f91119ce93ebb80919ba0dfffe41dfdd445c1a9e581627357a34636f30b35efb8c4d5bdd70c209

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ddtn9l.kuuw.jpg

Filesize
24KB

MD5
47ec0f9dcc495c8664b7b31ee5063878

SHA1
bc1dc59a974c94e6b46d49bce438d8e87572b1f4

SHA256
ba7304e021a1759a8667f9ea2e98833aa991fb6da32ca0181d34f087131e06e6

SHA512
47713351583c385be7e79b0bc5262ff46ec3723f7acbf365a533f6c7a3f5a9aab4c765ec58cf1d954a690f8a0e994e55446872968b8dc9fab9ff48a3d40c0720

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-1ohh5fi.v9ay.jpg

Filesize
24KB

MD5
71150432e53cb4203f969eb9b9adc92c

SHA1
e6d73d8b36788d139eb1ad2268b3ebec803a574c

SHA256
4b52ebf1705c397ed48017b3e6e39aefce6c235f32a33878fed297518e64d4e7

SHA512
c3dcbadb3f9a02db359d05ddf137ac8bdcfe8567cd889418e2d251b0be019d52cc9a26cd0d1d7c72fb44605718e5cb5cfaa334d64545fed46d70e5bde32aa1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-1smpte3.4n0x.jpg

Filesize
93KB

MD5
acca76ac7526919a0fe75ee2a811fbe7

SHA1
8e89b36b7cb6de0971c6932f1ff4fbc6596372bb

SHA256
f0dc4be6b56a6c74c933d5010db4f426848e8bdfdcb13cc260f5d5e566cc70eb

SHA512
9bdc6aeb5175d1393604cb2b8b7d6ea20c38de6f9bb5037b735aa14ee703a4bf55bd26d8db21e18409bba6caa2aea2f813b1a564b23f9f5285f872a94cd032bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-1vk0dlc.lsmci.jpg

Filesize
73KB

MD5
144a90b8446138974a57c39322eb32b5

SHA1
ed5f0dfbd1cab20bd8f04d86f06cfa9c23ab745e

SHA256
ca2beb5c20d66adf977c78b33b295b75cc786b08202e8ae069d228efce0f022c

SHA512
b407249053e8ec8581fa4c4e82a1799051774b873195b98247ecc6302db569faf5559743077b045ff03aa48287a8173df8408b550955f4d41d55fe8a2c8149ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-1vt9igd.ofzy.jpg

Filesize
83KB

MD5
87fa2b15de835b0cb39318590b88a89a

SHA1
dcff4e0262b4b24b529db2e51452b1d912dcf757

SHA256
1edb0c2dffc60faab5289e26342e448ab9440d802a8f25f6a4f404db0ece51fc

SHA512
42287ae6bb4d8d8614e29de9f078c97f54362e8b24a4b61fa30cf5c0d7658eac5e40dd9e4f657d7eda0db04762533681e66d6262ecb09c22fcde7c90b5de2bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-6m0d0g.wus7b.jpg

Filesize
69KB

MD5
db82a6c9bb7aa22b2f66185c66f420ff

SHA1
29c7ce69643d30cbd1f3ec7545297875ec9b65d9

SHA256
37d88fcb2cea18e884f5d174c7814222672529a6cb525e93373e99d34e90b2ce

SHA512
2be26c6779d2cca91fa31fdd36a0fe2c8cb5b2beb8df4fc55dd557a7f225010449cd72fbada8f72bee212d3e7a65aeadf98c032bf16d40e611cfbf6938e4d3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-6welky.795xr.jpg

Filesize
87KB

MD5
a2ae02f94852d895df7efd62637f0274

SHA1
08458eae3f33f8d8c5274d34a2ccdc547179afa2

SHA256
3d8f7149d9f97944b0572b4bb81f527194463d263463cf9d399039eefaf65b2b

SHA512
7ca7921a23dd4b8ff9d542c3365ce1712c0500077913894c3fad3a03b77e5fc10d3240a4870dd006b047eb7aa496065ca5683eadb8f5ab1f95f0f7559bba98fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-9quo2r.zjrsa.jpg

Filesize
85KB

MD5
caa1eeae36be22607c8ab2ecc457d46b

SHA1
6751535482871275cb854a8398d54a00fba67582

SHA256
121449f1e5348847bc663ea45eb15d9e71100adb0006291691c23cb8cacdd6ae

SHA512
f8717f4eb6b875f46c39f924d0c51a629d712d7987335e68b7fb4f7dc719beed5e687e5fbaf9466508988c0b7780c9e9339a30567629d22be043f452fce16f91

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-ngg8py.ckxbo.jpg

Filesize
78KB

MD5
e211b163e811b6a0f4155e3e6b8e38a3

SHA1
a28af3f8fe62f77026a94517af2b37d4ada92dfa

SHA256
52a1c28dc839e0b9c32f7bbd7d505ae65e32205ba894ea9c098708e859497896

SHA512
8757879d3cb9f7383916f2cdf899b22668d4497a2e9384bff028ea9eae3d60ad22942c68fb3f6497d459f47c6933b7428149e61115463dd2d701ff9d3a2698fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-wu74d9.zpp9r.jpg

Filesize
68KB

MD5
677a9913866ed24cc3f45b66766c278c

SHA1
d62b84d31361ba70c85e5821766e66abc4bf3d8f

SHA256
c919d4c9e0d2cb038fdefbd053bfbaf270e1925c826ed56522237ca80e5eeed4

SHA512
8aee8f0eaa62c71600f03856834c11596bc4421ce33a6c38b0fe611aa15b7c2b205562606136778c02d2631f9989fe4101240787ce8490e983d4358ce0738cdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-xjdqdw.6xbv.jpg

Filesize
57KB

MD5
386fccebfe23114da2a5207cc56fb234

SHA1
8b3e4eae4ba5bcb59a1b78e2d7a8742b40678622

SHA256
db1fc0785a15433b14451692cbb83d73dcc2808d1edb4e2770efa13390d32aed

SHA512
e2f15f19facc3450a9a358def23bf0c990788fbcc4da35e0c284624fb13d65e370309546d3a0bc8672235d0c3fd3f4a760964c816fbae0839941142a4db41832

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024315-3920-yl8sd.nxryw.jpg

Filesize
91KB

MD5
2776c0a34fc6bba34f2c5f41e6f7ca8f

SHA1
7d0badd1b05c67b39c16e5ba779df5f301f403de

SHA256
a5833ffbe7bc9690fd96c6a5f6088c68f4bc958ebb6fb835b4e551eace022ed0

SHA512
052976b64eedf20d32e26e8cbf239d4e8208b269f1968a0cd33bd474ccc2ab2f7052b89fce3a36be149dfd32a38974f4df1f2fe5986fa0e731f44373d7cba721

Download Submit
C:\Users\Admin\AppData\Local\Temp\2f93wCg5iNrZCbyTZcnM8I0tVpv\chrome_100_percent.pak

Filesize
138KB

MD5
9c1b859b611600201ccf898f1eff2476

SHA1
87d5d9a5fcc2496b48bb084fdf04331823dd1699

SHA256
53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b

SHA512
1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt

Filesize
240B

MD5
810ae82f863a5ffae14d3b3944252a4e

SHA1
5393e27113753191436b14f0cafa8acabcfe6b2a

SHA256
453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c

SHA512
2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112

Download Submit
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt

Filesize
231B

MD5
dec2be4f1ec3592cea668aa279e7cc9b

SHA1
327cf8ab0c895e10674e00ea7f437784bb11d718

SHA256
753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc

SHA512
81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\LICENSES.chromium.html

Filesize
5.2MB

MD5
df37c89638c65db9a4518b88e79350be

SHA1
6b9ba9fba54fb3aa1b938de218f549078924ac50

SHA256
dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463

SHA512
93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\UnityLibraryLinker.exe

Filesize
139.8MB

MD5
3f07334dc5144f7e22b4aca05223502b

SHA1
77d8ac3a2706a27ef4d93b84c855d145cf01c75d

SHA256
7d9ed7ca12f61c1095af46fb7d33dd66c437553eafa4c088a9d88c40a77e61fb

SHA512
bd9234a6969ffb121a5875c72e4dc446e6923d6944e7d7d7b6c989ba65c0bf96a352307d7b392a9bddb0eefa13bd4b83272b5fdd7ff184caebbf2b48cb2bcccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\chrome_200_percent.pak

Filesize
202KB

MD5
b51a78961b1dbb156343e6e024093d41

SHA1
51298bfe945a9645311169fc5bb64a2a1f20bc38

SHA256
4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9

SHA512
23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
12cb29b61007fd6cd166882635241038

SHA1
31bacefd2d7238fb5ac77f728bb39a27b400dbb0

SHA256
2e60bc5a05d3e98d12d2bd577d63b6dc77bd1b3734633259fcaf50fa3688ca9c

SHA512
cbfab7708a01fe47904facfdf9604025d6f1c680e40ada0b4c1b1ef35a4eab7de5de96c22d0491c6d202175d2c66693216efab6cfab73e316d466811d834b126

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\icudtl.dat

Filesize
9.8MB

MD5
599c39d9adb88686c4585b15fb745c0e

SHA1
2215eb6299aa18e87db21f686b08695a5199f4e2

SHA256
c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859

SHA512
16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\libEGL.dll

Filesize
437KB

MD5
979b72ca6e98fc7fdcfcc50d77906fb5

SHA1
dc4b874f495ed73c90b39feb566a48a081371c4b

SHA256
73d1f5880980a2ccb8e5a15e285a4a11fccd80754829e85aa9a3b8ffecf39dd9

SHA512
bd4d25a591d1c52d9a4a850a5bccbbf5ec8d174f5f093c0fd611a18af8d337b918464220a4f9591d03582aadf1c9cb392596a5449fb7d0a928889b0f65f8c619

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\libGLESv2.dll

Filesize
6.7MB

MD5
5300049a47fd88310ef94f9e37eeb247

SHA1
89672d16382a75781eeca002c850c17cfc46e851

SHA256
33863ea4047e4eaae8f24bfa3491bb809d4c3d44489ae2bbe5e3af9e5cc1fe50

SHA512
b38ef83cb40923654ae1efcdb8af63e1fb47f640a0cbeac350b97f24da1365da23d757cacef1f9e994ace0b076b4bc1408644347aec3c94995bb27d184a93c09

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\am.pak

Filesize
180KB

MD5
b319cd4192f5bd03bab4644ee51e4ebc

SHA1
49c52f43f542022a97d2ae18a56a266deb901496

SHA256
ab1d0f3bedb5806fa7268773b6193928cdb40e641d8563c14df1bf962434d5f2

SHA512
3fe8284422bb7de7f2e3e121b8657b7686586d597b4d453b2e38f119fd25bddd61c1218f22cc8e4bbf37f393411bb866c0d6c166207b5bbfeb45f5459e29e370

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\ar.pak

Filesize
185KB

MD5
d7eecfb7cc52b3dfb69d8047dc6aa12d

SHA1
fa5e4e98395c4bb14259c2e3c36fc84b55f0c3d5

SHA256
e38cd21fb917db4671ab331ee505948e109e2a0c6a2f3ad0e64d09863efb7df8

SHA512
2ebc6f7749e50bb3a9c27d2235be1478fc2d58a7b6f5c4cbbda09ad4f28ee3873881dda16ea668eeb63dd259a23ac68c73e4ab4295d51a22c36284d9c8667ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\bg.pak

Filesize
202KB

MD5
8448caa7a70f74dc0c6e453e7487bedb

SHA1
a7f67df94ee9532d26c6e6e827d61414f4516d0c

SHA256
19f49a247dfa1328799a1be9a556d940618ceefc04a5dfd813e5c023d086a41a

SHA512
337293839e64f514152c7558f2d1cbb301730675936ecfc11242d1346c9da535896dddaa8ad563a40303cdc8884f80af679c324b31325d40b7141a8738ab14bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\bn.pak

Filesize
261KB

MD5
124d35950327fec461c07dfb6dde72eb

SHA1
f3d7791dd6bdf88f65a62ec2e8170ee445b6a37a

SHA256
def934201f35a643c8b097be42fe86f2a08cef5523cb61e2d94cb33ae373f502

SHA512
05a993c9ba52083b8a7f0b3662eb8e4a873d23f309d334cb4e4088fa5e33d8503fdc6d19f247c4920cdd91a165995c514b2a061c26fc44f89e864516ffdde9b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\ca.pak

Filesize
126KB

MD5
90d8b16ace2fc684d0ddde0d71f64831

SHA1
ead7dbeffb3c102d3547c8c256135991b547ade9

SHA256
020350f4a902c79e0f1f5366e209b2c309ac51b6e72d9ccf51cdde2fab756e3e

SHA512
bfeec65e7c001d7a29c18e6bfc2b4c6688c828419d0e9823d524a7b35c24a3303c1cfb8f14a98d965d4ab41c5110842ec64cb7a2928309b0bd31291e85b168b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\cs.pak

Filesize
129KB

MD5
2c9e55ed46954a8eaa27105f3f074ca2

SHA1
bb4a36964cd1e8f140c9937586b5215fbd7a9632

SHA256
86f1847450d5c341893fa097fa6d4e0964963c0c2466a985d014dab0b65f34e6

SHA512
cf7141a3db9d44c0940e88ded1f326b5ca4031d18f8a8236b313c6a6c41289e9dfd12c3367181edcbd5425deb584b082df004bd6db0ca55a1da151703af575bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\da.pak

Filesize
117KB

MD5
66e780528890dc0f484a3d6938ac281a

SHA1
5f46f7915cf101b88d29213b457f37e24d5a083e

SHA256
e698945093c1f562d0e591c03d9670a9b01d0eaa56a2c80c1d12d91d88b7b407

SHA512
9cbc2b054bd3f9d39050a4a189fcf0127a43b9991ecdc9453679c53b38cf8a25138057648a756e01fc9b4825c009a8894ef68b94faca83cd35d268fb05556af1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\de.pak

Filesize
127KB

MD5
8e560e240bb79e453167f70409226619

SHA1
bde183d2191d42797a300f0c4cd83e1db278c928

SHA256
61c4a4b5c309128ba86a5345db04798be0680905543c6986f7b3cc4b1ba72729

SHA512
5564555eb203fe86e9630dc223e4012c7e3501d68554b6b7138a3c6064d39b868e7e2e0e8b994169e918e9c6f67066440b89c7ab10f48731a84fab84c2e7ff82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\el.pak

Filesize
223KB

MD5
b3724a4dcb17bd341da403acfdff0bf5

SHA1
05fc9eb29381f1befbafb937c564a87205779264

SHA256
0adb6e5173572ab4a3df5671cf053196f158294bc1e07275a7e6fb6d8da81b06

SHA512
3ccd57eb43840573bbd7e6d8b24028213acf58040b2795a975ca4750e4a9500d8af74bebac1b47f2d9b87204c68707d53b0d927c0aeac1fa1bfdb1c899e66f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\en-GB.pak

Filesize
102KB

MD5
05f7b55019ba0a9da84073cec0a954c3

SHA1
b46462fa8c614161ec42fa791e4ce3163c92ea8c

SHA256
a690e642a6b781efc3da2e8c83e554d6e8b9ae6ac34f6f0a4f327dd9ea7cb7f1

SHA512
30e93503db60b8c7a8dc902efa960583316cb83337eca102f0bdafc47d3b59ad5ea1eb99b5b9deb0ff66345d551485963e4c61ce555298880aafcd298057fd34

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\en-US.pak

Filesize
103KB

MD5
b58cb46758c6bc8fe4385ec2ce4e50b7

SHA1
34026e96e02220cea46a31c2319f695ca2e0a914

SHA256
e34c459684971971765943e8b5b2d1751b329a9502f0fd6649679823f725b8c3

SHA512
702384f9d6d77da08fc8c49a5f65957c56e363e1ad37f9d0611092d248db1f79636a6cf336e55669e002194f589f584b5663b4d77e54fa95e18f84eb4864d7f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\es-419.pak

Filesize
124KB

MD5
f9958dd6ce0ce1acea070bbf317b1160

SHA1
0dbc4020e505a053cdbe6a0a9506829498a8a25c

SHA256
ea868929f537d48e846f86020762c59c77a0ec67765c3af22e08fcc853f94c2e

SHA512
35a6e5fdff6b4e3a076eea70b7c551f1d303b4db4e63aabbbde54b4fefe40d750a03440bed7851f12750661ff8b87c5ce3382b0c71d0e171f729a7a82f968cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\es.pak

Filesize
126KB

MD5
09e0feb85585bb4a220a3ab3f21adb9b

SHA1
e564afb37d5f5305585ad1081a26b34ebee73ccf

SHA256
cf7ea140dceac78042e0d35da45a4fe732eb04e1d2b138bee4cc2dc5e7e9a0fa

SHA512
8317bd2b4f509edabac1a74ec32bcfd54b14598799537d90178ec349cd71fe967d5c677403c85e305a6f2e94722c20a83e65c0bdb29a6265c5355683856f4ade

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\et.pak

Filesize
113KB

MD5
3ca246cd997a68bb4a6daa8b3b81908d

SHA1
842bf5f6bdd29ccccb24ea412497acdb37a5f805

SHA256
25c1e1306160779466d8c039ea296db65d12dcf21d2ad794a36ab62b1a7901fe

SHA512
32135a0c29bf666833292b557634d4510c185f711d7ad8625e981811ea082dca0d1714f481c9c8ce8b3acefd18469093d48fc05bc0160ffb87d1e2b90f4cba1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\fa.pak

Filesize
179KB

MD5
46412682e8d0743714fc28a520aeb35d

SHA1
dc6bd723efd460a56d205bc199e3be4c98698ba4

SHA256
9861d5260b98b384603ef02e97dac0295fd255e550b57fd427bbef24b1cd7b17

SHA512
c77c5344c6a7af4035f865aa7e3a3aaab39b11c4a3bdd94aa99f15dbc6ec7cf4b6057ff48fd55e2ff41041728fecf80dcd488578dc1db249ab1b7598fa438f14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\fi.pak

Filesize
115KB

MD5
a3b5292c5e2e981dc4ce9504f638a542

SHA1
6cf480f3d7cb5df71bdd4089a1821f2eb2dacecc

SHA256
f4f2438a3810ccda4740442cdd964e43883cdeb820715cbd7be03cfa6b1e55ed

SHA512
6ed819896e2aa72d73bd2af731f7f714119fbe7d1fce5909d1a9d9ecb99c6369505e6d33f1f9ebadcb0da608f9aec365bc6cb5f6e22373d577cced7e317772c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\fil.pak

Filesize
129KB

MD5
7c3df3c13393e1b24e4e96f2b9082a6a

SHA1
caae1c99b589e14184e9f2c89f698a2558f4ec3c

SHA256
27196aee4a6248bee44ea2b5a3de90ccc2cd53f8ce1beeb796aa4d7e25bd43ae

SHA512
2d85d37d9560cd6ff460e32c3c569851ae28d794b5319ce74c010cad527c4004e54c993d5440bd22d6e51d86c4c4683f8db03c38abca4839a10e2efe46ae35e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\fr.pak

Filesize
135KB

MD5
a17cca5f1db7cedccda9c5a7784bebd0

SHA1
c5e0a0d24a14a535406886c00ad10d20638341b4

SHA256
e8da96855f7238a6ee3162b08d46e5ab84d98179dabf535060ef5fccdb36bc79

SHA512
0bb2217e44f1c8cd9e4cc2127454e1fd137c6fa101914bd230b9089d6317f599c9dfdddafe3d5cbc0fdc036e7b4f6e5cb528bddc572b5e26c8e0322f1a7d0b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\gu.pak

Filesize
252KB

MD5
10c1dc999bc7ab62e1f26b0497afa7bb

SHA1
68da1055b8acdf016b152a2f401322d3d76885b5

SHA256
b9690f3c550deb0827e409015abf3bcaab01c9acd33e96932e85ac84ff4c7831

SHA512
c10a956fdfab446b74f1dd2a169201f0b7ddc4ff1d7a635b9c81f07942ea0d34ea327e2e7f07e3a672ac85c8b8ce7a0e871d02946da4fb5e8e75713e56cbce61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\he.pak

Filesize
155KB

MD5
5db44f8dc63c819b0ae2a5458e36447f

SHA1
6b440ad4bdef6acd31ca8be5d085db26a49a209b

SHA256
bee5f133cc85f8ca280f9f41df6790aa65161fe8dac8dea7e26fc609240e84a1

SHA512
cd0d104597c5c926480443b5d1a16526ec0e48c3d6dca6233ec7cfa63f01f2f5674d9ac9a86a45b789a94fcb3b63aeaf92351bac2f4920a25dd8d4fcd1edce19

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\hi.pak

Filesize
260KB

MD5
815dfb3eeb9a69919ecf2562b6d4ad34

SHA1
2d0fb4c2a19b7a991974783b51b13c7b3610b686

SHA256
a480e95a5cf338a90f7d077e4147f45696db9ad6e8cae1765ccc5ef05fb48505

SHA512
0e6c8374ed7f6f3b523c2dd5455b598ab0650da8ce3a8243a1a42c6327db9a694947a508a90edf95685c84120cc73964a16c7ec49835ea398dcc6186d08ef1b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\hr.pak

Filesize
123KB

MD5
ebdf0ad52e9a0f8c8735614775ff5a94

SHA1
787feb9f703daa094814464b090aa5d36725e007

SHA256
b9c21e5187e8649157f5e49e014b8c285866ec839638344a31234b60a17e7d47

SHA512
e2853884687393fa2b0f8e4b27af5664c223fd5bb2862e5ef788f912771eb9d61e7ca1fc39f29ab679f49986b5a95b9da44727c69c99dfd3bb8ea2f4e974ada3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\hu.pak

Filesize
134KB

MD5
4b5fea4bd49738337ab10bb3f1e6bda4

SHA1
0f27220019e099b658a9c563995dc2b022fb1d68

SHA256
e526c9c9a8c4d27c432d3cc30766fbdec6c536b696a7ccb7e9376f0e55147b90

SHA512
4e271f8ca0028ff5b8a86e8610174739d2d2b7a267381562bbac3543d03f6895b3361c2f6fcfbcaea6f5aad1690e878ae0de5c905de12b213c2c5c396caafa66

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\id.pak

Filesize
111KB

MD5
39378b548f712608903ee8aa25db212d

SHA1
7f5a3466a4c8609c6bab7ed3dbc9fed52cfe1e62

SHA256
426a302448ec17e313724b38bda9ad4d5c031da48a1ed3690b547b51a06229a2

SHA512
7d2d823445316f5a63df286af2f1e28b90b8e3a04aabc835020b17f690d95f7ba2d0261876495345876cf826fc57dd0a9577e79af7e609adb8c71b8b4ff03550

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\it.pak

Filesize
124KB

MD5
5b03bfc915b62aceb06b9c670fb77e33

SHA1
9c88ef98dea5a7d7be8571354ad3c033033a40b8

SHA256
1f9a38c852c05577aba397c388b35037eec6b9d90593800b5b57bac437b42684

SHA512
b22c4db0b56c136e9263a15bb2a31a9213ac20321b189cb0572bd1f0b0b9989a7e698d94750d9c5d01557f4b247abf9a8cff1940bab03fdb737a8276d96ed1d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\ja.pak

Filesize
148KB

MD5
640bb80728453be0104566caeeb8eb82

SHA1
362b46036c58421f4b0f9b2f714b21e244aeee44

SHA256
1bfb337c19c9d04bc53df2d2eca6b73c11df33b6fd07a6a3fce5427ef0f38cd4

SHA512
1bd764ec56166ac59fd2acb1ac81140bab2ba7f326c0bbdc9cd30ff6246fcdd98e49310b0528fb0d8a9256ac06ca3e145a3906a1815dbe395d989443650f81b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\kn.pak

Filesize
286KB

MD5
5a599f47d2e2ff1aaf4c8ccf8bafd10c

SHA1
32aa52f2e90348725eb619187272e9c5a7396bd9

SHA256
e55425a4ab6425f60a9389e5c19dcd5bf437816ae09a21cd53750819040143d2

SHA512
7ecb69b70d5782e22ef9047fbfa29c0778e894c5cd987d33d65e68616ba2a42a133abe16f2af70aee4fdcb34c7e8e3d3bc3c556c754a010132610628516ad456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\ko.pak

Filesize
124KB

MD5
e2a95b73f9081efce223a180b7791c16

SHA1
addd6ac05707597b917ff9f7c3f7524be26df7ca

SHA256
afac9566a4e1fdb2be75faee46bf9182f81b85373d60cb583f1051b12d9719e9

SHA512
70eb91347c21f0e648e9fcf82ffbef5e3eeb6c0268f85fddc7ad4eaea2e22eadeab653476196240a75361505f40b0bdf8602b0f414faaa77354f0fe76ba4e09c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\lt.pak

Filesize
135KB

MD5
720c1b3c95e8613f2cd9e40f3d160ed6

SHA1
1ea62b51f1a2c80b92e3348de260032427a9c79f

SHA256
51027bfd566fa26cd561f9bbfd2b4a6d2e41e0ddd786b7338cecc43423b3e6d5

SHA512
32ad5243df09d642e058550d2ec58a8a8de00cc442da551c195958a95af7c82c4d2b63b27d474a065b0ced5680d3e005b2a36301d02fca09413e165089f47822

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\lv.pak

Filesize
134KB

MD5
fe9ff0063f35ba05d27cba720e2e69d5

SHA1
16a87c24f027eda9865df7090ac8023c7ae5b57b

SHA256
43bf3b7181b607d8769da6c2cf671e2a429439aee253dd774ab5bf5aa5fedde0

SHA512
794b1b87ca400798574be56cf8da9adef78f1f9f91dd42fb23e6355caf0455f8d982f2b3d9bc252673704375eb4ccf32d58ed1cbbadf8780590e5777ef41c035

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\ml.pak

Filesize
302KB

MD5
a66617706e80fd5ff8ab6ba8dadafef8

SHA1
3718d0afa1bff72ad7164e41cb46981811583422

SHA256
51b2c600046abfa5774b85665d4c882daa3c90bad5559185f9335ff61f04fede

SHA512
4de6fabef9db34791d0d165b5064e68ffa19630482219e4c72e6dc0f9e9e56b1941297862bb2e267cc02c3d3327193a233f642b11cf74e1892270721a2d7dc74

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\mr.pak

Filesize
248KB

MD5
da44d4ade4c258629118dbf534f0c2cb

SHA1
d93756c9d2d2db7755b4b7d47042a451435cca7d

SHA256
fcf1d938863cbc4d4a1d62de0eacbfd17fee4a0f5a9fcc09627bc22a98e268c4

SHA512
827c291ccfea31799e2fd48ee35aa179006a7bb3420c0346b5f1291abb4560f84b952a2bae820ef129ad77719edb16873328e7f0d030f9e2970e0c620fe59328

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\ms.pak

Filesize
115KB

MD5
63c4977a1e8f5ab37881705d084b47ca

SHA1
f716932d886b8a5441397dd6a8625cef88e85bcb

SHA256
8b18fef24ad28663e4dc5a5113a35111a78b848d70ea7fef4156ad75bdb4fea9

SHA512
3afd4f8db5a0880319b13009bcdc14892b8710b2ac91dea8641f1f632866ac564791f1d302e1208aeeb9977e613fefd6bc7c0a0fd5cb5d031a768362bc0d85ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\nb.pak

Filesize
114KB

MD5
23d5480b833f65f1f55cc3bbfbdf53c0

SHA1
639eff4556e4d6c879abf305176f23c014927042

SHA256
7ce821732e743c2da1f81527355226df11a21eec137940a034afeb34618c5daa

SHA512
b46b25a4dc294dab0f34e5ec733dfe7e1c73c6ce2817640a620e9a0c196292a7a4737f0f10806efba4d5831d5a2f0833925083983927b0d74cbc5c46e9c8b953

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\nl.pak

Filesize
118KB

MD5
6e404adeb945cb7952a8c4129e098759

SHA1
a870715beab03f3a53c74b5aac2f314b517184b3

SHA256
7531e450f725f7ac75ceaeceb09155786d367a4456f4e71e7523af9219748434

SHA512
30917740d923ca25fb9f3c32bca100d58388f5c6d3516a29f3a39d1ca8ab3e4058b271224c8b9554479d91718cca3dc1c9cb08b38b19ccc36a0d57ed0146ab70

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\pl.pak

Filesize
129KB

MD5
def25f809c246d15d8a2f41a78b504c9

SHA1
4462b50e5613b1519987584d974fa0efd1812ced

SHA256
165005f81f071a315d0c4183fb3bc899e464c4cbf2dc450ffa09ae6bb5d517d2

SHA512
e6f17d5426ba98348209a51632db0cfe19287baf3752948bd76acb77b7eca51aae905adf7c316b17cc44856231d034f044cc056b0e0f1ce3b4999dea29597cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\pt-BR.pak

Filesize
123KB

MD5
7b7bf21b01ccfb27af8cd37d738f1106

SHA1
da1db09ee88c005610ed08dcde1b2cd73bcebd84

SHA256
1feb01da1f443fee8ff01c3b585d8f0ebe6a5e242483cf6f0f93088e76913e76

SHA512
ea0bf1357616fd33b41c7189eafd2948324bbfdedb043974dcd0f78693fe868a4d37ee2c0e979d9795cad63cbe70fba0794641beece737886cf92bc29622e464

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\pt-PT.pak

Filesize
123KB

MD5
b7598cb8f05f465909ddb0045d60162e

SHA1
b794c944dd5287e550a3e46bc9a0584d3d753eb1

SHA256
c338f6de946cca52c457d236037cf1c9f13b6c73796b713f390524f321b401d6

SHA512
a53e9d6af760c4aebd418de134ba23ebc27076b02082e9eb1afb1bb7ec93a45ea22a4961c49023d7ca8b2d3aa99462ec35180797982a481ae823ac19b4b96f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\ro.pak

Filesize
126KB

MD5
1ab0cbe10cb7c3d5beadc7b04a881885

SHA1
eca1fe3842b4a1b070a0f9ba1a27fd3e6284ba80

SHA256
9a80b326b712debc0d6e9639b45352fed1c4a49ec37490b49b8506c636fd2947

SHA512
581e42422db7ead773990036ce49a5d2589f3af610604582a4820dcee1c37d2923fbace738a42cb8b87407915e1693bbca6a2234a0716c7c8d875ca30915289b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\ru.pak

Filesize
201KB

MD5
d269143626296c69906523810139e9af

SHA1
43abe13a4837892644774bf06eb89cafec49ac95

SHA256
b1bd2d1cc678784ab73a691d4a3dc876be78eee0a30661ac2666a9b8ab864ecf

SHA512
76b0cc1841dba7d4b4175b0c10d6c36c7f3e8ea4ad0b4e4c091391e2754913cb6c02f0285b73372d604a395b23995998090a0c68b607b4106226b7ac67ceff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\sk.pak

Filesize
131KB

MD5
3ee3730ba0f6894f2651e4e1be37a214

SHA1
3a3adb77fcb6d0514a221e6671d815a1cb7a2c35

SHA256
23c8d9722e0a2e22fbc8ae1bebb9cff456fe026c986a211565fa9398376e64af

SHA512
000928407693007645230ab593a6055e6005e6c2cb362057ce8a1915ad96030a03b134ee20e3197daac9920c69df188867d3c5a603a3e36c2eccb0bdcd549206

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\sl.pak

Filesize
124KB

MD5
c20064c5c0dae644ce4ccc0a2234c128

SHA1
a50411c1431ae1f4fac74a34f1716809a0623380

SHA256
576891a9a61b9cd50024e507e93d32476332977db8e29ef3d46427015d4d26e6

SHA512
04f979cfc813c6b1d3a5d9b3b306c415529a1fb72e415e2742ee25ccebf04bbe3abca91bd66aa3633a97a1383f3c4b915319b8d0b25c0ef6eb8c2e08312dc01e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\sr.pak

Filesize
190KB

MD5
0cf9aea120b76672d2b5e30e928459c5

SHA1
0219aaa5d84847fe86762baa82b7b8b301239c9d

SHA256
b6aeb180462d8f312762a419b45c910929e2322d45bbf2b84b0871ccf7838945

SHA512
e79a0800571ab7b64602db4941b689231edb20d65a89272b7dcae53426b7811791df8f6ef174c83680a6adf931efc3d47f133b971254c139e8b04953b8a10979

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\sv.pak

Filesize
114KB

MD5
007d56b78104f7e245f7c84f07949f25

SHA1
8e3104a8c26f8418f44e19640d9babcd68a640c1

SHA256
e6c9329d7184190a0282f6440dcad5531f9656514a37b7dcb5a510ef17f3793c

SHA512
30c492d48aff33af8a0290cbe29864ff5c7d46dc50f5c4c6d5c96e6aa273926840b28b78958070e1534038e66c0142ab65153d32d28b56fb5dca28844370a946

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\sw.pak

Filesize
118KB

MD5
89c5dce32ff87d5fb2b8e815f7e4cbab

SHA1
ca3138ea6103a5ba39e35c53e980b44c9889d386

SHA256
ca8d57f632880f7b736ef7f8c5f35ddc867e50919b1f7d835bae76f823ebed13

SHA512
9e3ded0e33f9441f31e95317ac6a7a140ee5c63bea8b1bf8c03952804fb6783e61e7971d5cbe1c698d3c4067233b78bf37099054fcfe38b091829f5435e6d435

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\ta.pak

Filesize
300KB

MD5
3dcd0523ccad674f2e93de57ad0082fe

SHA1
fd4a28ee288a1f33ee7260ae80df93aae9718039

SHA256
72ef4527f01018c90c583e48f37d20bfa684012bc00cb9ab5ffa3e222b9c7f3a

SHA512
2ec95b89051b019e98e6a1852e5e89e1c985a10998af1cb2603e5766698a2880355d8e6b959e60e9edb84354e99d0286708027c39a8add816c172ad1efe35b49

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\te.pak

Filesize
279KB

MD5
1eccb7be373fc3144ada2df9e493cc07

SHA1
eef3e05afdf910671a046cf90291c17731bdb378

SHA256
bd0a936ab62ab6ab172a192b7c082b824706f6b3d88580a6b6be32809354fc2a

SHA512
ea30d14fb7c2ad54263e12eb8469e6b058afb30448900b55d944aa87e266d735f2a04d2f29303087f2d13f379483d681285182e6ad2bb25bf36e311828e2a08f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\th.pak

Filesize
235KB

MD5
1a66feba0d44231b935d83a7f36a09a0

SHA1
3e674234b10350ebec218c904a9c90f3edd29711

SHA256
11fd04f3b33d09041d646d34e61fa15b96c12dbc62e229b64306356de6155cac

SHA512
b7617094a6d27670c0720dc5dade4a866ecdd68c45c1b9e6dfe1c3074dd1957bd7459210d111ef33727122666b24c2449cce9f3e903aae59dcbe438b38c8a021

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\tr.pak

Filesize
121KB

MD5
2bcae092530d06fba9b23492ac4a1d6a

SHA1
4114af7364210a4bcd10099911083de2abc25d40

SHA256
65105386d6b52445fdc7660648259b43a04849a05035d749858d9f64d4209836

SHA512
e87778246b98d87f2f29e2abb02290b829cdcb753fd9b184fec61b0523452e262527432b73a11eba86d547ffce2ce00b4180ae8367419e2174b825ed290345b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\uk.pak

Filesize
204KB

MD5
ba2462d8b3b975bb265bcce6a3410cf6

SHA1
3caba82b3e14350a33711db68d98e6d211ac9fe5

SHA256
1dc63c538f6b96cf4e70284c078a6e18f58f599db2a2ec594da23b244944c9cc

SHA512
a46441e2c97032928dfc19b178cd3261887b7076917a4fe829083151c8298703c3921001cd62c630b35504444f069973605b487c954623ce16682491fccb7d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\vi.pak

Filesize
144KB

MD5
806b7d282e74565b95264ebbe6794d48

SHA1
3aabe2d802283fb9b3ef43932c1b7638ef6a1053

SHA256
7b4bf97b78a07422359b709ea17d1d6aa038e12ec420cd0fc7dce4b313fe4af7

SHA512
7380b7a2b239932d1167f194f81a1c867983fe318a1e48d246470de0c94837edd6c0a641e06f888e36ff5041fc2a69d19cf1a46bef816d07fd3ecda42b84e524

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\zh-CN.pak

Filesize
105KB

MD5
c82a124cc6e87ad403a67007b9c1fdb0

SHA1
1d4f1c0a3cda7d4a75a0f4035bc6d2718102f09c

SHA256
f597245963ca7b42b2a7e5e80af5258972002fd4bcd3a21c875e4051df3eb1a9

SHA512
5e45df31658039144316299879b4f1de7eb157fb830d08e8d93d3ccc2e033b1f8e2f59d29e11785ac8346988d5ba2afc373c01bc4a58ba3cc4439d9aff1ada87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\locales\zh-TW.pak

Filesize
104KB

MD5
ad19e8ac7f2b5e5f67b9f5671299d19e

SHA1
4a6936a4971c2b9a414f40de3eb5dafe1b5b3e52

SHA256
e30d22153e0860246c8c37855a385471ad1e74e1eadf56476a1ea980f9204d86

SHA512
4f283deaad6ef0327baf7cdfef063293d27c1746431261553a6c7925832fe77c8017c6d11f36c5ec657ecd3b563099c9e35bd2cbe52c12ee734f4bef9bffe077

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\resources.pak

Filesize
4.8MB

MD5
2db0729cb0a452b13400e0ad97a46a8e

SHA1
2aaaa7e0e932e7b46958214cce81d60099cfc2a0

SHA256
af41c2d4484ee3b86b63bde75f150bf67f78a6257d91b397b6b15d47b041e177

SHA512
967bcac22315ecbe76c5a1cec4439523a92710791ea6112aedeb2d294419714e7aab5526f868898c6c2cb83886dc98c694dddd314766c2ae373f55f3529a65fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\resources\app.asar

Filesize
65.4MB

MD5
db35f35fc23eec378c92e258c5fd538c

SHA1
586a500300a8b13edf687acdbb5cf031f5ae6f6f

SHA256
2912d455163467bc13d8ac1b64fbb20998dbb995ee175e4694581be4f183f5d4

SHA512
73dbe2787c3a53f2a76c195c695fdfd13e6b093f7175f7b1014a69df746f69ed80246b7140e71a638207cd79640ee4780fc0a97a783e7ccb93fa4d8062706496

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

Filesize
350B

MD5
8951565428aa6644f1505edb592ab38f

SHA1
9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2

SHA256
8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83

SHA512
7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

Filesize
3KB

MD5
d226502c9bf2ae0a7f029bd7930be88e

SHA1
6be773fb30c7693b338f7c911b253e4f430c2f9b

SHA256
77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f

SHA512
93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

Filesize
13KB

MD5
da0f40d84d72ae3e9324ad9a040a2e58

SHA1
4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

SHA256
818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

SHA512
30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\snapshot_blob.bin

Filesize
342KB

MD5
19f1e25cc7c427dbfb519ce6dc2c7e64

SHA1
5578aa048412482650bb51b04ccbf038155f5c8b

SHA256
b6531c8ff3a288d00e4625cfc5019ccdac9cb8a53e723792616aace3b27f90c3

SHA512
ef07c82a8a3f36bc8492d0c0a964ee57c3bae3188c7c67eb555b9d117739b5a09e44183dbf9f2cf17ac386d7d777b62b534b2f55edec977c75ec3d6b5b535620

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\swiftshader\libEGL.dll

Filesize
450KB

MD5
2ffc36c5555a36a4f26c1aa7a8108b4a

SHA1
2ec38b17a0e9d5b0a4c397921aa4430607d32edc

SHA256
f8b8b96cc384171268cbd543d9486a97b2f2066d45ac118421ff974baf18d2e5

SHA512
0df87d336e223ade77eecaee88d8af2832f1cec3b5681699646e0be933b3f0acdb3765492e9d8fd713453dea2a7fd38d46c201c96313a06a484f23a78a716cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
3.0MB

MD5
41d3387761bbb79d4820e8d242561027

SHA1
27dfda8ce933af12578fb64f3171f40f56bace55

SHA256
ed005ae1d388e0256e9ae304933980897ec2cfa957ed5babab6ae2a5dcf5c5f5

SHA512
cc396d0c2a94c31b8a42697f456f74e8ede1ad1fbc7eb1e4983544166041ff878048f60af9b1525320770ee477c63d6c466746c2c33fd30bc2d7ec903f8af944

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\v8_context_snapshot.bin

Filesize
656KB

MD5
c384ae622a7a6c7ec328678af12922c2

SHA1
25165dcaf78d3d29a16e4f979370e0b009ede240

SHA256
977a027c50bd79e93ec015fbebaccfaaa8885b88c76f7e5a2c33337d6d5173c3

SHA512
d0571f5e18dcf14a591a76243d52094bb843b0779630f31cbb66fd738c1c35d10bb7ef751eb01a953305ee19f2777f4d3ca6f9b132199b2af357c0b03185d9a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\vk_swiftshader.dll

Filesize
4.4MB

MD5
37bba2c66e2364a5b3e6666864f3b604

SHA1
f2ecffd48760482ba055aa50cd78c5ac02d09ba2

SHA256
23e6927733549be11d506b862cc7148b7b08b50b4387837db522ec9380babc46

SHA512
6e7835fce0e988c997049796125b4f2ef83cb9c2e326edeb54d4bad77fa31bf4b4227aeb1db445d3ee21e6cb959d65310a1bbda2d14e567d4123cf6544a947ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\7z-out\vulkan-1.dll

Filesize
819KB

MD5
ad4a5dcf631afd553b4fed8a269c7897

SHA1
f1bded0b28ee8aed4a52a6d19d871eba4828e0f2

SHA256
3141825bfa3a8cecf8b59767e8b6ac41c20685932d6000b9c6cd0e40ddca12db

SHA512
8e01379201f2a907cff7f32dfbac6b1eb8ee014312755884b35e4065477d8a8069e3188086d7cced11d437b461211bca6abb6e582e98473883cf35faad41eae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc6517.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\screenCapture\CSCC932E39192C44644B2DECC68B543BA51.TMP

Filesize
1KB

MD5
a6f2d21624678f54a2abed46e9f3ab17

SHA1
a2a6f07684c79719007d434cbd1cd2164565734a

SHA256
ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344

SHA512
0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

Download Submit
C:\Users\Admin\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe

Filesize
12KB

MD5
de702185453de4c2660e7c462f75c024

SHA1
62fa2b9974dd5526a4875b2d1282c4a2e4f6cfa9

SHA256
a1d57f25f7840a3ecef997dac15b19fdbb51b091c0132d18eab1617ac5b9be03

SHA512
cdc4ce6c260aa50067ac660207873df78944fcba6d0bafdebff847541496e1ffc93a25d69fd9d200638745a4efd0823f2b92833afa1fabd6d528606ab7c8e3ed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Network\Network Persistent State

Filesize
484B

MD5
9ae817ada734cbbff7147f245e17fb3c

SHA1
e346cd913ee415193efb59f38fca454a55d91984

SHA256
07675d17d788ec73b40ae0d081aa36e32d4319f7c98ff2425a3ea5d9b326c4c9

SHA512
4e66e48081e2f8cda8ce0357507730bd96860367d13ec32f1f08d02dd4f2228cccc1370b1afc7c3041acdd1eb21b20b5252fa1d62251c7bfd10a242c3a771a99

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Network\Network Persistent State

Filesize
453B

MD5
3a30b7690adfb2795ce875c1b6f3c83f

SHA1
0892bbdef40a2217cb7daf6f6426431a6f433f3d

SHA256
bbd0029c99032d959ca544810305f3843f1f8259be37728494eeaf83fca3bc06

SHA512
3aeab90997542dde99682b529d2e89f620a87b516850c297cb51965a145162e740131b6fe2b223783e4c021bc99f12e6085a63d2420a14beaaf09c907cb4fde7

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Network\Network Persistent State

Filesize
484B

MD5
06a9e636dc2e6c6c741d6bd116fd3959

SHA1
4812b0c69cbe9e1d0266a9ba3643d59605d3ec28

SHA256
89767322711549ac86d8f5df942c1da16c40d60b23493b74e33fed1e3cf348d5

SHA512
039198512ef64779f0d6170a7be641b56774bb6ae0235debd315110fb538a87dda9cb4b783e0114938d42517baa0a6294a62eace35614850dc917754ca42c8ca

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Network\Network Persistent State~RFe6c0614.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Network\TransportSecurity

Filesize
203B

MD5
957dc1fa8e45ac8f5e9c502f1e065a21

SHA1
9b0995db8e498abe3c33c1336722fe2e3230a1a1

SHA256
0b7cffc2da102e2f02f4adb68c77757cf79ca0998a7311bb1b0a36627ef515d5

SHA512
d0134e0b62e655aae0d8bc2668d704207e9537221b6fbd6c8c9d42510a2dd8c7b5cd5f63d16234773f190bfcb152540e7601f195b25bb7c5e752e856542849de

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Network\TransportSecurity

Filesize
203B

MD5
537e90f16915cae3a3f21655dcc8450f

SHA1
aec69417e1b008e3e796f03b9b4877eac99af244

SHA256
3e0e16daddacba1eee5a29768ba4ea26c720b643fb417d082a9faa24f82258b4

SHA512
b7766d20957812a9998b8d8af711fe5831d616aafd6dc8c753099dea52cdc89cd8a8b86808fec8e1c7424f7000cad0e8cb4151c7e390e3786c7700596987bbfb

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Network\TransportSecurity

Filesize
201B

MD5
6bd4f289d0b4a3359988c5c542ef2b2f

SHA1
1285bf58016b7e7504492ae67ee98ad3f287ab2b

SHA256
be671e04e3bc9cc8905a036c3b2265c865cae19f217ca196c254c348d28187cf

SHA512
ec6219b35029fd1f345c3d3d30cad358180b26d13e15108a73ca892d968a1f9009ca3c10c241a1a4930ad5844fdd79a594bd45ad03e84826fe72e94ea6bbf1ae

Download Submit
C:\Users\Admin\AppData\Roaming\UnityLibraryLinker\Network\TransportSecurity~RFe6beba7.TMP

Filesize
203B

MD5
ce401af7eb06ca5a480c05f83be02da4

SHA1
1ed9e141eab7bbed1ffacced6d7ed6f06090fdaa

SHA256
a3b86aaa587f292527c7f21c4a15496c1575e414005c88445978f6b735d91710

SHA512
9a49a6740abc38c7f556e49b488dfd5e4cc9937e7168c8e17e27f10b7bb22c96b1bb1f937886a5035f328916b3fce3b8023212b05d465c9537bb9b0ffadbd23b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\76b76ad2-ed0e-4ed6-bbd6-271ecb92a8a7.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4f16a3603dedf4af1ab04f60c0bcea01

SHA1
2d0a71e35d771216f447e1aaa1e45c65376d6665

SHA256
9f2fd6566eb453476a75aef495d85476b422ab45cf586ef9eedcb34d3447de71

SHA512
053e3a5ce3bdf6735cb99ab36ff077cd3849a61648bc822ccff9303c2921a470be7e938c3e39dbfebec1a56351f3ef27844ef67f800e45a61b4bcae15a4dc55e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\82cbda76-e5f9-4a97-907d-ac1ec45ae9f7.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
565B

MD5
379b484e31f1d6a33181694ffc7108bd

SHA1
bfbeac8b9ed812c5fc78db5e4e8e840bcd611bc9

SHA256
20a30984d58f31fb54ccfa05cd0c747914413c3897710ccf297d99f1c73bb37d

SHA512
36670ebac398c9a7c88026d7b8116259add661c3efba52e0e02d415c6952cf0c8807acfc9220e8ca1049f8b4b51116cc6fa9f54471ffd5832a5ee65c053d0b42

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
596B

MD5
01a84de6680091a2eed5722276619146

SHA1
fe0466c1d97035aa86df11d187e96f25c06c53a0

SHA256
e1f1ace54c846e0d0f2edee2c1f68f68fcd646351abcfe50771a5af45f331b9d

SHA512
19d90e8a025fd80bedfa52b976454767d38c8a5c400ec194db0f6ab748c2fee2d5ec93e53a439b60d724112dec266028b3bb28c773c76e053921a4855127c604

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
d72abd4b1983920f62e2bba6ed8538ba

SHA1
c83b9f26d3bbba83703c60c76a304f4b2436a5fe

SHA256
6b45968bd1fcb30bcd802137914115a110366b298bb303dca25b361bcda7b4f5

SHA512
f12921dd09e3f0c685239ca39f6aac9451e35b756c87bcaa3a2d0f7ee54ec9c9e84f539b6c562b4e3e11de78860bae5362cbdb4e20f1d9b5ff508795c2947249

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
015204cb190e05021394336eca723043

SHA1
0238a03637e7b9d77ab2ed8aac03e2fd16474593

SHA256
e32786d1b722cf60534cf1abd41b017d1a27d9ae1f25528c5b5e7c258410b519

SHA512
0b671eff395ea68acd0a7d18e83d525e73753b7841ea5fffbbf2381fe7ac4b056e7be204dd0f175f89a6c743604d9a7f1bcb6622eb62d047e12a6e70c7ec86f4

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
522B

MD5
4af4bf7728acea369611ff1817d8beab

SHA1
d557a1c2e5a882538e798b80c0faae504baa1332

SHA256
75600f5e1163355559da0778f9f1d9fdb8e60e5118c48d1dba2c8cda2d4589c0

SHA512
0c4d9d568990cbb07bb1db8acf3d174f0a0e1596e3d16bbe3d4d9a4529c3efb6d76fbda86c9f4e15b7baa87f7065c566dbd92c0712a564d214b621503247d2cf

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
215de0e4fe3a0867f47d7cae963274a6

SHA1
10d36ccfd77598ebc8782795490630a2f7350ec6

SHA256
aac4337076a4e7bc33d7a51466011a60d53adf2dc61eff4dc4589fb325499e06

SHA512
7d1a70f92834afc14081878d4af9e5c95553ccf7506c7d621c2dd83f2ecc68c90f836bf07228223793d3e155acf0c168ab3808febd8c7206c33c6c6fdc51c745

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
522B

MD5
5a6c1b8cef8a819c0661f6463de2341f

SHA1
d8f79500120da73122dcdc7d261ec456b62e6ae8

SHA256
7c02a127eceeb7fe30e9143fc1608b747c781ad4e063170f20d9878e5d6abdba

SHA512
2cc6faba8fada7e95e189be7582ca1a750041588ea092f70188e797d2cd4425270846c49a63b95b5090e3b8ec5c59971c9e97dc55c71a3a9e2517f2580e2a2bb

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity~RFe6b4f86.TMP

Filesize
188B

MD5
452d593c629fe43be8a4160469037965

SHA1
a937424a49e3a8093db4181c768f8996a339dece

SHA256
075f596c34baa0b6ade5164ae3f3088ae2361a12ef4a6a7e4d01b125e80d43f3

SHA512
d3763ceb0a9384be875183e14c8469c14e0418ac55d05c7c583c07066270f8066a901f176e3d91cf64ab0d3969c1f03b81e2112b1d6da4d83f419b72a70dea98

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Preferences

Filesize
172B

MD5
b78b465fe0e06987b6af4be612956f2e

SHA1
e54eac4677a84903812b3b571c916a2a81ee5a53

SHA256
3275ed3fff0fad359a2ca22de15ce0c6a2bc38fbd7565123784acff7297f2683

SHA512
237274bf928922f2f7706c8c84ec74f140f1e381f50a693aa757405e9645b7e49fea29c7acd5a274cc0efa20310566f32c48baaee85f9ef38b0443ec4eba9bc5

Download Submit
C:\Users\Admin\Downloads\AmazingGame.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe

Filesize
94.6MB

MD5
3271ee796cb2c120bbf629e1a3efa0e7

SHA1
8ac997d812b6697be081c7705658337953eaf996

SHA256
29c0226a5ac5e77ad4ed5d892c9630656b368ab9a94a005a2c2db22a12cb12ba

SHA512
500071d66d6102b077b801e2b68290d38e12a6177995d7a4f7369967ac806555b5c8a1c19249d36ed19aa32b02d12aeec35523dbe2107afb7cb1f19e5feaf932

Download Submit
memory/1172-1549-0x00007FFAFCA50000-0x00007FFAFCA51000-memory.dmp

Filesize
4KB

Download
memory/1176-2625-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/1448-2739-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/2036-3758-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2036-3358-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2036-3756-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2036-3754-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2036-3757-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2036-3345-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2036-3364-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2036-3412-0x00007FFABB900000-0x00007FFABB910000-memory.dmp

Filesize
64KB

Download
memory/2036-3381-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2036-3356-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2036-3387-0x00007FFABB900000-0x00007FFABB910000-memory.dmp

Filesize
64KB

Download
memory/2080-863-0x00000000738B0000-0x0000000074061000-memory.dmp

Filesize
7.7MB

Download
memory/2080-864-0x0000000005610000-0x0000000005620000-memory.dmp

Filesize
64KB

Download
memory/2080-866-0x00000000738B0000-0x0000000074061000-memory.dmp

Filesize
7.7MB

Download
memory/2316-1691-0x000000000EC60000-0x000000000EC61000-memory.dmp

Filesize
4KB

Download
memory/2316-1687-0x000000000EC60000-0x000000000EC61000-memory.dmp

Filesize
4KB

Download
memory/2316-1685-0x000000000EC60000-0x000000000EC61000-memory.dmp

Filesize
4KB

Download
memory/2316-1689-0x000000000EC60000-0x000000000EC61000-memory.dmp

Filesize
4KB

Download
memory/2316-1693-0x000000000EC60000-0x000000000EC61000-memory.dmp

Filesize
4KB

Download
memory/2316-1695-0x000000000EC60000-0x000000000EC61000-memory.dmp

Filesize
4KB

Download
memory/2316-1702-0x000000000EC60000-0x000000000EC61000-memory.dmp

Filesize
4KB

Download
memory/2592-500-0x00000000738B0000-0x0000000074061000-memory.dmp

Filesize
7.7MB

Download
memory/2592-819-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/2592-501-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/2592-499-0x00000000009C0000-0x0000000000B36000-memory.dmp

Filesize
1.5MB

Download
memory/2592-818-0x00000000738B0000-0x0000000074061000-memory.dmp

Filesize
7.7MB

Download
memory/2592-514-0x0000000007B70000-0x0000000007B78000-memory.dmp

Filesize
32KB

Download
memory/2592-516-0x0000000007BC0000-0x0000000007BCE000-memory.dmp

Filesize
56KB

Download
memory/2592-515-0x0000000007BF0000-0x0000000007C28000-memory.dmp

Filesize
224KB

Download
memory/2592-1638-0x00000000738B0000-0x0000000074061000-memory.dmp

Filesize
7.7MB

Download
memory/2592-1633-0x0000000007C30000-0x0000000007CC2000-memory.dmp

Filesize
584KB

Download
memory/2660-861-0x00007FFAFC990000-0x00007FFAFCA4D000-memory.dmp

Filesize
756KB

Download
memory/2660-830-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-825-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2660-829-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-831-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-832-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-833-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-834-0x00007FFABB900000-0x00007FFABB910000-memory.dmp

Filesize
64KB

Download
memory/2660-835-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-836-0x00007FFAFC990000-0x00007FFAFCA4D000-memory.dmp

Filesize
756KB

Download
memory/2660-837-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-820-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2660-838-0x00007FFABB900000-0x00007FFABB910000-memory.dmp

Filesize
64KB

Download
memory/2660-856-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2660-859-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2660-821-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2660-822-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-824-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-823-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2660-858-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2660-857-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2660-860-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-826-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-827-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/2660-828-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2660-862-0x00007FFAFE120000-0x00007FFAFE329000-memory.dmp

Filesize
2.0MB

Download
memory/2944-1710-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1688-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1671-0x000000000EB30000-0x000000000EB31000-memory.dmp

Filesize
4KB

Download
memory/2944-1670-0x000000000EB30000-0x000000000EB31000-memory.dmp

Filesize
4KB

Download
memory/2944-1672-0x000000000EB30000-0x000000000EB31000-memory.dmp

Filesize
4KB

Download
memory/2944-1711-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1712-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1686-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1709-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1708-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1707-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1706-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1703-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1705-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1704-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1701-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1694-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1692-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/2944-1690-0x000000000EDA0000-0x000000000EDA1000-memory.dmp

Filesize
4KB

Download
memory/3412-794-0x00000000738B0000-0x0000000074061000-memory.dmp

Filesize
7.7MB

Download
memory/3412-733-0x00000000738B0000-0x0000000074061000-memory.dmp

Filesize
7.7MB

Download
memory/3412-736-0x0000000004C70000-0x0000000004C80000-memory.dmp

Filesize
64KB

Download
memory/3412-751-0x0000000004B90000-0x0000000004BB0000-memory.dmp

Filesize
128KB

Download
memory/3524-2636-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/3552-2591-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/3624-2590-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/3624-2630-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/4560-2599-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/4904-2631-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/5148-2775-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/5148-2759-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/5352-2600-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/5352-2568-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/5352-2528-0x0000000000F90000-0x0000000000F9A000-memory.dmp

Filesize
40KB

Download
memory/5416-2594-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/5512-2776-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/5536-2628-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/6084-2650-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/6084-2664-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/6208-2691-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/6572-3827-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/6572-3831-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/6572-3834-0x00007FFABB900000-0x00007FFABB910000-memory.dmp

Filesize
64KB

Download
memory/6572-3837-0x00007FFABB900000-0x00007FFABB910000-memory.dmp

Filesize
64KB

Download
memory/6572-3830-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/6572-3828-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/6572-3829-0x00007FFABE1B0000-0x00007FFABE1C0000-memory.dmp

Filesize
64KB

Download
memory/6672-2702-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/6712-2670-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/6792-2710-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/6844-2680-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/6868-2681-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/6868-2711-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/7108-2663-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/7132-2692-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/7644-2715-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/7804-2768-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/7908-2734-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/8084-2772-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download
memory/8144-2763-0x00007FFAD86C0000-0x00007FFAD9182000-memory.dmp

Filesize
10.8MB

Download